qBittorrent official forums

What happened? Our module seems to be working just fine, and yet we get this many spam posts.
If I do a manual check on them, they are marked clean...

Did they buy a new IPv4 block? Or what the heck?

So the captcha for the registration isn't enough....
How about a filter based on the content posted?

[quote="sledgehammer_999"]
So the captcha for the registration isn't enough....
How about a filter based on the content posted?
[/quote]

We have installed a mod, which check all newly registered members and activate their accounts only if they are not in the Stop Forum Spam database. This mod works fine (933254 Spammers blocked up until today). Without it you will not be able to see any of your topics, because the forums will be buried in huge amount of spam. Sometimes these spammers or spam bots manage to post their shit before to be added in the Stop Forum Spam database. This morning there was such a case with about 5 spam topics, which had been cleaned and the spammers had been banned as always.

Even Cloudflare shows many spammers getting challenged, but they bypass the Captcha really easily.
I'll look around if there is a better protection. (at Cloudflare level)

I would like to see removal of the 20-40 second delay between reports... is pretty annoying reporting multiple spam posts when this message comes up.

Just report one and we will sweep through the site.

see my topic in the suggestions
also disabling registrations from the fake email domains will help 
http://www.block-disposable-email.com/cms/

They are using valid, but own custom domains.
Like "123 @ onemoar.com" and so on.

Maybe if I would ONLY allow Gmail and Hotmail addresses...
I'll have to look our database up. In a week I'll clean it out (like remove all the unused accounts, throw out spammers, clean logs), and then I'll check people. Check, how many of them got custom mail address.

[quote="shiki"]
They are using valid, but own custom domains.
Like "123 @ onemoar.com" and so on.

Maybe if I would ONLY allow Gmail and Hotmail addresses...
I'll have to look our database up. In a week I'll clean it out (like remove all the unused accounts, throw out spammers, clean logs), and then I'll check people. Check, how many of them got custom mail address.
[/quote]
agree blacklist everything but the major providers
yahoo
gmail
and isp level mail

I'll report on this back next week.
(Just spam the report button, and please bear with me.)

#Update: And there we have it. Prevention text fixed, database cleaned.
Anything else?

So far today:
- Emptied out not-valid accounts that we had. (not valid mail, 0 posts)
- Emptied out unused accounts. (0 last login)
- Cleaned up the database (40+ MB shaved off! 95% of the database.)
- Added the "Restrict registration" mod, and enabled hotmail.com (all global) + gmail.com.
  (I was thinking about Yahoo, but they have been accused of having a lot of spammer accounts.)

Now I still have to:
- Modify the registration text.
- Add the localized Hotmail addresses (God, I hate Hotmail. (even got "hot" in it's name like it's ... or something))
- Further clean the database (no worries, I do a backup every time I touch the tables.)

Hmmm, why isn't the captcha in the registration form a reCAPTCHA? I think it has far less probality to get "guessed" by bots than the regular/old captcha system.
Also I have seen some sites to have an extra step in the "verify you are a human" step. They ask a really simple question and the have box for the answer. eg "What number to you get if you add four and five?" And then you input "9" in the box.

There is a reCAPTCHA too (!) by Cloudflare, that gets opened if you are using a known attacker IP.
The list they use is very responsive, fast and quickly updated (as they run so many sites).

But sadly, 90% of the hackers bypassed it successfully.
(In fact, you can get a job as "CAPTCHA solver" for a few $C / hour. So that's why.)

I guess the mail blacklist will fix this however. They can't use Gmail and Hotmail.
Now it's their turn. I'll wait what for the next spam post, and check how did it get through.
Then counter that. And this goes on and on.

[quote="shiki"]
There is a reCAPTCHA too (!) by Cloudflare, that gets opened if you are using a known attacker IP.
[/quote]

Obviously, the attackers that got through didn't have a known(spammer) IP, so a reCAPTCHA on your end might have helped.

I mean the spammer with spammer IP gets through.
Because they use human typed CAPTCHA.