Handling bot accounts (with proposals) Topic is solved

Need help with the Administration of your Joomla! 3.x site? This is the spot for you.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Post Reply
EvanGR
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 239
Joined: Fri Oct 10, 2008 5:30 pm
Location: Greece

Handling bot accounts (with proposals)

Post by EvanGR » Thu Oct 01, 2020 6:51 am

Hello,

We notice that we occasionally get bot accounts (registrations) in our website.
(J3.9.21 + Recaptcha)

There are two main tactics to manually discover and remove the fake accounts...

1) A lot of the accounts use an email address that points into a specific country (e.g. .ru).
Our website/eshop is localized for a single country, so 99% of these accounts are fake.

We can manually search for accounts containing the '.ru' keyword, and then manually go through the entries and delete them.

Ideally, we would like an option to have a blacklist of email addresses (with wildcards e.g. *@hotmail.com, or *@*.ru), to prevent registrations from happening at all.

2) Many bot accounts, use a large sentence (spam message) in the Name field.
e.g. "Find the b3st drug$ online at xxxxxx"

We would like to have an option to filter account names by number of words used (a normal name shouldn't be more than 3 words).
Batch-find such accounts in the backend. (more than X number of words)
Or even just plain do not allow these bots to register successfully.


Joomla 4.x could at some point implement a "spam users group". Registration attempts that fit certain criteria (like the above), would not be activated automatically, and end in a "spam" group, that will await for admin approval.

Thanks for your time.

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9724
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: Handling bot accounts (with proposals)

Post by sozzled » Thu Oct 01, 2020 7:01 am

https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

waarnemer
Joomla! Hero
Joomla! Hero
Posts: 2786
Joined: Sun May 04, 2008 12:37 pm

Re: Handling bot accounts (with proposals)

Post by waarnemer » Thu Oct 01, 2020 7:29 am

Captcha and recaptcha once a while are being tricked by new bots... the bots are trained in finding bikes, cars, bridges and traffic lights too.. sort of.. (not the real hack but just to keep explanation simple)

A very good captcha mechanism is hashcash, (richeyweb) installed available in global.

the core registration form supports.

Your ecommerce extension, I don't know.
It is a pity not all extension developers respect the global available captchas (which imho they should!)

But if yours do, try and use. Together with information in the link @sozzled gave you, you harden your forms and registrations attempts.

EvanGR
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 239
Joined: Fri Oct 10, 2008 5:30 pm
Location: Greece

Re: Handling bot accounts (with proposals)

Post by EvanGR » Thu Oct 01, 2020 7:51 am

sozzled wrote:
Thu Oct 01, 2020 7:01 am
See https://docs.joomla.org/Help39:Componen ... in_Options

That's one approach. 8)
Alright! Email filtering is already implemented! Awesome! Thanks

User avatar
JAVesey
Joomla! Hero
Joomla! Hero
Posts: 2268
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Handling bot accounts (with proposals)

Post by JAVesey » Sat Oct 03, 2020 12:17 pm

Might I suggest that you take a look at this plugin:
https://extensions.joomla.org/extension ... striction/

I use it to filter registrations from specific domains into a "pending" user-group (with no privileges whatsoever!) until a veracity of the registration is established. It has loads of other functions too. The "disallowed" and "Advanced" tabs are particularly useful.

Worth a look IMHO :)
John V
Cardiff, Wales, UK
Uses Joomla 3.9.22 and PHP7.4.11


Post Reply

Return to “Administration Joomla! 3.x”