XF 1.1 My Forum's Getting Lots Of Spam

System0

System0

Active member
edit by jake - I just posted a resource that consolidates all of the information from this thread into one guide:
http://xenforo.com/community/resources/dealing-with-forum-spam.980/

I've never had any problems with spam before but when I checked my forum today I saw lots of spam threads. Some were in Russian though many were in English.

I checked some users and they had fully validated their account using Gmail. The spam is undoubtedly automated though.

Some users have signed up using the domain andasio.com.

At the moment I am getting a new thread every few minutes and the IP addresses are all different so there doesn't seem to be any way to stop it

(note: I haven't installed any new add ons or mods in a while so I don't think that's the issue)

I used to have this problem with vBulletin though this is the first time I've ever had a problem with XenForo. It's kind of taken me by surprise to be honest.

Any idea how this is happening and how I can stop it?

Thanks,
Kevin
 
Sort by date Sort by votes
robinhood said:
I like those types of captchas, not sure if they can be beaten by bots or not. Demo
Not going to stop humans though
Click to expand...
The problem with forums is ... once you get by registration ... YOU ARE IN !
Then you can login WITH NO RESTRICTION.

Adding a step to the Login process would drastically reduce the recent wave.

I keep thinking that some Gritter notification that must be clicked before you can post. So that when you have no likes, and you post something, 10 seconds after they post .... send a popup Gritter notification to them .... and if they don't click it .... the post auto deletes.

When you do post ... and you have no likes ... require some manual task to be done for the posting process to be complete.
 
Upvote 0 Downvote
Digital Doctor said:
The problem with forums is ... once you get by registration ... YOU ARE IN !
Then you can login WITH NO RESTRICTION.

Adding a step to the Login process would drastically reduce the recent wave.

I keep thinking that some Gritter notification that must be clicked before you can post. So that when you have no likes, and you post something, 10 seconds after they post .... send a popup Gritter notification to them .... and if they don't click it .... the post auto deletes.

When you do post ... and you have no likes ... require some manual task to be done for the posting process to be complete.
Click to expand...

The answer somewhere else, very easy one i mean :coffee:
Easier = better = profit :giggle:
I ve solved this with Q&A (easy to google/wiki questions about NASA, YouTube, Earth, Google & famous ppl) this type of question wont annoy people and wont let spamers to break through your security.
 
Upvote 0 Downvote
Like all of you here I have noticed an uptake in spam registrations although luckily I had xen utilities running and the 10 or so that got through were quick to handle. I have been working on a friends phpbb board for the last couple weeks and I have been getting the admin emails when a new person registers and it seems the spam registrations have been in the same time frame as the xen spam. I got 75 emails today.

I was wondering if this would work. Could we use the route changer to change the the route to the login page from www.yourdomain/xenboard/login/ and change it to www.yourdomain/xenboard/somethingrandom/ then redirect the original /login/ route to the XRumer site or where ever via htaccess?

Edit I am assuming the script is browsing directly to the login page.
 
Upvote 0 Downvote
Luis said:
This can help with the spam???
https://www.keycaptcha.com/captcha-for-cms/

Someone has used this??
Click to expand...

I'm really going to hope this works.

I've been hit...... HARD ...... I've always had Xen Utilities installed and used all 3 spam services. It turns out it has blocked over 2,000 (20 per page / 100 papges) worth of spammer in the last 2 days. But of course some of them are still getting in.

We originally were using Google's reCAPTCHA and clearly that isn't working.

Question and Answers need to be kept at simple Math only questions, because not everyone who registers can read or write in English. Sadly, the new A.I. that seems to have targeted us can do math... Very well math.

0 + 0 - 0 + 25131 - 2012 + 666 + 9002250007 - 3 =

:(

And I refuse to block whole countries just because of some idiot.

I'm going to also start using Cloudflare, even though I sometimes think it does more harm than good.
 
Upvote 0 Downvote
Adam Howard said:
I'm really going to hope this works.

I've been hit...... HARD ...... I've always had Xen Utilities installed and used all 3 spam services. It turns out it has blocked over 2,000 (20 per page / 100 papges) worth of spammer in the last 2 days. But of course some of them are still getting in.

We originally were using Google's reCAPTCHA and clearly that isn't working.

Question and Answers need to be kept at simple Math only questions, because not everyone who registers can read or write in English. Sadly, the new A.I. that seems to have targeted us can do math... Very well math.

0 + 0 - 0 + 25131 - 2012 + 666 + 9002250007 - 3 =

:(

And I refuse to block whole countries just because of some idiot.

I'm going to also start using Cloudflare, even though I sometimes think it does more harm than good.
Click to expand...
Your concern is the disadvantages of Question Captcha but by using math, it always be bypassed by the bot. reCaptcha is also be bypassed by bot also.
 
Upvote 0 Downvote
Adam Howard said:
Is why I'm hoping this one will work

https://www.keycaptcha.com/captcha-for-cms/

You actually have to drag and drop puzzle pieces to make a complete photo. Something I don't yet think can be done by a bot.
Click to expand...
This is interesting stuff. It could make a funny time for users but also make angry for real/lazy users :D. But IMO, this is easier for real users to complete rather than reCaptcha, sometime I could not able to read texts inside them :-s
 
  • Like
Reactions: HWS
Upvote 0 Downvote
sonnb said:
This is interesting stuff. It could make a funny time for users but also make angry for real/lazy users :D. But IMO, this is easier for real users to complete rather than reCaptcha, sometime I could not able to read texts inside them :-s
Click to expand...
Google reCAPTCHA has always been hard to read, but the white background that XenForo uses for it, has always made it even harder. The few times I've ever installed Google's version; I always used the standard red theme as it was a bit easier (not by much, but more than the white color theme).
 
Upvote 0 Downvote
Adam Howard said:
I'm really going to hope this works.

I've been hit...... HARD ...... I've always had Xen Utilities installed and used all 3 spam services. It turns out it has blocked over 2,000 (20 per page / 100 papges) worth of spammer in the last 2 days. But of course some of them are still getting in.

We originally were using Google's reCAPTCHA and clearly that isn't working.

Question and Answers need to be kept at simple Math only questions, because not everyone who registers can read or write in English. Sadly, the new A.I. that seems to have targeted us can do math... Very well math.

0 + 0 - 0 + 25131 - 2012 + 666 + 9002250007 - 3 =

:(

And I refuse to block whole countries just because of some idiot.

I'm going to also start using Cloudflare, even though I sometimes think it does more harm than good.
Click to expand...

What I had to do was to switch to Question and Answer, and I wrote my question using "spam speak" like this: Wh@t d0e$ 8 pLv$ 2 equa1? Please type the number. I am starting to think that the bot/spam scripts can read the reCaptcha, but this method seems to be working for me.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

R
  • Question Question
XF 2.1 5,000+ of my forum's 6,800 users are spambots - How to delete them?
Replies
6
Views
540
jeb35
J
Stuart Wright
  • Question Question
XF 2.1 404 Page not found on lots of links after migration. Leading and trailing slashes needed.
Replies
4
Views
721
Stuart Wright
Stuart Wright
jr777
  • Question Question
XF 2.0 Lots of trouble with email system, and not just with 2.0
2
Replies
20
Views
1K
jr777
jr777
shinyidol
Upgraded to 1.4 and still getting lots of spam
Replies
1
Views
742
Paul B
Paul B
Brian O'Neill
  • Question Question
XF 1.2 Getting lots of Undefined variable: fileName errors in Server Error Logs
Replies
2
Views
962
Brian O'Neill
Brian O'Neill
Top Bottom