That solution is easily circumvented. A more robust solution is something similar to what we did with ExpressionEngine which creates a unique id for each form that has to be present when the form is submitted. This allows us to force a page load and that certain information be present like IP and UserAgent.
I’d just be happy with finding out how they are submitting an apparently blank signature. That and tracking them down and putting them out of our misery.
I have the same registration on mine (ovvwasd@mail.ru) still pending.
I also have pending -
Name: hepcdk
Username: slrdvt
Email: qwe1234qwe1@mail.ru
And this one was activated -
Name: jatnnv
Username: derjek
Email: ueukm06@mail.ru
What is the point? Comments are not a feature of my site and they don’t seem to want to post in the forum. The worst case was the 41 registrations with the dodgy URLs.
Have they perhaps found a way to send out spam that requires a registration? I don’t see anything untoward in my server logs. Just a thought.
Hm, I just got a registration from this fellow on my old pMachine Pro based site as well. However, s/he put in a signature each time, so I wonder if there is something particular about giovanni’s set up that is allowing the spammer to put in nothing.
As for why this spammer is doing this, it just might be a way to get their name out there and to put URLs in member lists. I think what I can do is actually just block any email addresses with that domain name.
Hi paul… as i recall the spammer seems to be in most cases registering twice. once with a format of:
Name: jatnnvetc
Username: dferwetc
Email: ueukm06@mail.ru
and then again with SIGNATURE blank. next time s/he tries it i will forward the info.
so far today…nada.
To block that specific email address, all I did is open up member.fns.php and add a conditional during the data check to see if ‘mail.ru’ was part of the email address. Who wants to test?
Just to play devil’s advocate here… there are legitimate people who use that domain, too. As a good example, the user who created the Russian Language Pack uses that domain.
Just to play devil’s advocate here… there are legitimate people who use that domain, too. As a good example, the user who created the Russian Language Pack uses that domain.
Bugger. So blocking the domain is out of the question. Better start looking at the membership approval hack then.
Isn’t it time for an update to pM that takes this feature into account?
best way to prevent this kind of thing is to make it harder for spammers by blocking IP addresses
How about this then. There is already the ability to delete a comment directly from the email that is generated when a new comment is posted. Is it possible to add another link that reads “Delete comment AND ban IP of user?” which would allow an admin to simply click one link to delete and ban? As it is, I have to collect all 20 IPs each morning when I ge tup, add them manually to the ban list. And int he meantime the links remain on my site.
I just got two “new members” registered in the past two weeks too. Both are from “mail.ru” domains (which are notorious for hackers.. I guess they don’t have very strict rules for what users can do) and both used the same IP addresses listed above in this thread:
- 64.237.57.150
- 66.199.238.21
I’ve blocked both IPs and deleted the users before they were able to do any damage (my settings require new members to be approved). I’d like to block a range of addresses, but it might not really help either.
You can do a WhoIs search on IPs at SamSpade.org but I have no idea what to do with the info from the search. :( Is it worth reporting them?
