Spam problems

  • However, before I would consider putting their code in my .htaccess file, I would be interested in comments from the Woltlab Developers -


    Alexander Ebert, et el - have any of you read this; and what do you think about this approach to control spammers?

    It would be nice to get any reaction on their part. (Sorry, I'm in a bad mood as I again had to remove spammers from my forum this morning) :(


    Anyway, I have to approve registrations now so that I can at least check the users manually before they can post anything on the forum. Not really the solution I would like, but as there's no reaction from the woltlab team, I have to work with what I've got.

  • It would be nice to get any reaction on their part. (Sorry, I'm in a bad mood as I again had to remove spammers from my forum this morning) :(


    Anyway, I have to approve registrations now so that I can at least check the users manually before they can post anything on the forum. Not really the solution I would like, but as there's no reaction from the woltlab team, I have to work with what I've got.

    When I started out with my Forum, I had set the "registrations" as you presently have.

    However I decided to take a chance and change the Registration Settings to "verified email"; which is what I still have.


    My problem hasn't been nearly so much with spammers flooding my Forum Categories / Posts as it has been with Spammers pointing

    to my Domain Name (ttttforum.com) and leaving me with an "explosion of visitors" - of which there still is a "count" of over 2,000 in

    "statistics" showing on my website / forum; but nevertheless such activity is annoying - and it could get serious if these Bots and Spammers

    rack up enough Bandwidth use to require me upgrading to a higher Tier of Hosting Service. Thankfully so far there has not been a need for

    going to a higher Tier of Hosting Service; eventually I will have to though when I add a full, real time, Audio / Video Chat to my website / forum.


    But perhaps even more disturbing (at least for the moment) is that the Woltlab Team has so far remained silent on this issue.

  • However I decided to take a chance and change the Registration Settings to "verified email"; which is what I still have.

    Was the case. You had to verify your registration via an e-mail. Didn't help. Now I have set the registration so that I need to approve them manually. Quite cumbersome and NOT what I had in mind when I bought this CMS.


    But perhaps even more disturbing (at least for the moment) is that the Woltlab Team has so far remained silent on this issue.

    100% agree. I'm getting the impression that selling the CMS is more important than supporting it. :(

  • To use this plugin you need to register with KeyCAPCHA and it seems their version is for 3.1 only. Further, it's a subscription based plugin and the more you pay, the more features you unlock.

    It's unclear to me what SoftCrearR plugin actually does, except refer the user to KeyCAPTCHA for the private key and purchase.

    What would be good is a plugin in addition to reCAPTCHA where a security question/s could be asked. What is the capital of France? For example.

    When I used SMF I added security questions and the spam stopped stone dead.

    Very poor security plugin support for WoltLab in my opinion.

  • Keycaptcha is free in the basic version.

    Spam is not a security problem.

    Captchas and security questions don't prevent spam.

    I'm a layman, IE not a developer and I would disagree through my experience with other forum software, in this case SMF.

    As I said earlier, once I had added two security questions in addition to a key captcha (words and letters), the spam went away completely, which pretty much refutes your assertion that Captchas and security questions don't prevent spam.

    And yes, spam IS a security problem as it is capable of bringing down a forum in extreme cases.

    You post a link for your plugin which does nothing at all and is supposedly compatible with WSC 3.0 and we then have to go to keyCaptcha to download their plugin, which is not even mentioned on your website, IE promoting someone else's product. You should be more clear about this.

    Perhaps you should be more proactive in providing a solution instead.


  • Splinter even if they arent registering on your forums they are still attempting to reach your server could be at an very high intensity. Burning up your bandwidth.


    My Hetzner server in germany was a fresh install and between that and about 20 minutes there where about 17,000 failed root logins.


    There are human or bots always attempting to exploit your server at all times. You need to install a Honeypot API and captchas etc. Report the ip addresss automatically so you can help get them people prevented in the future.

  • My Hetzner server in germany was a fresh install and between that and about 20 minutes there where about 17,000 failed root logins.

    Wow, you must've received an attractive IP address :D I also get a few failed logins every few minutes on a Hetzner server but 17k in 20 minutes on a fresh server is really much... I assume you are talking about SSH?

  • That isn't no joke. I only use the server for a Plex Media Server, and since I disabled root logins, and added sudoer ability to my other account. Its all fine and dandy.


    But regardless, there are constantly bots or users trying to force login to root accounts everywhere.

  • Marcel Werk

    Set the Label from Planned to Implemented