Since July 2012 many tiki-powered websites which allowed free registration of new users experienced a massive amount of registrations, most of which looked like fake users. In many cases, those fake users started to add spam to those tiki sites (in those cases of collaborative web sites allowing plain registered users to add content).

Therefore, the goal of this page is to serve as a quick & dirty Tutorial for others suffering from the same spam registration wave started for many of us in Summer 2012.

For extended information on how to manage the Action log or Banning features, see Action Log and Banning.

Action log feature

Admin Banning feature

Tiki9.1 allows the prevention of those massive fake registrations with the features:

• Admin home > Login > Registration & Login > "Registration referer check" .
• Setting up a "User tracker" linked to the Registered group, requiring nw users to fill in some mandatory fields (some checkbox, some text area, etc).

1. Add "Admin home > Login > Registration & Login > Require validation by admin" , and add your email at the field provided.

1. Go to Admin users and select to sort users by created_desc order, for instance, and a big amount of records per page like 100 ( tiki-adminusers.php?numrows=100&sort_mode=created_desc )
   1. revise whether there are valid registration requests there:
      • check that name and email have some relation. Most fake users have names that have no relationship with the email. For non English countires & sites, it's quite easy to find out the fake registration attempts since they are not using the local language nor local names, but usually English ones.
      • write down the username and date of any non-fake registration request
   2. Go to "Admin > Action log"
      • To to the "Settings" tab, and uncheck all checkboxes from the column "Reported", except "* System", and save your changes. Of course, you need to keep that line as "recorded"
   3. Go to the "Report" tab, and select your time frame, no user nor group, no category, and under the section "Misc > Search", type: created account, and click at the button "Report"
      • You will see a paginated list of records as a result. Select with the checkbox at the left of each record which ones do you want to select for banning their ip's (you can select all as a starting point with the first checkbox at teh top).
      • Once finished your selection, click at the bottom of the table where an icon of a locker is shown next to where it says: "Perform action with checked".
        You will be sent to admin banning interfcae, with the preselection of the ip's of the chosen records pre-added to the interface
   4. Once at the admin banning interface, review the default settings for the "Multiple IP banning" you can add a Custom message to the user. like: "Access from your localization was forbidden due to fake user registration". When done, click at Save

Once finihsed, you can export your banning list as csv file, and import it to another Tiki site, so that you can reuse your effort to identify banning ip's.

This is a list of 800+ banned IP data exported from "Admin > banning > Export as csv" and compressed as zip file. Collected mostly from July 1st 2012 until October 13, 2012 in a local non-English semi-inactive site where it was fairly easy to identify fake user registrations from just a few good ones. Provided here by Xavi just in case this is useful to anyone else.

• 121013_fscat_tiki9-admin_banning.csv.zip
• 130317 Banning Rules Tiki 9x.csv (4500+ ip's)

Improve this tutotial as you wish (add screenshots if you follow this steps in your tiki site to help making this tutorial more visual 😊 )

And any feedback will be welcome: you can send me a message at xavi (a) tiki.org (and user "xavi" at tiki.org)

BanFakeRegistrations | Ban Fake Registrations | MultipleBanning | Multiple Banning | Ban by IP | BanByIP