- Edited
Free Flarum hosting on an expert platform by FreeFlarum.com
We also get this error from time to time. At least that was the feedback from some users. Haven't figured out what exactly it could be though.
We have been having an attack on our forum, whether malicious specifically to us or aimed at Freeflarum, I don't know.
I noticed much more user registrations than normal, happening every few minutes at first then every few seconds in waves. the usernames took the format 6I61WPK or similar, numbers and capital letters mixed.
This made it easy to identify these users, however Flarum does not provide tools for mass deletes, which is annoying.
I don't use e-mail veriification as it won't stop this and will add more server side load. So the actions I took were to add hCaptcha (not rCaptcha) to the forum. As the captcha is not handled at the servers, it basically prevents registration with hopefully minimal server activity. This has immediately stopped these accounts being created.
I say malicious, because the accounts are created, but post nothing. Although leaving them on the forum creates an additional risk. I removed them all and to do this used an auto mouse mover and clicker. https://thetinytask.com/#download-tinytask-177
It runs as an executable and from the user directory screen can be used to relatively rapidly delete 100s of users. It's the simplest thing I found. I use speed 6 and simply add the appropriate repetitions required.
- Edited
DavecUK hi, yes this is unfortunately a known issue (and not only present at FreeFlarum). I did not want to discuss this publicly yet because I was busy and also because I wanted to setup hCaptcha for all forums with unified API key today (turns out, I would need to create a script that appends the hCaptcha extension ID to enabled extensions' IDs for all forums, so it's not as simple as it seemed at the first glance).
Another question is whether its appropriate to forcefully enable hCaptcha for all forums? I was thinking that I could send out an e-mail for all forum owners and encourage them to turn on anti-spam extensions too, which is probably better, but this wouldn't ensure 100 % anti-spam coverage, as not everyone would enable the extensions. I will make a decision today, and honestly I am leaning towards sending out an informational e-mail...
Anyways, as for what I know about this now that it was brought up... There was a discussion about this earlier, so your forum is not the only one with this issue: https://discuss.flarum.org/d/32766. I spotted it on one other forum as well. The way I noticed this is that I have recently signed up FreeFlarum for Yahoo (and others') e-mail feedback loops (it basically allows me to receive a notification every time a user reports an e-mail sent from FreeFlarum as "spam"). And, the way this particular spam works is that once a password reset e-mail is sent, the bot/human/whatever behind it marks it as "spam", most likely to lower down our mail server/IP reputation:
FYI I discussed with @luceos, and an update for Spam Prevention will be prepared that will hopefully mitigate this kind of spam in the future. Until then, I will look into ways to integrate as much anti-spam features into FreeFlarum as possible, with the current extensions that are available
SKevo Another question is whether its appropriate to forcefully enable hCaptcha for all forums? I was thinking that I could send out an e-mail for all forum owners and encourage them to turn on anti-spam extensions too, which is probably better, but this wouldn't ensure 100 % anti-spam coverage, as not everyone would enable the extensions. I will make a decision today, and honestly I am leaning towards sending out an informational e-mail...
I agree with an informational e-mail, plus some advice to owners to check their user numbers regularly and their admin panels. My advice would be to recommend:
Anti spam protection is turned on (FOF Stop Forum Spam)
first post approval (so new users require approval of 1st post/discussion)
Auto moderator (with new user and user promotion parameters) to work with above
No e-mail verification (pointless for this attack, makes the problem worse)
Definitely implement hCaptcha
It's broadly what I do and my latest addition hCaptcha has reduced the problem to zero, hopefully with minimal server impact..
In addition I strongly recommend that if people use simplelogin anonymous e-mail service, or a similar service to be able to receive e-mails from other members, their signature contains "contact me"a link to their bio, where the simple login alias is stored. Then make user bios only visible by automoderated members who have been promoted from "new user" to "user".
Hello, everyone. What attempts have people made to make their forum better known to people? I've recently added my forum to the Bing browser, but found that it was really slow in indexing my pages. Today I found out that Bing has a program called IndexNow that solves this problem, so I wanted to ask if you've ever done this? How do I need to do this?
zhushen12580 Today I found out that Bing has a program called IndexNow that solves this problem
Are there really people using Bing? I don't know any in my area. Anyway thanks for the link. But maybe you should start your own topic, that has nothing to do with FreeFlarum
tom23
Hello, thanks for your answer, my forum is deployed on freeFlarum, so I don't know how to configure some files, which is why I am asking on this topic.
zhushen12580 as FreeFlarum is a free service that aims at providing forum owners a starting point for their communities, I do not plan to support the upload of custom files under forum's root anytime soon. This is something that can be done if you self-host your forum, which is usually recommended if you'd like to run an advanced/bigger community anyways. Also, IndexNow by Bing is one of the more... "advanced" features that would most likely require a custom extension to be developed - one that will ping Bing's API every time content on your forum is created, updated or removed. So, even if I did upload the file for you, a system that pings the API would still need to be implemented anyways.
SKevo Got it,thanks.
it seems that freeflarum has lost a lot of speed again. The forum loads much slower and so does the sending of a post.
tom23 other FreeFlarum forums seem to load pretty fast for me, at this moment. It is worth noting that if a particular forum has a lots of extensions enabled, it can affect the performance and loading times. So, please check if that's not the case for your forum. If nothing helps, please tell me the forum URL that is having issues, and I will investigate what could be causing it
5 days later
How to change the E-mail tied to FreeFlarum account (not the forum admin's account)?
The issue
I need to change the E-mail tied to FreeFlarum account, but I cannot find anywhere to change that.
Is there a way to change it or I have to delete the account and register a new one?
Merged 1 post from How to change the E-mail tied to FreeFlarum account?.
- Edited
kjkluk hi, please reach out to me at info@freeflarum.com from your new e-mail address and include the old e-mail address and your forum URL, please. I will change it for you manually
5 days later
Hello, we have a "problem". A user who came back after years no longer knows his name and has created a new account. Unfortunately, he cannot change his e-mail address because it is logically taken. Is there any way to search the ACP for e-mails to find out his old nickname?
Yolo if they want to regain access to the old account, they simply need to click "Forgot password?" and enter the old email address.
To find a user profile by email address, you can type email: followed by the email address in either the forum search field or on the Users page of the admin panel. (Only users with the edit any user permission can search using that gambit)
Hi,
I'd like to know how to remove my FreeFlarum?
Since I installed my own Flarum, I don't need it anymore 