I have the extension OneAll Social Login installed, with options for Facebook, Google and LinkedIn checked.
I discovered a couple of fake users had registered with the forum some time ago. I'll use details of one of these users as an example.
- User registers on 6 Jul 2018. Based on information I see in ACP > Maintenance > Admin log, the Username is Anonymous, IP is 126.96.36.199, and in the Action column it states "Added new members to usergroup Registered OneAll users - kevin.smith". The user's email address is with domain @example.com
- Realising this was an invalid user on 5 Aug 2019, I deleted the user on that date.
- On 6 Aug 2019, same user had re-registered. From IP 188.8.131.52.
- I deleted the user again on 8 Aug 2019. This time I also went to ACP > Users and Groups > Ban emails, adding *@example.com to the permanent banned list.
- On 8 Aug 2019, the same user had re-registered. From IP 184.108.40.206. And with an email address from the domain @example.com
- User registration settings > Enable spambot countermeasures for registrations is set to "Yes".
- Spambot countermeasures
- Enable spambot countermeasures for registrations is Enabled.
- Installed plugins is set to GD image.