USE CAUTION: Don’t let this happen to you!
You heard it right, there have been recent reports of Spam Bot attacks! Spam Bots have been registering to DNN websites, creating accounts, and flooding their profiles with links to boost their SEO. Spam Bot victims estimate between 20 to 50 spam accounts being created on a daily basis.
Who’s at risk?
- DNN websites that have “Public” or “Verified” registration enabled.
How can I tell if Spam Bots have attacked my DNN website?
-
New User Registration Notifications – If you aren’t notified by email for new user registrations, go to Admin > Site Settings > User Account Settings, and check the box for “Receive user registration notification”. This way, you will be notified when a new user has registered to your DNN website and can analyze the new user’s “Username” and “Email Address” associated with the account.
-
Analyze New User Registrations – Go to Admin > User Accounts and analyze the new user’s “Username” and “Email Address”. A lot of the Spam Bots we’ve seen have the following formula:
- First Name: John
- Last Name: Smith
- Username: JohSmith
- Email Address: JohnSmith@gmail.com
Here is another example:
- First Name: Miranda
- Last Name: Lambert
- Username: MirLambert
- Email Address: MirandaLambert@gmail.com
Notice how the Username is comprised of the first three letters of the first name and the full last name. The email addresses can be tricky since these Spam Bots like to be sneaky and make you think they’re a real person with a Gmail account. I should point out that not all Spam Bots follow this formula, but it’s pretty easy to pick up on them by looking at a few accounts.
- Undeliverable Email Being Bounced Back – With an average of 20 to 50 spam account a day, that’s a lot of undeliverable email being bounced back to the Administrator account’s email address! You will definitely notice this!
Spam Bots are taking over! How can I prevent more Spam Bots from registering to my DNN website!?
There are a number of solutions to prevent Spam Bots from registering to your DNN website, however, I highly recommend asking your website developer (don’t have one? Contact us today!) to apply these solutions. A number of things can go wrong if these solutions are not implemented correctly. Here are a list of solutions we tested from DNN’s article, Spammer registrations:
- Change “Membership for this website is public” text in the PublicMembership.Text node in App_GlobalResources\SharedResources.resx. – We removed this entirely from our website since these Spam Bots search Google for sites that contain “Membership for this website is public”. Doing this alone, will not solve the problem but will decrease the odds of these sneaky guys finding your site.
- Change the minimum required password length in your web.config file – You can get away without doing this one but the more solutions you implement, the better chance of not being found by Spam Bots. This can be done in your web.config file by searching for the minRequiredPasswordLength parameter and changing the minimum length from 7 to 11 characters.
- Creating a custom Registration page and block the default Registration page – DNN does an incredible job explaining how to do this but in order to implement this fix you will need to have Public registration enabled.
- Last but not least, adding iWeb’s reCAPTCHA module to your custom Registration page – Interactive Webs has a great article on how to set up their free reCAPTCHA module to help block Spam Bots from registering to your site, however, you need to have DNN 7.2.2 to implement this solution with a custom Registration page.
WARNING
Unless you are an experienced Spam Bot Exterminator, I mean professional DNN Website Developer, I do not recommend going after these Spam Bots alone. They are sneaky tenacious little creatures and need to be handled by a professional, but on a more serious note, you could really mess up your DNN website if you don’t know what you’re doing.
If you believe your DNN website is under a Spam Bot attack, please call us today!
