XF 1.1 1.1.4: Anti-Spam Improvements for Registration

1.1.4 includes some additional anti-spam options for the registration form. These are small enough improvements that they can be done for a 1.1.x release. You will see some deeper integration of additional tools (such as the previously-shown StopForumSpam) in 1.2. As always, targeted attacks may potentially be able to mitigate some anti-spam techniques.

Built-in Registration Timer
A registration timer system is now built-in to the registration form. For a valid user, they simply cannot submit the form until the time is up. If a person submits the form without waiting long enough, they will need to wait again until to submit the registration.

This can be configured in the admin control panel:

Unique Registration Key
This ensures that the registration form must be displayed before any registration can take place, making more work for bots. Each key can only be used once. (This is not a particularly strong protection on its own, but every little bit helps.)

Integration with DNSBLs
There are several DNS Blackhole Lists (DNSBLs) that track spam or malicious IPs (Spamhaus and Tornevall, in particular). These can be queried on registration and if the requesting IP address is found on them, an action can be taken.

In case you're wondering, we've made it much easier to see if there are users pending admin approval as well:

Expect more in the future...

 

[Brent W]

install TAC it will stop most spambots in their tracks.

http://xenforo.com/community/resources/tac-tenants-anti-spam-collection-anti-spam-free-version.1474/

http://xenforo.com/community/resour...ollection-anti-spam-complete-collection.1469/

I actually have removed this and I am now using all built in xenForo mechanisms to stop spam. So far, so good. Thanks for the update Mike and Kier.

 

[SchmitzIT]

Is there some admin option for the Unique Registration Key? Cause if there is, I'm having some issues finding it, lol.

 

[Mike]

No option. I'm not sure what it would do...

 

[SchmitzIT]

Dunno, Mike. I just figured I'd ask, since I couldn't find anything. I imagined it was something running in the code only, but figured I'd ask nevertheless.

 

[talk2d]

CAN SOMEBODY RECOMMEND THE BEST MEASURE SO FARRRR PLEASE?
Thank you

 

[SchmitzIT]

Smith & Wesson!

One shot, one kill.

 

[TPerry]

Smith & Wesson!

One shot, one kill.

Prefer a good old fashioned .45 Government Model style myself.. big slow moving mass.. kinda like me.

 

[Blue]

Smith & Wesson!

One shot, one kill.

The original point & click interface.

 

[Hackfall]

A few weeks ago I changed my captcha questions. My forum is aimed squarely at UK folks with an interest in something strongly British. Previously my questions were too easy and in particular too easy for people who are not in my target audience to find the answers. Now my questions are just as easy if you are in the target but very hard for spammers from different cultures. As a result my spammer applications have dropped to near zero and my real applications are just as high as before.

Example Question: What do Scotsmen where under their kilts? Answer: Nothing

Since most forums are aimed at fairly small vertical niches it should be possible to come up with questions that only folks you want to attract would know the answers to.

 

[erich37]

a question please:

do I need to register at any website to make "DNSBLs" work, or does it work out of the box in XenForo ?

Many thanks!

 

[Mike]

It works out of the box.

 

[Teapot]

The original point & click interface.

Protip: If it clicks, you're doing it wrong.

 

[Sheratan]

Zero. Yes. ZERO SPAM REGISTRATION. From March 9 - present. I like this!

 

[kortia]

How do you delete the already spammers awaiting approval? I have about 50000.

 

[kortia]

Sorry seems like 50,000 it is 850 that need to be deleted, not sure if that will bog it up or not.

 

[oman]

How do you delete the already spammers awaiting approval? I have about 50000.

http://xenforo.com/community/threads/how-to-mass-delete-users-awaiting-approval.35568/#post-404156

 

[bot]

i would like to suggest
captcha when starting making new thread after making X count of threads

 

[Biker]

First forum that made me answer a captcha AFTER I registered to make a thread would never, ever see me again.

 

[bot]

First forum that made me answer a captcha AFTER I registered to make a thread would never, ever see me again.

im super mod in some forum and and the forum has been spammed with over 700 topic

 

[Biker]

im super mod in some forum and and the forum has been spammed with over 700 topic

That's a registration issue. Making members go through captcha again after registration will do nothing more than cause your membership to flee in a fit of rage.