Jamroom Support: View topic

emdiamond · Posted: 11/15/11 22:32

Ok, for those that are getting buried in spam right now. I noticed all the spam I am getting has a hotmail address. I just blocked all mail from hotmail and for now the spam is blocked.

We need to get a fix for this. DOn't know if we need to change the sign up captcha or not????

Paul · Jamroom Team

How did you block the hotmail signup emails?
Thanks
Pa

_________________
Paul Asher
Jamroom Network Team Member: http://www.jamroom.net
Priority Support: http://www.jamroom.net/Support_Center

speedbunny · Posted: 11/16/11 06:42

600 new users created overnight....

The way to prevent Hotmail from signing up is to go:

Admin Options -> System Tools -> Banned Email Addresses

And add hotmail.com as a banned email address.

Not ideal, but a makeshift solution until the spammers realise they're not getting anywhere.

_________________
http://rockaffairs.com <- My Jamroom site!
http://ownersabroad.org <- My holiday site!
http://vapers.co.uk <- My e-cig site!

Er, yeah, I'll stop that now, I have about 50 more.... (heads over to the soda machine...)

Last edited by speedbunny on 11/16/11 06:59; edited 2 times in total

Paul · Jamroom Team

Thanks SB - I'd forgot about that tool.
Working so far with hotmail, though I've just had a spammer with yahoo.co.uk email Sad

Pa

_________________
Paul Asher
Jamroom Network Team Member: http://www.jamroom.net
Priority Support: http://www.jamroom.net/Support_Center

speedbunny · Posted: 11/16/11 06:59

Grrrr

1110 curtwood615 curtwood615@dogtrainingmagic.info 15/11/11 22:36:24 n/a
1112 Artist Account benitoburch1229 tab30@diamond-wedding-bands.net benitoburch1229 16/11/11 13:39:20
1113 Artist Account CristineScheid76 join@htcdesirehdreview.co.uk CristineScheid76 16/11/11 13:45:28
1114 Artist Account gailfitzpatr25 gailfitzpatr25@yahoo.co.uk

_________________
http://rockaffairs.com <- My Jamroom site!
http://ownersabroad.org <- My holiday site!
http://vapers.co.uk <- My e-cig site!

Er, yeah, I'll stop that now, I have about 50 more.... (heads over to the soda machine...)

emdiamond · Posted: 11/16/11 07:29

Ok, Now we are getting our pending users file filled.

Does anyone have away to clear all pending users. I hate to do it but right now we are under attack and 99% of the users are junk.

I think worse case it can be done in the database. If so what table has ]pending users in it that would need to be cleared?

Paul · Jamroom Team

Yes, I'm getting a few other than hotmail as well, and I have 100s of pending users.
The real issue here is that several of us are under serious attack and Brian/Kyle have to tell us how to fix it asap.
We can worry about cleaning up the DB after.
Pa

_________________
Paul Asher
Jamroom Network Team Member: http://www.jamroom.net
Priority Support: http://www.jamroom.net/Support_Center

jamesd116 · Posted: 11/16/11 10:10

banning domain names is not going to help the site though alot of people use hotmail gmail yahoo etc alot o f artists do have thier own domain name but most i have seen still use gmail

_________________
One day the court system will learn that a childs mother is not the only option...... Question is will it be too late by that time...

Brian · Jamroom Team

There's basically 2 ways that a spammer can signup for your site:

There is an actual person sitting at a computer signing up for your site with the intention of spamming - since this is a "real" person there's nothing that can be done as far as Jamroom is concerned, since Jamroom has no way to determine the "intentions" of a user - i.e. it cannot tell a legitimate user from a spammer.
There is a program (i.e. a "spam bot") that has broken Jamroom's CAPTCHA, and allows rapid signups without a user having to actually enter anything. Based on the reports, it sounds like this is the likely case.

So there are basically 2 things that can be done to help:

Switch to using ReCaptcha. Jamroom supports using Recaptcha in place of the built in captcha. You need to go here:

http://www.google.com/recaptcha

and click on the "use recpatcha on your site" button - fill in the form and you will be given some unique ID values for your site. Go into Jamroom Tools -> Advanced Settings and set the following 2 keys:

jr_recaptcha_private_key
jr_recaptcha_public_key

to the values you received on the Recaptcha site. Reset your template cache and you should see Recaptcha in place of Jamroom's captcha. If you continue to receive spammer signups AFTER doing this, then it means it is not a bot signing up, but a real user and you'll need to manually delete accounts.
Modify the Captcha settings in the jamroom/include/captcha/php-captcha.inc.php file - you'll see the variables at the top of the file that control the appearance of the captcha image. This may or may not work depending on how sophisticated the image detection is on the spammers end.

Hope this helps!

- Brian

_________________
Make sure and check out:
* The Jamroom FAQ
* The Jamroom Documentation

ktb1025 · Posted: 11/16/11 10:30

For what it's worth we use recaptcha and since we started using it, it has significantly reduced bot based signups. I still get 2-5 manual spam sign ups a week but I purge them as soon as I see them in the incoming mail folder.

_________________
Kevin Burns
TheTalentFarm.com
LIVE WEBCAST VENUE
Home of TTF-TV!!!

Bloodcrave · Posted: 11/16/11 10:58

I use reCaptcha since JR supports it and I never had a spam user yet.
But recaptcha is not supported in all modules yet.

Paul · Jamroom Team

Recaptcha seems to be keeping the spammers at bay, for the moment.

I'm doing the following to tidy the site up a bit -

Create a member quota call "Spammers Quota". Make a note of its ID.
Set Quota Prune Days to 1
Disable all the Spammer Quota features, particularly ranking and search enables.

Go into phpMyAdmin and run the following query -

CREATE FUNCTION IsNumeric (sIn varchar(1024)) RETURNS tinyint
RETURN sIn REGEXP '^(-|\\+){0,1}([0-9]+\\.[0-9]*|[0-9]*\\.[0-9]+|[0-9]+)$';

This creates a function needed next.

Run this query to list probable spammers -

SELECT u.user_nickname,u.user_emailadr
FROM jamroom_band_info i
LEFT JOIN jamroom_user u ON u.user_band_id = i.band_id
WHERE u.user_created = u.user_updated
AND i.band_message_count <= 1
AND i.band_quota = '-1'
AND ISNUMERIC(SUBSTR( user_nickname , -1 ))
ORDER BY i.band_id DESC

Have a look through the list and satisfy yourself that they (mostly) all are spammers.

Run this query to move them all to the Spammers Quota but first change the quota ID (bold) to your Spammer Quota ID -

UPDATE jamroom_band_info i
LEFT JOIN jamroom_user u ON u.user_band_id = i.band_id
SET i.band_quota = '-3'
WHERE u.user_created = u.user_updated
AND i.band_message_count <= 1
AND i.band_quota = '-1'
AND ISNUMERIC(SUBSTR( user_nickname , -1 ))

Hopefully Jamroom will do the rest in a day or two.

This doesn't guarantee to get them all, of course, but should get most of the current batch.

Might be a good idea to backup the band_info table first.
hth
Pa

_________________
Paul Asher
Jamroom Network Team Member: http://www.jamroom.net
Priority Support: http://www.jamroom.net/Support_Center

Douglas · Jamroom Team

I've done this for my site, however I still see the " enter the validation code from the image:" text and form field, even though the new reCaptcha image is showing.

Is there something else we need to do?

Thanks,
Douglas

_________________
Douglas Hackney
Jamroom Network Team Member: http://www.jamroom.net
Priority Support: http://www.jamroom.net/Support_Center

Bloodcrave · Posted: 11/16/11 15:36

I have the same issue as doug, but only with modules. It works fine on the JR files with me

iLoveHouseMusic · Posted: 11/16/11 15:55

Where is the normal "captcha" enabled in JR? is that global or at a quota level?