For the last several months, my two-year old forum was continuously receiving spam user registrations and spam posts. I had to delete 13,000+ users and a lot of posts to clean up my forum. Of course, I know I had my fair share of faults since I'm always two or three months late before I upgrade to the latest patch or release. But what amazes me most was that after I've upgraded my forum software to the latest version and opened it to the public again, a new spam user was able to register in the forum, which surprised me – a lot.
So I thought of the things that might have affected the influx of spammers on my board. Is it my VPS? I have a WHMCS installation on the same server I am using for almost a year already but I barely get an illegitimate user. Even my public accessible support ticket system does not get any spam messages compared to my members-only forum. My VPS should be out of my list then. Is it MyBB itself? Maybe. But MyBB has been working wonders for me in the past year. Why is it now that the problem popped up? Since this is a large system, which part of it is flawed? I checked my settings and tightened my user registration settings. But to no avail, spammers can still pass through. Since they can't post random messages on my board without passing the registration page, maybe there is something wrong with that gate. I double checked what security measures does MyBB have for user registration. For the 1.6.5 version, you can change your captcha to ReCaptcha and get a hidden code. The hidden code did not do anything to stop my problem but converting to ReCaptcha solved it.
By further investigating the problem, those spammers are not real people but bots. When I checked the online guests list, those bots do unusual random activities on the forum that my forum members won't do for long without logging-in first, and their IP blocks are similar to those I have deleted before. For some unknown reason, they were able to bypass MyBB's default captcha system. I have not done anything to know the reasons how and why. I just know that I couldn't trust the default captcha anymore. Is MyBB's captcha really flawed?
Add new comment