Makestation

Full Version: Registration changes
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Due to an increase in spambots signing up for makestation, any new members have to verify by either sending or responding to a PM before their registration can be completed.

this is a temporary measure until a more effective anti-spambot measure can be found.

-SpookyZ
Great thank you !
Thanks for letting us know about this - and good luck defeating the spambots and their kitchen/shoe spam!
Hello everyone,

We've made a lot of changes to try to mitigate some of this. One of the biggest causes of our issues was related to email problems on the server, which was caused by Gmail blacklisting DigitalOcean intermittantly as a host. This meant that some users were completely unable to receive email, and we had disabled email verifications to prevent people from being unable to register.

This blacklist was handled by a company called UCEProtect, which was, by nearly every definition, an extortion service. Gmail, for whatever reason, uses them to decide which emails to block, and a lot of users have had issues with certain hosts as a result. UCEProtect had decided to blacklist one of the largest webhosts on the planet and wanted us to pay them to remove Makestation's IP from their blacklist. This was completely unjustified, as our sole reason for being blacklisted was that we were hosting on DigitalOcean, which hosts hundreds of thousands of other websites around the world. Needless to say, we weren't going to respond to their extortion attempt. Finna

We've fixed this by simply using a third party mail service, which will prevent us from having any problems in the future. This has allowed us to set up the registration forms properly, which will help reduce the spam significantly. We've made a number of other adjustments such as security question and captcha adjustments as well.

We have much bigger changes coming in a few weeks, so stay tuned! In the meantime, we will keep an eye on spam and continue to make adjustments as necessary.
(September 15th, 2021 at 11:17 PM)Darth-Apple Wrote: [ -> ]............  for being blacklisted was that we were hosting on DigitalOcean, which hosts hundreds of thousands of other websites around the world. Needless to say, we weren't going to respond to their extortion attempt.
  Wink exactly not to be blackplate
(September 16th, 2021 at 6:55 AM)tc4me Wrote: [ -> ]
(September 15th, 2021 at 11:17 PM)Darth-Apple Wrote: [ -> ]............  for being blacklisted was that we were hosting on DigitalOcean, which hosts hundreds of thousands of other websites around the world. Needless to say, we weren't going to respond to their extortion attempt.
  Wink exactly not to be blackplate

Yea, UCEProtect is... interesting. It's really kinda sad that Gmail even uses such a service, because there are far better ones out there that are far less incompetent. UCEProtect only gets away with this nonsense because large companies allow it. Part of me wonders if someone was bribed to even use this service to begin with. 

Blacklisting entire cloud web hosting providers, including hosts like DigitalOcean that happen to host thousands of reputable websites around the world, is not how you convince the world that you know what you're doing. Finna
Hello, I just registered on your Makestation community!  Smile

BotScout for MyBB is quite effective against the armies of spambots we normally have to suffer. It silently makes a call to check their database of well known bad actors. Although the code does not provide for automatic IP bans, it just blocks registration.

And as far as a I know, it does not use a lot of hosting resources.

Cheers.
(February 15th, 2023 at 9:08 PM)cuchillo_baishan Wrote: [ -> ]Hello, I just registered on your Makestation community!  Smile

BotScout for MyBB is quite effective against the armies of spambots we normally have to suffer. It silently makes a call to check their database of well known bad actors. Although the code does not provide for automatic IP bans, it just blocks registration.

And as far as a I know, it does use a lot of hosting resources.

Cheers.

Welcome to Makestation.  and thanks for the heads up. I'll look into it for sure.
(February 15th, 2023 at 9:08 PM)cuchillo_baishan Wrote: [ -> ]Hello, I just registered on your Makestation community!  Smile

Welcome to Makestation!
(February 15th, 2023 at 9:08 PM)cuchillo_baishan Wrote: [ -> ]Hello, I just registered on your Makestation community!  Smile

BotScout for MyBB is quite effective against the armies of spambots we normally have to suffer. It silently makes a call to check their database of well known bad actors. Although the code does not provide for automatic IP bans, it just blocks registration.

And as far as a I know, it does use a lot of hosting resources.

Cheers.

Welcome aboard, and thanks for the recommendation Smile !
(February 15th, 2023 at 9:08 PM)cuchillo_baishan Wrote: [ -> ]Hello, I just registered on your Makestation community!  Smile

BotScout for MyBB is quite effective against the armies of spambots we normally have to suffer. It silently makes a call to check their database of well known bad actors. Although the code does not provide for automatic IP bans, it just blocks registration.

And as far as a I know, it does not use a lot of hosting resources.

Cheers.

Welcome to Makestation! Yea, we've had our fair share of spambots over the years. We've reduced them quite a bit, but we still have some pretty big spurts that come here and there. Thanks for the suggestion!
BotScout ? is there one for mybb 1.8? I think the addon is very old and only up to mybb 1.6
(February 18th, 2023 at 8:15 AM)tc4me Wrote: [ -> ]BotScout ? is there one for mybb 1.8? I think the addon is very old and only up to mybb 1.6

I found out about another layer of protection against bots, scanners, bruteforcers and other miscreants. It involves using csf firewall in combination with ipset, a companion for setting up rules and quick block thousands of bad actors' IPs without degrading performance.

Based on checking daily updated blacklists (like Spamhaus, Feodo..) https://docs.danami.com/juggernaut/user-...lock-lists 

The admin must have full control of a dedicated server, or a cloud instance with KVM virtualization. On OpenVZ unfortunately does not work.

Anyone interested can ask me, it's really easier than it seems. I managed to reduce bad traffic and fake signings from 5 a day to 1 every 5 days!
Yes  Wink Wink