Hi again . I have idea how to checking proper email users registered . I thing there is solution in SMTP protocol . During sending message smtp server receiving message and first try find user in users database , if user doesn't exist replying message to sender " there is no such user" . Paul can you use this feature?

I have about 200 users every day registered , and every day have to erase them .

If I remember properly from the past, not each SMTP server would give you such error and not each would allow to send such a command to it. So this method is not quite stable to serve all of the sources. Also, actually, it would lead to spam report issues on the server end, if it would see someone tries to connect to it too often with false email addresses.

In your case, I'd recommend to enable $emailadmin of miniBB to let the admin get the info about all users registrations. There will be visible the IP address of each registration. Mostly, all of the false registrations are automated and come from similar IP addresses. Banning those addresses may stop registrations.

Another pre-filtering would be possible, for example, not allowing email addresses from Gmail, Hotmail, Yahoo etc. Each case is different, so the solution for your forum, with more chance, should be also customized.

BTW, do you have the Captcha module installed? With some tuning, it could kill about 90% of automated registrations.

Yeah Captcha has been installed . It seems like some one made it manually. It is possible to use one session for register many users ?

In a case of a manual Chinese etc. spammer (that uses proxy/vpn server) there is nothing that could help. If he/she uses one IP then it's possible to stop but I doubt they use one IP only..

I have more advanced techniques how to extend Captcha, hopefully I could get to them tomorrow, will post here...
In general, yes, it's possible to use one session for authorization. But not for the registration process, only guest posting. Each authorization requires new code.
You may try to extend it with the current methods I've explained here.

Btw forgot to mention that you could set up to validate users emails like it's explained in the beginning of this thread.

With some little modification, it's possible to set a special field in database, and setting a crontab task, remove all accounts automatically, which say did not verified in 1 hour. Or even better, it is possible to set up a crontab task which will remove all accounts which did not post something useful in 24 hours, i.e. having 0 posts on the account.

Just another kind of the solution.

" Or even better, it is possible to set up a crontab task which will remove all accounts which did not post something useful in 24 hours, i.e. having 0 posts on the account."

That could be good solution . I`m not found any info about this . Could you provide more details ?

Do you know what the crontab task is about? There is required to code a PHP script which would remove mySQL records following these statements:

I'm out of office now and can't provide the exact code.

I`m using hosting and haven`t access to crontab . But i try talk to them . Please provide all code.

I have provided more sophisticated protection codes for the Captcha module. Please check them now and apply on your end to try.

You see, removing what was done, is the last step of "improvement", that means there is no way on the pre-posting stage, and that's the most important to take care of. That's why if nothing helps, I could finally code this... not this time.

Most recently, we have also experienced the massive attack of flood registrations on miniBB forum. They were mostly coming from China, IP networks 27.153.+ and 27.159.+, one in about 5 minutes, so I'd expect it is automated process. The solution I suggested above, may improve the protection. I've temporarily added them to the banning list, and the amount of flood registrations significantly decreased.

For some time I didn't catch the idea of those registrations - what would be the main sense? To make the database of users larger and with false accounts?.. Stupid idea. Later, I've analyzed all of the registration emails I've got as the administrator, and they were about only @gmail.com emails registrations, which of course are thoroughly false. For example:

and so on. It's obvious the coder takes some phrase, from the vocabulary or whatever database of words, in some case extends it with random chars, and then uses dots in random places to get even more "unique" emails to register. Surely, "usernames" also appear completely random phrases, consisting of chars and digits.

I have thought that this could some way be an attack on gmail server, because miniBB will try to send out the registration email to the address provided, and it will fail each time; so at some day, Gmail will think miniBB's server floods their service too randomly and too often, and it may block our IPs or domain or whatever.

Of course, there are TONS of ways to "register" randomized emails, but there are actually a few ways to fight such approach:

1) Do not send registration email to Gmail accounts at all. Alternatively, it's possible to supress any other public email service. However, it was only my expectation that flooders may "rape" servers that way. Also, this will not actually stop the registrations themselves.

2) Do not allow to register Gmail-based account if its username contains more than 1 (one) dot in it. It could help and it could be a not destructive solution to the core. Just add this to bb_plugins.php (before the Captcha code):

and this to the end of your language pack:

I've applied the same codes on miniBB forum. Let's see if it helps. You may try the same so far.

I had spend last week for testing lot of variants of option on captcha module. For now have found some simple solution . The problem is that potential user/guest have to reload 2 or 3 times picture ,but it work. I just ask my new user for clicking few times (if need) because of spam robots. For now after 3 days only one spam user :)

I try paste my captcha options file but Anti-spam protection module blocking me :(

You may zip them and use the File Bank button above to upload it to our File Bank. Later I will review them and attach to your post, if they do not contain any vulnerable parts :) Thanks.

This is only few modification of colors and letter size , but working :)

File bank not working . I try zip and plain txt file :(

What kind of error do you get?
It accepts .zip files up to 1 Mb in size, hopefully you are not trying to exceed this limit (which is enough for a little code).