Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+4 votes
2.2k views
in Q2A Core by

Here's what I've done:

And also over here:

In spite of this, I see that users are posting spam questions on my forum. How is it possible? They're doing it without confirming their email address!

Spam users are able to directly post questions in spite of these settings. And yes, I've enabled captchas. 

Does anyone know what settings to use enforce email verification or to moderate the first few questions until one is accepted?

Q2A version: 18.0
by
That doesn't happen in my environment. Enabling "Request confirmation of user emails" in admin/spam and setting "Asking questions" to "Registered users with email confirmed" in admin/permissions seems to be enough. Maybe you're using a plugin that is interfering with the core
by
I tried creating a new user normally on the site and wasn't able to post a question either. It properly gives the message "please verify email to ask a question". So a normal user cannot post questions without verifying their email addresses. However, these spammers are somehow creating new accounts and being able to post questions. I'm not sure how they're doing it exactly. I tried opening the URL in the browser and it doesn't work. Perhaps, they're making direct calls to the server.
by
In the screenshot the user has confirmed his email. I suppose he was blocked after he posted.
by
@arjunsuresh No he hasn't. It says "registered". If he's confirmed email then it shows as "confirmed email".
by
In the Email field it is shown as Confirmed rt?
https://imgur.com/RdKSUTb.png
by
Did you even read what I said? Please read it again. Your link (my image) shows "registered". NOT "confirmed email". Can you please check the image again?
by
I tried to do a "direct call" (as you call it) to the ask page without having my email confirmed and still wasn't able to ask the question. Are you using facebook login or any other login/registration means?
by
@pupi1985 Nope. No other login. I'm also not able to do a "direct call".
by
By a direct call, I meant submitting the form data directly to the server. The UI doesn't allow the user to access the question page. But I'm guessing that these spammers might be submitting the form data directly to the form's submit URL. I'm not sure. If it's not this then I don't know how else they're creating their spam questions. They're clearly doing it without verifying their emails (which the UI doesn't allow - I've checked).
by
Sorry, I cannot replicate this in a clean Q2A installation. You'll have to provide step by step instructions on how to replicate this scenario immediately after installing Q2A.
by
@pupi1985 That is exactly what I'm saying! I CANNOT replicate it either. However, the spam users ARE able to do it. I repeat, I CANNOT do it. Even on a fresh install, I CANNOT do it! That's not what I"m asking. I'm asking HOW the hell are spammers still doing it on my site, and what can I do to stop them.

1 Answer

+1 vote
by
Is your site https? When I did htttps, I got rid of all the spam
by
Yes. My site has been https from the start. Even if someone types http then it automatically goes to the https site.
by
Are you in cloudfire? Inmunify360? Do do you have URL htccaces config?
...