I have been a proud member of the XOOPS community for many years. I am a gamer and I run several XOOPS based sites for my guild. Our main guild site has been running on XOOPS for I would like to say 7 years now. I have ported some gamer based tools (like kill boards and stuff) into XOOPS and distributed them to other guilds that are running Xoops.
Things have been great up to about 6 months ago when our site started getting spammed with advertisements from Viagra to In game gold. I have configure the site to require a valid e-mail to signup I don’t allow anonyms posting for anything including comments I have even started banning IP’s at least the ones that are legit IP’s. I even run the protector module on my site. However even with all my efforts they still seem to slip through the seams and get into the site.
As a last resort I am reaching out to the XOOPS community to ask for help. I am looking for suggestions on how I can make my site unusable for spammers but still maintain usability for my guild which currently stands at about 600+ people spread a crossed many games.
This is my current configuration
I’m running XOOPS 2.0.17.1 (and this has been upgraded many times as the site is between 7 to 10 years old)
Protector module 3.15 (currently it is temporarily disabled as I ran into an issue with it and it locked my site down on me)
Any help would be greatly appreciated in case you want to look at the site and if you can see security holes please feel free to @ http://www.theood.com Just I ask that you don’t damage the site.
If anyone needs more information please don’t hesitate to ask I own the server the site lives on so I can do anything that is needed to be done.
Thank You,
Proud XOOPS community member

What can we say, You need to upgrade to the latest Xoops. Need backup your site then carryout upgrades. I would upgrade on a copy of the running site on another site before doing the upgrade on the running/live site.

- Don't allow anonymous users to post
- If you are subject to automated registering of spamming users try recaptcha.

another option:

Set all forum posts &/or comments to require authorization, hack the comments admin to allow bulk deletions and check your site once a day. spammers will soon give up if they never get anything posted. Not a perfect solution, I know, but maybe works for you.

Quote:

thanks for the how-to, ghia! i wonder if it'll replace any default XOOPS captcha with the recaptcha? or it works for register.php only? i ask because i have the captcha by dugris in several modules.

Recaptcha will replace the captcha, everywhere the standard captcha class of the XOOPS core is used. That may also be the case for some of the newer modules.

thanks! succesfully set up!

ghia, could you also point me to the how-to to install dugris captcha in any form. i remember there was a thread on xoops.org when you explained it but i failed to find it. thanks in advance

--

already found

i've installed this module by dugris and added captcha to the catads module. but it's not recaptcha..