I have thousands of spam accounts registered on one forum sending out thousands of emails a day. I cannot prune them, only manually delete one by one.

Any suggestions?

Can't help with pruning users but the first thing I would do is go to ACP->Usergroups->Usergroup Manager, edit the usergroup these members are in and set 'Can Use Email to Friend' to NO.

That should stop all the email from going out from your system.

User Moving/Pruning System
Have you tried this option

OK finally figured out that Moving/Pruning tool doesn't work if more than 1,000 users are selected. Deleted them now in batches of less than 1,000.

Is there a way to figure out why these emails were sent?

The "Can Use Email to Friend" was already set to NO...

there is more than one place to turn off "Can Use Email to Friend"

there is more than one place to turn off "Can Use Email to Friend"

I have it turned off in this usergroup.

Where else can I find that?

check settings also turn off contact us for guests

OK turned off, but it still appears to be going crazy.

In server log I see:

Code:
184.154.119.146 - - [22/Nov/2012:02:01:34 +0100] "GET / HTTP/1.0" 302 400 "http://www.MYDOMAIN.com/register.php?" "Opera/9.80 (Windows NT 6.1; Win64; x64; U; Edition Yx; ru) Presto/2.10.289 Version/12.00"
184.154.119.146 - - [22/Nov/2012:02:01:34 +0100] "GET http://www.MYDOMAIN.com/forum.php HTTP/1.0" 200 32056 "http://www.MYDOMAIN.com/register.php?" "Opera/9.80 (Windows NT 6.1; Win64; x64; U; Edition Yx; ru) Presto/2.10.289 Version/12.00"
or

91.236.74.138 - - [22/Nov/2012:02:27:24 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:26 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:28 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:29 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:31 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:32 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:34 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:36 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:37 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:39 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:40 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:41 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:42 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:43 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:45 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:46 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:47 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:49 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:50 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:52 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:53 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:54 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:57 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:58 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:27:59 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:28:01 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:28:02 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:28:05 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:28:07 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:28:08 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:28:10 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:28:11 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:28:12 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:28:13 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:28:15 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:28:16 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
91.236.74.138 - - [22/Nov/2012:02:28:18 +0100] "POST /register.php?do=addmember HTTP/1.0" 200 26247 "http://www.MYDOMAIN.com/register.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"
180.76.6.20 - - [22/Nov/2012:02:28:19 +0100] "GET /forumdisplay.php?do=markread&markreadhash=1353059343-aa7cfb71731ab850ccdd4c4918a6ec3f70df76a7 HTTP/1.1" 200 6468 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"

https://vborg.vbsupport.ru/showthread.php?t=289463
https://vborg.vbsupport.ru/showthread.php?t=268208
https://vborg.vbsupport.ru/showthread.php?t=248042
https://vborg.vbsupport.ru/showthread.php?t=261498
install these

I appreciate the links but is there not a standard solution?

I'm not too keen on installing mods on all forums...

Q&A Human Verification works pretty well, or at least it has for my site. Go to Settings > Options > Human Verification Options and make sure "Register" is checked. (If it isn't, check it and hit Save). Then go to Settings > Human Verification Manager and click the "Question & Answer Verification" radio button and hit Save. Then on the bottom part, add some questions. In my experience they don't have to be hard at all, but some people say if they're too easy spambots will get past by guessing common answers (like numbers, colors, etc).

I have recatchpa on, I had Q&A on: Nothing changed.

What I don't understand is why emails are being sent when they register?

Hmm...are you sure it the registration that's sending out emails? If you have "Use Mailqueue System" set to yes you might have queued emails. On the admincp home page there's a "Number of Queued E-Mails" stat.

I have actually had registration turned off since about an hour and still had emails going out!!

Hmm...are you sure it the registration that's sending out emails? If you have "Use Mailqueue System" set to yes you might have queued emails. On the admincp home page there's a "Number of Queued E-Mails" stat.

Wow you are a genius! :)

Number of Queued E-Mails 3,170

How do I get rid of these?

ACP > Settings > User registration Options

1. Send Welcome Email
2. Verify Email Address in Registration

Also might want to look at:
https://vborg.vbsupport.ru/showthread.php?t=231715

Number of Queued E-Mails 3,170

How do I get rid of these?


lol, if I were a genius I'd know how to get rid of those. I don't know of any way except to go directly to the database and truncate the mailqueue table (but of course you might lose some "legitimate" emails if you do that).

Edit: I guess if the spam emails are all the same you could search for a keyword. Like if the subject has 'viagra' you could do this:

DELETE FROM mailqueue WHERE subject LIKE '%viagra%'

ACP > Settings > User registration Options

1. Send Welcome Email
2. Verify Email Address in Registration

Also might want to look at:
https://vborg.vbsupport.ru/showthread.php?t=231715

That was all already done.

I'm now interested in deleting the mailqueue!

I appreciate the links but is there not a standard solution?

I'm not too keen on installing mods on all forums...

up to you but it is the only way to stop the spammers registering on your site. I also see you have alot of bad bots spamming your site

up to you but it is the only way to stop the spammers registering on your site. I also see you have alot of bad bots spamming your site

Read my above post, its not relevant.

What I need is to delete the mailqueue!