500 sudden new members (all fake)

< edit - actual fraudulent membership counted >

Our site has just been hit with exactly 400 new members in 60mins, all with fake email addresses bouncing back. Any ideas how this could have got past our join form which includes a captcha code? All fake profiles had the email format as follows... a name/word in capitals, a 2-digit number, @ sign, then gmail/aol/aim/live/yahoo. All profiles had full names in capitals.

 ESELLERS77@gmail.com

The captcha included with Dolphin is very basic, and is essentially useless in protecting your site from anything beyond the most basic bots. I'd really wish they'd look into including ReCaptcha as an option, since it's one of the best captchas available these days. As for dealing with these bots, one way to have curve their invasion may be to set profiles to activate only after email confirmation, or by manual activation through the administration panel.

Good idea Magnussoft. Up to now I wanted to avoid the email confirmation email to make it as easy as possible to join. It will now be activated. Thanks for the suggestion.

I'll make a feature suggestion for ReCaptcha. Up until now, I believe it's only been mentioned in blog posts and the few odd forum topics.

Thanks a lot. Fortunately as all the fake profile name structures were so similar it was very easy to identify them and remove them from the site. We have a lot of members and it's not uncommon for such influxes, but these were all suspiciously regular and identical in format.

PS: Let me know where you post the suggestion and I'll 'like' it, or add a comment if possible.

It's on the front page now: http://www.boonex.com/unity/forums/topic/reCAPTCHA-Support.htm.

I had the same thing happen to a SE site of mine.  It was getting a new signup ever 10 minutes for about a week.  These "members" or bots never entered a single bit of information on the site other than logging in.  I let it go because I wasn't really paying much attention to this site.

However, I'm curious: What is the incentive here?  Why would somebody do this?  There was no spam or anything.

I imagine they were supposed to spam the blogs about Ugg boots, or some other crappy product. Either you don't have blogs enabled on that site, or the bots didn't work correctly. I don't know how people think this kind of spam works, but alas, it still occurs on a daily basis around the Web.

I can only assume the idea was to overload our servers with account activation emails etc. There was no other activity and the bot used was fairly sophisticated as name, age, location and avatar were all unique. 400 sign-ups took place in 60minutes. It was like one of those things in the marketplace where you can add 'members' which are all fake. As I said earlier, fortunately all the names were in a similar format so it was easy to identify them and remove them from the database. We had another attack recently whch hit the Profile table in our main site database. Fortunately we're on our own servers with a team of quick thinkers.

All I can recommend against this is make only paid registrations to your site - for example esase developed by my request premium sms registration module - but i didnt bought it yet as I was waiting to 7.0.3 . basicly everybyody who want register have to put their phone number / you set how much will be cost of one sms, so you can even make some money on registrations - this is bots cant get around as it will cost :-), or buy one of subsriptions modules so users havr to pay by papal or authorize.net for registrations. I have been fighting with bot problem on my joomla sites with jomsocial and community builder but not only bots there were also many users who registered and just destroying site by nonsense posts, vulgarity to others etc- when I incorporated paid access for low price ( i set sms will cost 1 usd (from which i will have 0,50 cents myslef) and all problems with bots autoregistrations and bad users are gone now :-) ...hope this helps... Maybe you just want really free site- but then be prepared for problem with either bots or bad users.