No announcement yet.

Banned Users Breaking In

  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] Banned Users Breaking In

    I just converted from an old BBS to vBulletin 4.1 less than a week ago and within 2 days we were being hit with a rash of bogus users getting into the system. We have enabled CAPTCHA, email verification and Moderator Approval and yet they create new User IDs without any Moderator Approval happening. We have banned their IP addresses (which appear to trace back to China) and they still get in. We have banned their User IDs and they still get in with the banned IDs.

    We are running on a major web hosting company in the US that we have used for 10 years under Linux. We never had these problems with our old BBS.

    How is this possible? How do we lock this system down?

  • #2
    I can't help you but I suggest you turn your vBulletin offline or disable registrations until you can locate the issue!


    • #3
      Found how it happened.

      I discovered a large number of bogus "sleeper" accounts that had been set up on the old BBS. The impex import brought them across, IDs and passwords, into the new BBS. Once on the new site, whoever is behind these bogus accounts must have been using these sleepers to sign in.

      Is it possible to easily invalidate the passwords of all User ID within a specific creation date range and with zero posts? I found over 2000 of them that are suspect. I don't really want to delete legitimate users. What I've done for now is create a "Holding" group with 0 privileges and did a bulk move of all of them over there. I'm assuming the legit users will email me with a complaint.


      • #4
        Also here are some tips to prevent spammers from registering.


        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.