Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
Ask a Question

Is this abug that allows spamers to create fake accounts without ever verififying the email address?

+2 votes
2.8k views
in Q2A Core by
edited by

---------------------------
Update
---------------------------

After stopping all outgoing emails with the registration codes for 2 days, new fake accounts are not able to verify the email address and are also unable to post SPAM.

So I assume that there is not a bug on the code and unfortunately it seems that these are humans creating this accounts :(

Any creative solutions for this problem?

---------------------------
Original question
---------------------------

I am constantly having to delete face accounts inside my site.

After checking the users table, I see that some of those fake accounts do not have the email code generated.

Does the email code has to always be created or there is a bug that needs to be fixed on my site?

Edit: This are some captures I made on my server for a new SPAM, you can see a GET to register, then a POST to publish the SMAP but there is no GET to verify the email code, so they are somehow able to publish without receiving the email.

Note: This dump correspond to another user and not the ones shown above.

Data for first POST

Data for second POST:

 

Hope this helps to find the problem.

Edit: I have ReCAPTCHA enabled

 

Q2A version: 1.6.2
Show 7 previous comments
by
Interesting catch. I was also wondering about new registered users that even broke the stop-spam-plugin. So I guessed it is real human beings. When I assigned a captcha question that is "unbreakable" there were no new registrations. So my guess in the end, there is no bug. But it would be awesome if you find the reason for this general spam problem.
by
I will make my site send all email messages to me, and this way I will be able to verify if a fake user is able to verify his email address without receiving the email.
If he is able to do it, there is a bug, if not, it´s a human doing the work.
I will let yo know how it goes.
by
After stopping all outgoing emails with the registration codes for 2 days, new fake accounts are not able to verify the email address and are also unable to post SPAM.
So I assume that there is not a bug on the code and unfortunately it seems that these are humans creating this accounts :(
Any creative solutions for this problem?
by
Spammers → humans, wanted users → humans. If you block spammers by "creative" solutions, you probably block your wanted users. Sad story...

However, good news: With the stop-spam-plugin you can define words, part of words, URLs or part of URLs that will reject the posted content. This is how i got rid of them finally. Just block their URLs (domains) and they stop posting ;) http://www.q2apro.com/plugins/stop-spam

1 Answer

+2 votes
by
 
Best answer

Since there is not a bug on the code, I answer my own question:

After stopping all outgoing emails with the registration codes for 2 days, new fake accounts are not able to verify the email address and are also unable to post SPAM.
So I assume that there is not a bug on the code and unfortunately it seems that these are humans creating this accounts :(

I will try http://www.q2apro.com/plugins/stop-spam

Snow Theme by Q2A Market
Powered by Question2Answer
...