Hello to all. I have a problem that I can not solve alone. A new user of my forum, yesterday, created a topic containing links. When I opened it, my antivirus started to report and block threats continuously. Of course, I deleted, immediately the topic and I warned the author of the topic, which has not responded to my message. These days, two other people are signing up to the forum with strange email addresses, too long. I'm suspicious, because they did not ask questions, after their entry. I would like to know if there is a way, as is often done in other forums, to prevent the pubblicazioine of links in the post for new members. This would be a security. Thank you for your help. Silvana
I forgot. I would also like to know if it is possible to block spam and how and if it would be possible for me to check the registration and give the ok before they become effective ... Thank you.
(in the meantime, for safety, I locked the suspect users)
Yes, I've been experiencing the same problem... if this keeps up, my registered user list will one day be 99% spammers. :-(
The best solution I've seen is to only let "Members" (NOT "Anyone" or "Registered Users") post and reply to messages, and then you should add all known non-spammer email addresses to the members list. So that becomes an extra step for the admin to determine if the new person is a spammer. It's pretty obvious with these weird gmail accounts that these are spammers, though, so I just ban them immediately without any research.
But again, I think there probably could be some sort of improvement in how Nabble handles this, so the registered user lists isn't dominated with spammer email addresses.
Thanks Mark Martin, your hint is very clever. Can I ask, though, how you've organized things with your users? How did notice that they can not write posts, even if they are logged in, until you enter them in the group?
I agree that Nabble should find a better solution. Ciao
He, juanete. The addresses you've posted are the same as I have. Bob Marley ("b.ob.marley.forevero.nly @ gmail.com"), joined the my forum twice (nickname: sambhcar and saundiola), with two addresses, different only in the dots. It's this person who posted the topic containing the malware. After him came the others you wrote.
I think someone should tell Google what's going on, but I do not know how to do.
I ask the staff members Nabble to take action. They will know what to do. In the meantime, I recommend to all who read this topic immediately to ban users who register with the address of which we have spoken.
I thank you and wish you a good day ..
My suggestion to only allow "Members" the permission to post messages is just based on other discussions I've read here. This seems to be the recommended approach for now. So you've got the following group settings:
Anyone -- cannot start a new thread or reply (this group includes registered and non-registered people)
Registered -- cannot start a new thread or reply (this group is people who have registered, and includes people you've approved to post, banned people, and spammers)
Members - CAN start a new thread, CAN reply (this group would only include people you've approved to post)
The administrator just adds the acceptable participants to the Members list. Either by using a button when looking at their user profile page, or by manually adding their email address to the members list.
I quibble with your descriptions of "Anyone", "Registered" and "Members", but agree with your recommended action.
Forum Administrators need to remove the User permissions for "Create_topic" and "Reply" from users in the "Anyone" and "Registered" groups and grant those permissions for the "Members" group. They then need to add the mail address of all approved users to the "Members" group.
The Nabble default is to allow those in the "Anyone" group to post. And that literally does mean anyone!
Most forum administrators remove those two permissions from "Anyone" and add them the "Registered" group. But all that does is force a user to provide an email address before they post and the only protection it offers is the ability to ban someone with that email address from posting. However, it is a simple process for a spammer to create software robots that create multiple, near identical, email addresses and then use those addresses to register and post to a forum. This is what happening in the current registration and spamming storm.
As you say, the only option currently, for forum administrators is to adopt a manual system of approval of users. Insisting on registration only is not enough. Only allowing approved "Members" to post is the answer.
Having said that, I do believe that Nabble will need to take some action soon, as a minimum, implement some filtering of registrations - removing those that clearly come from spammers as the current situation is unacceptable and will drive users away from Nabble forums.
Just a Volunteer Nabble Helper - because the nice folk at Nabble have helped me!
Thanks Mark. I'll do that , now. The problem is when, for example, I can not be at the pc and new users should wait before they can write their posts. I have to think about how to get organized to inform visitors. Ciao
Wait, I have found the way. But....can I write also in italian, in Naml code, or only in english? Most of my users are Italian and it would be better for me to write explanations in both languages, if it is possible....
Ciao. I can change parts in macro "Unauthorized", but not in macro "new_topic_forbidden_page", becouse it is not for basic account. Can I change the text of the messages that appear to new users when they sign up to my forum? And what they receive by email? If yes, what should I look for in the macro Naml to find the parts that I need? Thanks for the replies ..