help! Unregistered subscriber posted viruses

Dear Team,

yesterday an unregistered user had the <great idea> to leave a post on our forum containing a series of malware, viruses etc.

I cannot ban him... but I have his mail received through nabble system...how can I avoid such kind of problem?

The site is nothing "special"...why somebody should want to infect the users etc?

Thanks a lot for your help!
GdA

I also had the same experience with my forum.  Someone created an account and posted what appeared to be a virus.  All I had to do was click on the post and my antivirus software kicked in.

I've also had a similar user create an account on a nabble forum I have, but is currently inactive.

Just giving you guys  heads up.

yes Weasy...luckily my antivirus did the same and I also banned him...'hope no more "surprises" like this!
But would it that be possible to avoid the thing at a more radical point?

As a first step, you should consider changing permissions to prevent "Anyone" posting to your forum. Even only allowing "Registered" users to post may not help, for while you can ban a registered user it doesn't stop a spammer registering again with a different email address.

The ultimate is to implement the "Members" group, when you have to approve manually each registered user. To do this remove the "Create_topic" and "Reply" permissions from both the "Anyone" and "Registered" groups and add it to the "Members" group.

> The ultimate is to implement the "Members" group, when you have to approve
> manually each registered user. To do this remove the "Create_topic" and "Reply"
> permissions from both the "Anyone" and "Registered" groups and add it to the
> "Members" group.

Yes, I just did this on my own groups yesterday, as I am now getting multiple bogus
gmail addresses registering and spamming my groups every day.

But I think Nabble could/should add some additional functionality to fight
spammers, as to me this seems like a big issue:

 1) Perhaps add an option where an admin needs to approve registered users
     (then no need for any distinction between registered users and members,
     and also the list of registered users doesn't fill up with spammer addresses)

2) Perhaps add an option where messages by new members (or certain members)
    need to be approved by Admins

Unless you can already do these things in Nabble, and I just haven't figure it
out?  :-)

Here is my system that I devised with mucho help from Hugo and Pedro:

http://support.nabble.com/Spam-Control-Idea-tp7581611p7584794.html

It's manual, but it seems to be working pretty well.

My Forum and blog is currently getting a number of these bogus gmail addresses registering and posting unwanted messages. There are clearly some malevolent people out there just wanting to cause everyone else problems. I will now have to make registration compulsory, which is a shame as most people in my village are not computer literate and this extra hurdle may prevent their involvement.

> Here is my system that I devised with mucho help from Hugo and Pedro:
> http://support.nabble.com/Spam-Control-Idea-tp7581611p7584794.html
> It's manual, but it seems to be working pretty well.

Thanks Harvey, but I have one question -- isn't your list of registered users
filled with spammer email addresses?  I'm finding that if I ban one of these
bogus gmail addresses, that email address remains in the list of registered
users, so if I want to remove it, I then need to remove it manually from the
list.

So instead of/in addition to a "ban user" button, it'd be nice to have a "remove
this person from the list of registered users" button.

Also Harvey, are you allowing registered users to "Reply" to messages?  And that works okay?

I'd think that might be okay, as typically spammers start a new thread (they don't reply to
an existing thread)

Thanks a lot to everybody for your useful replies!
In the meanwhile I continue receiving infect posts and they are "multipling"!!!

...So what I understood is that I should activate only the option to accept or not new subscribers...will this make the forum no more visible from research engines then?

What do you think if we create a security board place, a sort of list where we nabble forumers can read all the addresse name/nickname and e-mails titles of those malevole people? They couldn't create 30 new emails a day...they will become crazy at least!