MicrostockGroup
Microstock Photography Forum - General => Symbiostock => Symbiostock - General => Topic started by: steheap on April 07, 2013, 13:54
-
Well, it didn't take long! I got my first spam registration this morning - from an address ending in o2.pl
I see these on another site that I have running - I'm not sure what they get out of registration - perhaps they test the security from inside the site and see what they can find?
Has anyone experimented with a captcha type system on the site so far?
Steve
-
I decided to try a different sort of captcha - a picture based one called Confident Captcha. It show 8 images and you have to click on the photo that matches the word. You need to register on their site to get the various api codes, but it all seems very easy and secure.
Anyone who wants to see what it looks like can try to register on my site and you will see the way it works
steve
-
This works well...
http://akismet.com/ (http://akismet.com/)
-
I have that, but isn't it just comment spam, not login spam?
Steve
-
I got that same registration this morning too. >:( I was waiting for a sale.
I will look into that Confident Captcha. I have Akismet, but I thought that was just for blog comments, too.
-
Well, it didn't take long! I got my first spam registration this morning - from an address ending in o2.pl
I see these on another site that I have running - I'm not sure what they get out of registration - perhaps they test the security from inside the site and see what they can find?
Has anyone experimented with a captcha type system on the site so far?
Steve
Also here.
New user registration on Hitvectors - Vectors for sale: Username: annimato83 E-mail: [email protected]
-
You'll keep getting them and one day soon you'll be able to boast 300, 000+ registrations! Captcha is one way but setting a trap works well and does not interrupt your customer's experience:
<div style='display: none'> // invisible div within the reg form tags
<input type='text' name='webaddress' value=''> // spammers love to auto fill this in
<input type='text' name='contact' value=''> // spammers love to auto fill this too
</div>
On the page that processes the newbie registration look for values 'webaddress' and or 'contact' (just examples, pick something that you are not using but is spammer friendly). If these values have been filled (remember these fields are invisible to humans) then the newbie isn't human and can be brutally dispatched and your DB remains clean.
-
My spam blocker lets me feed a squirell and put ketsup on fries to tell if ur human.
-
My spam blocker lets me feed a squirell and put ketsup on fries to tell if ur human.
Has someone been working too hard? :)
-
Yes probably but he is not seeing things - try registering with my site (it will check I have really fixed it as well) :D
-
Yes probably but he is not seeing things - try registering with my site (it will check I have really fixed it as well) :D
LOL - makes sense now I've had a look.
-
You'll keep getting them and one day soon you'll be able to boast 300, 000+ registrations! Captcha is one way but setting a trap works well and does not interrupt your customer's experience:
<div style='display: none'> // invisible div within the reg form tags
<input type='text' name='webaddress' value=''> // spammers love to auto fill this in
<input type='text' name='contact' value=''> // spammers love to auto fill this too
</div>
On the page that processes the newbie registration look for values 'webaddress' and or 'contact' (just examples, pick something that you are not using but is spammer friendly). If these values have been filled (remember these fields are invisible to humans) then the newbie isn't human and can be brutally dispatched and your DB remains clean.
How to edit a page and insert this code? Via Putty and using linux vi ? Via Ftp downloading page -> edit/insert -> upload page ?
-
I decided to try a different sort of captcha - a picture based one called Confident Captcha. It show 8 images and you have to click on the photo that matches the word. You need to register on their site to get the various api codes, but it all seems very easy and secure.
Anyone who wants to see what it looks like can try to register on my site and you will see the way it works
steve
Hi Steve, I found a slight problem with your captcha login - it is too big for the space available and you have to scroll up and down to see what it wants and the pictures are very dark, took me quite a few seconds to work out which one was underwater as could not see what they were
-
How to edit a page and insert this code? Via Putty and using linux vi ? Via Ftp downloading page -> edit/insert -> upload page ?
It's just an illustration of the concept, won't do anything if you insert that code.
-
Hi Steve, I found a slight problem with your captcha login
Yes, I did see that myself in my testing. It is because the login page is actually a single page that scrolls down if you want to register and then my captcha get put half way down that larger page.
I may have to change to something else!
Steve
-
Would you like to try mine out - please, and comments on size and usablity will be appreciated :)
-
I can't make it work. Nothing to click or drag. I use Chrome
Steve
-
Possibly because I had not put everything back together after deleting it all to find my login problem. I think it should work now
-
Nope - doesn't work for me!
Sorry
Steve
-
I don't think it is Chrome that is stopping it working for you as I just downloaded and installed it to test, strange. Wonder why you cannot see it when you try and register
-
Would you like to try mine out - please, and comments on size and usablity will be appreciated :)
Your captcha would be great if it worked. I see it, it asks me to drag a smiley on a t-shirt, but I can't drag anything. I use Firefox.
edited: I clicked the signup button with nothing filled in and the catcha no working. Got to sort of an "error sign-up" page, and here your captcha is working! Weird. I hope you can get this sorted out.
-
Would you like to try mine out - please, and comments on size and usablity will be appreciated :)
Your captcha would be great if it worked. I see it, it asks me to drag a smiley on a t-shirt, but I can't drag anything. I use Firefox.
edited: I clicked the signup button with nothing filled in and the catcha not working. Got to sort of an "error sign-up" page, and here your captcha is working! Weird. I hope you can get this sorted out.
-
After trying two different plugins, I've settled on one called simply Captcha. Have a look at my register page now and see what you think!
Steve
-
After trying two different plugins, I've settled on one called simply Captcha. Have a look at my register page now and see what you think!
Steve
Works for me. Let's hope no potential buyer gets deterred because she/he can't solve the math ;D
Actually, I very much like halfshag's suggestion of coding in a trap. That I fear, however, will be more work for Leo...
-
Feed the squirrel, and you will believe ...
http://www.symbiostock.com/wp-login.php (http://www.symbiostock.com/wp-login.php)
-
Feed the squirrel, and you will believe ...
[url]http://www.symbiostock.com/wp-login.php[/url] ([url]http://www.symbiostock.com/wp-login.php[/url])
It does not work when logging into (my) site though - as Philens mentioned it does not work when you first try, only when you get a second sort of error screen
-
Feed the squirrel, and you will believe ...
[url]http://www.symbiostock.com/wp-login.php[/url] ([url]http://www.symbiostock.com/wp-login.php[/url])
what is the worry about spammers when you have a 2 step register process that requires a valid email?
i'm also concerned about users who just want to buy a picture -- why do we have to require them ti register? many people are suspicious of such routines
-
Feed the squirrel, and you will believe ...
[url]http://www.symbiostock.com/wp-login.php[/url] ([url]http://www.symbiostock.com/wp-login.php[/url])
what is the worry about spammers when you have a 2 step register process that requires a valid email?
i'm also concerned about users who just want to buy a picture -- why do we have to require them ti register? many people are suspicious of such routines
You are correct...so how did the spammer register on my site? I never sent them (it, her, him, whatever) an email.
-
Feed the squirrel, and you will believe ...
[url]http://www.symbiostock.com/wp-login.php[/url] ([url]http://www.symbiostock.com/wp-login.php[/url])
Or put catsup on the fries or syrup on the waffles (whatever) It works fine for me and I have all kinds of things blocked on FF.
Where do I get that security plugin? Simple and it works. Next I'll want to add my own, like put the golf ball in the cup? :)
-
The one I have on my site is sweet captcha but I will not be keeping in for, in spite of the blurb it does not work with android
-
It doesn't work from my PC with chrome either....
Steve
-
It doesn't work from my PC with chrome either....
Steve
I couldnt get it to work on my site. The login and register sometimes worked, it didnt work at all in the contact page they provide. I wish it were reliable because i really like it.
-
Even though I use the SI Captcha plugin, I've noticed I'm getting a couple of registrations a day - almost all of them are probably false - they have strange user names and more recently they have aol email addresses.
Two questions - are others getting this (and if not, what protection plugin do you use?). Any idea what the benefit of someone signing up to an account is believed to be? I guess they can post comments without a captcha each time (although I don't have comments available.)
Can they do any other mischief?
Steve
-
Even though I use the SI Captcha plugin, I've noticed I'm getting a couple of registrations a day - almost all of them are probably false - they have strange user names and more recently they have aol email addresses.
Two questions - are others getting this (and if not, what protection plugin do you use?). Any idea what the benefit of someone signing up to an account is believed to be? I guess they can post comments without a captcha each time (although I don't have comments available.)
Can they do any other mischief?
Steve
I've not received any spam registrations -- earlier I was getting spam comments but once I changed to 'comments only from registered users' that stopped.
it seems to cycle -- on my other websites I get occ'l spam responses where I get dozens of replies to buyit now selections for maps - none of which are legit. cant decide whether it's a bot or just some person who thinks they'll singlehandedly overwhelm my website
-
Even though I use the SI Captcha plugin, I've noticed I'm getting a couple of registrations a day - almost all of them are probably false - they have strange user names and more recently they have aol email addresses.
Two questions - are others getting this (and if not, what protection plugin do you use?). Any idea what the benefit of someone signing up to an account is believed to be? I guess they can post comments without a captcha each time (although I don't have comments available.)
Can they do any other mischief?
Steve
I have gotten one. I am waiting to see how big of an issue it is before adding another layer of security.
-
Even though I use the SI Captcha plugin, I've noticed I'm getting a couple of registrations a day - almost all of them are probably false - they have strange user names and more recently they have aol email addresses.
Two questions - are others getting this (and if not, what protection plugin do you use?). Any idea what the benefit of someone signing up to an account is believed to be? I guess they can post comments without a captcha each time (although I don't have comments available.)
Can they do any other mischief?
Steve
I have gotten one. I am waiting to see how big of an issue it is before adding another layer of security.
No more spam registrations after install SI CAPTCHA Anti-Spam plugin.
-
No more spam registrations after install SI CAPTCHA Anti-Spam plugin.
We're using SI Captcha, had 7 yesterday, 2 so far today.
-
No more spam registrations after install SI CAPTCHA Anti-Spam plugin.
We're using SI Captcha, had 7 yesterday, 2 so far today.
My site is not popular. :'(
-
Keep those spam registrations man!
It was funny - when I launched Symbiostock.com I was literally (not even joking) getting 20/hour. Quite a phenomen for a site which was getting very little traffic.
Maybe you can re-spam them? Make some nice spam images and market them to spammers?
-
Keep those spam registrations man!
It was funny - when I launched Symbiostock.com I was literally (not even joking) getting 20/hour. Quite a phenomen for a site which was getting very little traffic.
Maybe you can re-spam them? Make some nice spam images and market them to spammers?
I get a couple here and there. Meaning I get an email saying someone registered. However they don't appear in my site's backend. Anyone else have that?
-
Keep those spam registrations man!
It was funny - when I launched Symbiostock.com I was literally (not even joking) getting 20/hour. Quite a phenomen for a site which was getting very little traffic.
Maybe you can re-spam them? Make some nice spam images and market them to spammers?
I get a couple here and there. Meaning I get an email saying someone registered. However they don't appear in my site's backend. Anyone else have that?
No, the only one I've had so far showed up in All Users.
-
I don't want to make it difficult for people to register, which is why I have set up my site to use a facebook registration if they want.
Not sure if and how well it works...not even spammers are registering at my site.... :(
Glenn
-
Hmm, I know one of mine is legitimate after a quick search, however it still doesn't show up in my user list. I hope I'm not losing a potential customer. Can someone do me a favour and register on my site and let me know if they have any issues or leave a comment or something?
http://photominingstock.com/earth/ (http://photominingstock.com/earth/)
-
Registered and commented, no issues at my end, all went smoothly
-
Registered and commented, no issues at my end, all went smoothly
Thanks! And I saw both the user and comment. Yippee! So it works properly.
BTW, if anyone wants to test sales, just upload a throwaway image and set the price for 10 cents or so, I'll buy it (I have a seperate test paypal account) and let you know if it runs smoothly. Just shoot me an email or PM. If anyone wants to try mine on either site, the image is under search "test" one is a boat, one is a tree. :)
-
Not going to test that for you - would probably cost more in conversion fees than anything else :)
-
Not going to test that for you - would probably cost more in conversion fees than anything else :)
Fair enough. :) The offer is there though.
-
Registered and commented, no issues at my end, all went smoothly
Thanks! And I saw both the user and comment. Yippee! So it works properly.
BTW, if anyone wants to test sales, just upload a throwaway image and set the price for 10 cents or so, I'll buy it (I have a seperate test paypal account) and let you know if it runs smoothly. Just shoot me an email or PM. If anyone wants to try mine on either site, the image is under search "test" one is a boat, one is a tree. :)
I had issues. I used two different emails and two different usernames and got this both times:
ERROR This username is already registered
ERROR This email is already registered
ERROR unreadable CAPTCHA token file
I know I entered the Captcha correctly. I've gotten two emails, one for each name I registered, with passwords. And I was able to login using the pw supplied. I created username supportCL. Something is wrong, but the registration goes through. Maybe the captcha is hosing it up?
-
Registered and commented, no issues at my end, all went smoothly
Thanks! And I saw both the user and comment. Yippee! So it works properly.
BTW, if anyone wants to test sales, just upload a throwaway image and set the price for 10 cents or so, I'll buy it (I have a seperate test paypal account) and let you know if it runs smoothly. Just shoot me an email or PM. If anyone wants to try mine on either site, the image is under search "test" one is a boat, one is a tree. :)
I had issues. I used two different emails and two different usernames and got this both times:
ERROR This username is already registered
ERROR This email is already registered
ERROR unreadable CAPTCHA token file
I know I entered the Captcha correctly. I've gotten two emails, one for each name I registered, with passwords. And I was able to login using the pw supplied. I created username supportCL. Something is wrong, but the registration goes through. Maybe the captcha is hosing it up?
Maybe, I got both registrations in the backend though. I'll take down the catchpa and see what happens.
-
If you delete me, I can try it again.
-
If you delete me, I can try it again.
Sorry I was out for a few hours, deleted! Thanks again!
-
If you delete me, I can try it again.
Sorry I was out for a few hours, deleted! Thanks again!
No problem. I just re-registered with no problems and was taken to the Customer License page on login.
-
If you delete me, I can try it again.
Sorry I was out for a few hours, deleted! Thanks again!
No problem. I just re-registered with no problems and was taken to the Customer License page on login.
Awesome, thank you! I got the registration in the backend too.
-
Awesome, thank you! I got the registration in the backend too.
Can you explain what you mean "got the registration in the backend too." I feel like i might be missing something.
-
I think that farbled intends to say that in its wordpress dashboard he can see your registration.
In dashboard see in the left side the "members" section, here you can see every registered members,
so he saw the user memberCL...
-
I think that farbled intends to say that in its wordpress dashboard he can see your registration.
In dashboard see in the left side the "members" section, here you can see every registered members,
so he saw the user memberCL...
Yep! Sorry, I've been offline a surprising amount recently. Yes, I can see you in my "users" list in my backend. Previously, people would register but I could not see them, I just got an email saying they registered. I disabled the catchpa and going by Cathy's and Christine's help, it works (plus all the spammers I'm getting now, but such is life :) ).
-
I think that farbled intends to say that in its wordpress dashboard he can see your registration.
In dashboard see in the left side the "members" section, here you can see every registered members,
so he saw the user memberCL...
Thank you for explaining. Makes perfect sense. Now. :D
-
I think that farbled intends to say that in its wordpress dashboard he can see your registration.
In dashboard see in the left side the "members" section, here you can see every registered members,
so he saw the user memberCL...
Yep! Sorry, I've been offline a surprising amount recently. Yes, I can see you in my "users" list in my backend. Previously, people would register but I could not see them, I just got an email saying they registered. I disabled the catchpa and going by Cathy's and Christine's help, it works (plus all the spammers I'm getting now, but such is life :) ).
Glad its working for you. Maybe you can find another captcha plugin that doesnt
mess up the registration.
-
I dont mind spam actually. It's like taking the bus in my neighbourhood, only online. :)
-
Just to re-ignite this thread I'm getting maybe 3-4 registrations per day at the moment but I'm guessing their all spam as no sales recently. They are all things like [email protected] for instance.
Do you reckon it's just spam bots signing up in the hope to comment and leave a link?
-
Just to re-ignite this thread I'm getting maybe 3-4 registrations per day at the moment but I'm guessing their all spam as no sales recently. They are all things like [email protected] for instance.
Do you reckon it's just spam bots signing up in the hope to comment and leave a link?
Ever since we started talking about the problem with registration emails not going thru yesterday (see bug thread) ive had four from a 72w dot com place...had some from them before. I suppose all the spammers are getting thru just fine. :o
-
Hi Cathy
Have a look at Anti-Captcha by Filidor Weise - it has stopped my spam registrations dead. The only registrations I have had since activating it have been clients and members of the Network
-
Just to re-ignite this thread I'm getting maybe 3-4 registrations per day at the moment but I'm guessing their all spam as no sales recently. They are all things like [email protected] for instance.
Do you reckon it's just spam bots signing up in the hope to comment and leave a link?
I deactivated Captcha as I found it was blocking any real attempt to sign up, which wasn't good. In 24 hours I've probably had 5 spam registrations. I'm not sure they ever come back and sign up, but I suppose they do get my email address from the registration password email and add me to their lists of working emails for spam lists. Now that I think about that, I'm using my own personal email for that - not good!
I'll try that new plugin that Tinny suggests.
Steve
-
Okay, who is trying me out by registering as qwerty - are you trying out registration on my site or trying to make me think that the anti-capture does not work :)
-
Okay, who is trying me out by registering as qwerty - are you trying out registration on my site or trying to make me think that the anti-capture does not work :)
I was trying to figure out how it works :)
-
Hi Tinny
It wasn't me, but I did install anti-captcha on my own site, then tried it. I got:
Error submitting form!
Please make sure both javascript and cookies are enabled in your browser.
Use the back button to try again...
(Note: if this still doesn't help, then refreshing your cache might)
I don't think I have done anything special in Chrome, but I must have made a setting (or it is now default) that is blocking javascript or the cookie necessary to make this plugin work.
Back to the drawing board for me.
I wish I could stop my personal email appearing in the registration emails from the system - I think it is coming from BlueHost, not from within Wordpress.
Steve
-
Hi Tinny again
Funny - I just tried your site and could create a registration OK. Even further back onto the drawing board for me - why is my own site playing up!!
Steve
Update: I activated anti-captcha again and made sure I had refreshed the browser. I was then able to register on my own site without the error. If anyone has a spare minute, could you please try it to make sure this java error doesn't pop up.
-
Steve,
I just tried yours as requested, and it sent the password through a gmail address, and I was able to login.
-
Great, thanks!
I have one remaining issue in this space - the identification of my personal email address in the password registration email.
I saw a suggestion online of this solution for Bluehost:
1. Create a Bluehost email address called [email protected]
2. Go to Admin/Settings/General and put [email protected] in the email address there
BUT - it doesn't work for me. The registration emails (if you look at the header) still contain my personal email address. Must be something I am missing here!
Steve
-
Okay, who is trying me out by registering as qwerty - are you trying out registration on my site or trying to make me think that the anti-capture does not work :)
I was trying to figure out how it works :)
I did wonder if it was you, I could see you had come from this thread, then registered, your dns no - which matched the email etc. I do like Wordfence, just a shame it is not permanent only lasts for the last 50 visits or so.
When I get the notification that someone has registered it uses a justhost address, what address do people who register get I wonder.
Steve, is it the address you have put in the settings of Wordpress for communications?
When I get an
-
I am getting an onslaught of fake registrations from w2 dot com. :(
-
Steve, is it the address you have put in the settings of Wordpress for communications?
When I get an
Tinny
We lost something here. Of course this may be something that only I see about my own site? Would you mind registering, again, on my site and let me know an outline of who the registration email comes from? Obviously don't post the full email here - I'm sure some spambot is looking for email addresses even here!
Steve
-
See my post here... finally found a solution and posted it for all of you... =}
http://www.microstockgroup.com/symbiostock-general/spam-registrations/ (http://www.microstockgroup.com/symbiostock-general/spam-registrations/)
-
Steve,
I just tried yours as requested, and it sent the password through a gmail address, and I was able to login.
Steve, I just tried it too and successfully registered without any form of captcha challenge. Have you removed that from your site or did I unintentionally manage to evade it?
-
Steve, I just tried it too and successfully registered without any form of captcha challenge. Have you removed that from your site or did I unintentionally manage to evade it?
That is the wonder of Anti-captcha - it is invisible to ordinary people registering, but it blocks the automated systems that spam registrations use.
The fact that you were able to register (and I don't see spam registrations) means that it is working properly
Steve
-
The fact that you were able to register (and I don't see spam registrations) means that it is working properly
Steve
Then woohoo!!! I'm impressed. Gonna go look at it for my own site. :-)
Muchas gracias!