1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.4 Anti-spam Improvements

Discussion in 'Have You Seen...?' started by Mike, Jul 23, 2014.

  1. Mike

    Mike XenForo Developer Staff Member

    As with many of our previous releases, XenForo 1.4 is adding more options to help prevent spam from being posted on your forum. Our focus here is mostly directed towards preventing automated bot registrations.

    Additional CAPTCHA Types
    Out of the box, we now support a number of additional CAPTCHA providers:

    Text CAPTCHA -- this is a service that provides Q&A style CAPTCHAs like "Which of 47, sixty two, 18 or 59 is the smallest?". Essentially, this isn't really different from the built-in Q&A CAPTCHA system, except this system has a large number of questions built already -- over 180 million. Q&As are potentially easier to solve for humans and have fewer accessibility issues, but the trade off is that they can possibly be machine read and analyzed (if targeted). Nonetheless, this gives another option in the fight against spam.

    Solve Media -- Solve Media offers standard image-based CAPTCHAs at varying difficult levels:

    ss-2014-07-23_14-19-12.png ss-2014-07-23_14-19-29.png
    They also offers revenue generation options through your CAPTCHA if that's something you're interested in. You can have a look at more of their CAPTCHAs on their demo page.

    KeyCAPTCHA -- KeyCAPTCHA uses a puzzle-solving approach to implement a CAPTCHA. When I say a puzzle, I mean that literally:
    KeyCAPTCHA has a few different offerings and variations on this theme which you can enable on their site.

    All of these new options require you to obtain API keys from the service, so they will need to be explicitly enabled.

    IP Checks Against Banned Users
    If a user registers with an IP address that was used by a banned user recently, you now have the option to manually approve that registration.
    While this option can catch people re-registering after a ban, it is mostly targeted at spammers. It is not uncommon to see a spammer use the same IP to register multiple times. If they have already registered before you clean their spam, the spam cleaner's IP check can detect the other accounts. This approach can catch those additional accounts right as they register.

    Registration Form Modifications
    No images for this part as nothing should be visually different! :)

    The registration form now includes several approaches to interfere with bot registrations, including:
    • Invisible honeypot fields that legitimate users won't see but that bots will (usually) see and fill in. If a value is entered, we know the user is a bot.
    • The honeypot fields are also inserted randomly in multiple places, which can cause the valid fields to be in different positions (internally; visually they are the same). This can interfere with some bot implementations.
    • Field name randomization. Each time the form is viewed, the name of the fields that are submitted to the server varies and thus cannot be predicted by a bot.
    Combined, these features will hopefully help prevent bot registrations.

    I should note that the best option can be to make your registration form unique. Spam software gets quite a bit of benefit by targeting XenForo as a software: if they're successful, they have something that works on many sites. As such, bot mitigations that we implement in the core become worth defeating for both authors. However, if you make customizations to your site, bots need to be adapted specifically to meet your site's requirements and this isn't necessarily worthwhile for a bot author.

    The exact form of these customizations could vary (possibly a custom field with specific requirements or maybe an anti-spam add-on), but the key is to invalidate the assumptions/validity checks of the bots.

    Until next time...

    Just a reminder: Please do not post suggestions in this thread (even if you feel they are related). Use the dedicated suggestion forum so they can be tracked.
  2. RoldanLT

    RoldanLT Well-Known Member

    Thanks a lot Mike!
    Another great improvement (y)

    Since XF 1.0 I really don't rely on 3rd party spam addon :cool:
  3. Magic

    Magic Active Member

    One word.

    Recep Baltaş likes this.
  4. mjda

    mjda Active Member

    This is great! While I don't get too many spam bots as it is, it's good to know you guys are constantly looking to improve that part of the software.
  5. Claudio

    Claudio Well-Known Member

    I can't believe the level of each improvement. XenForo is a really great software and all thanks to Mike and Kier!
  6. Alteredd

    Alteredd Member

    I've been using the KeyCAPTCHA addon and haven't received a single spam account, glad to see this included.
    Anthony Parsons likes this.
  7. Liam W

    Liam W Well-Known Member

    Excellent additions :)
  8. Chris D

    Chris D XenForo Developer Staff Member


    Well done :)
  9. FredC

    FredC Well-Known Member

  10. BamBam

    BamBam Active Member

    Keycaptcha Support, UHH MYY GOOOD. Very nice!!! Hopefully the PW Recovery + Contact is also covered by this.
    dieketzer likes this.
  11. Chris D

    Chris D XenForo Developer Staff Member

    I'm certain it will.

    Anywhere the CAPTCHA currently appears should display the CAPTCHA you have configured. Guest posts, lost password, contact form, etc.
    BamBam likes this.
  12. Mike

    Mike XenForo Developer Staff Member

    Yes, all of the CAPTCHAs support all locations and any necessary Ajax-based refreshing.
    Dinosaur, Veer, Recep Baltaş and 4 others like this.
  13. IcEWoLF

    IcEWoLF Well-Known Member

    Xenforo is becoming more and more complete by each release! Thank you @Mike @Kier for your hard work!
    Also the staff too!
  14. nodle

    nodle Well-Known Member

    1.4 is getting everything I ever wanted in the original Xenforo. It's really gonna be a complete core package now. So excited!:D
  15. lantek

    lantek Active Member

    Very nice work guys.
  16. Chris D

    Chris D XenForo Developer Staff Member

    It's nice to see people finally accepting that XenForo is no longer lagging behind and is more "complete".

    I think it's fair to say that XenForo 1.0 was a relatively small release compared to some of the existing software available at the time. By which, I mean, I am comparing the forum software like-for-like and not including things like Blogs, Galleries and Content systems.

    The momentum XenForo has seen since version 1.2 is outstanding. Congratulations XenForo. You're doing it right :)
    Mouth, Dinosaur, yessir and 8 others like this.
  17. Pereira

    Pereira Well-Known Member

    This seems pretty cool. Over time, won't bots be able to work out a pattern or is it very difficult to do?

    Is it possible to enable both the Q&A and one of the other CAPTCHA simultaneously?
  18. DBA

    DBA Well-Known Member

    How does the KeyCAPTCHA work on a mobile device?
  19. Hoffi

    Hoffi Well-Known Member

  20. Chris D

    Chris D XenForo Developer Staff Member


    It works
    yessir, Hoffi and BamBam like this.

Share This Page