Absolutely Bizarre Forum Spam

You need to get spam protection.

capcha
Have it. Google recaptcha.
Also using secret question.
Jamie300 said:
Might be testing your input sanitising to see if they can do any xss
Interesting. I was not aware of this.
I have never done anything to sanitize outputs or inputs. Whatever VBull does by default is the only protection I have.
This part was especially telling
Insufficient untrusted data sanitisation
No output encoding whatsoever
Auth cookie not flagged as HttpOnly
Really no idea about any of this. Apparently my forums are Swiss cheese, security wise.
 
May be they're trying to create links in their profiles pointing to their site?
 
I get these types of spam on forum sometimes too. I don't know what they are trying to accomplish either but maybe their bots fail on certain forum software. Maybe your forum doesn't have a WYSIWYG editor so that's why the link doesn't show up.

A good way to clean it up is to ban the IP address and check what email they use. Usually they use some kind of temporary email service, so you can just ban it with a wildcard.
 
Which version of google recaptcha are you using? V2 or V3, the new one?

edit: nevermind, just read you had a secret question. If it's custom made, you might be getting targetted. Is there a lot of movement on your forum?
 
Last edited:
Keep the registrations in moderation, so all those who signups in new will be in control. There are more methods to stop these spam bots.
 
Back
Top
AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features and essential functions on BlackHatWorld and other forums. These functions are unrelated to ads, such as internal links and images. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock