• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.1 1.1.4: Anti-Spam Improvements for Registration

MikeMpls

Well-known member
Now that 1.1.4 has been around for a while, is there anyone (1) who was flooded with spam last Aug. when Xrumer came out with their update to "support" :rolleyes: XenForo, and (2) who now has very little or no spam in the same forums using only the anti-spam measures in the vanilla 1.1.4 release? And if the answer is "very little", can you quantify that?

What finally checked the spammers for me in 1.1.2 & 1.1.3 was replacing ReCaptcha & challenge questions with KeyCaptcha, but I'm getting legitmate complaints (some from folks I already know) who can't get KeyCaptcha to work. KeyCaptcha is effective, but perhaps too effective.

I have three sites on 1.1.4, but they are all sites with low day-to-day activity. I did observe one apparent spammer try to register unsuccessfully on a newly created site over the weekend. So far I've had zero spam & zero spammers on the 1.1.4 sites, but they're not a fair evaluation.

I'm tempted to update everything to 1.1.4 & ditch KeyCaptcha this summer, but at 11 sites & counting I can't deal with any significant quantitiy of garbagenous registrations.
 
The blacklist that 1.1.4 can query includes Stopforumspam, which is very effective in my experience. The list is big and updated quickly from what I've seen over the years, and since it's blocking by IP in 1.1.4 it stops bots and human spammers. 1.1.4 also adds a registration timer which can be very effective against bots.

A good captcha will add an additional layer of protection against bots, and is needed in case the blacklist becomes temporarily unavailable. Human spammers that can solve your captcha and happen to have a clean IP can still get through, but they are a minority.

Whether you upgrade to 1.1.4 or not, adding a blacklist to your registration page is highly recommended.
 

MikeMpls

Well-known member
But that wasn't my question. I know what's in 1.1.4 -- I have three copies of it running.

And it does NOT include StopForumSpam. It does check a SpamHaus blocklist which is very similar.

I want to know how 1.1.4 is actually working for people who were previously hit be large amounts of spam who are running a vanilla copy of 1.1.4 with no other anti-spam addons.
 

MikeMpls

Well-known member
And the spammers have found the new forum. :( But they are not registering! :)

In forums that discuss social issues, I get a lot of valuable posts from "guests" (non-registered users). On a 1.1.3 board dealing w/ perverted teachers & sexual abuse, I haven't had any spam (registered user or guest post) for ages. That forum is protected by StopForumSpam & others through the XenUtiles & Deny Country addons, plus KeyCaptcha.

On the new 1.1.4 board (Bakersfield beatdown) I'm getting lots of spam from guest users. I'd suggest adding an option for guest posting to check the DNSBL as well as using Captcha.

My hunch (don't have enough usage to h usage to say for sure yet) is that either DNSBL or KeyCaptcha would block most guest spam.
 

MikeMpls

Well-known member
The spam posts have increased to 20+ a day, which I have to delete twice: Once when I moderate them (soft delete) and again when I read the real posts in the threads (hard delete).

I'm encouraged that no real spammers have actually registered in the my 1.1.4 boards, but I won't be updating any more to 1.1.4 that need to allow guest posting. I simply don't like to spend my time on this stuff.
 

MikeMpls

Well-known member
Scratch that part about no real spammers registering ...

For those who claim they've had no spam relying on 1.1.4's spam checks, have you been inspecting newly registered users for profile spam?

Since I created my latest forum on May 10, it's had just over 4.3K pageviews according to Google Analytics but I've already deleted two instances of registration spam & reported them to StopForumSpam. That's one instance of registration spam per 2,163 pageviews or per 363 unique visitors. That's on top of the 20+ instances of guest spam daily.

Both registration spams occurred over this weekend, i.e. they finally found me. :eek:

There's no denying that this is a LOT better than what we experienced with unprotected forums last August, but there's still a problem.
 

oman

Well-known member
Scratch that part about no real spammers registering ...

For those who claim they've had no spam relying on 1.1.4's spam checks, have you been inspecting newly registered users for profile spam?

Since I created my latest forum on May 10, it's had just over 4.3K pageviews according to Google Analytics but I've already deleted two instances of registration spam & reported them to StopForumSpam. That's one instance of registration spam per 2,163 pageviews or per 363 unique visitors. That's on top of the 20+ instances of guest spam daily.

Both registration spams occurred over this weekend, i.e. they finally found me. :eek:

There's no denying that this is a LOT better than what we experienced with unprotected forums last August, but there's still a problem.
What CAPTCHA do you use?
 

jdeg

Active member
Please ad Bad Behavior as well, so that bots are blocked based upon user agent, IP and combinations. I'm pretty sure that Michael would be open to the idea of expanding to XF: http://bad-behavior.ioerror.us/
Contact him.

Will XenForo sites report spammers back to the blacklists? It's very beneficial if there is spammer information feedback, so XenForo spammers are quickly blocked accross the board.
+1 for Bad Behavior - it does wonders for one of my vb sites.