Any ideas how I can solve my new user problem?

RichardGaspa

Active member
I have been bombarded in the last week by new user registrations. The new user registration information entered are all American names and cities and states in the United States for the location but always different.

About 90% of the new users (with an IP address in Russia and the Ukraine), after confirming email address and granted a full account, starts an Anti-American, anti-American-military content thread. Many times there are hidden links in the thread. I clicked a couple to see where it took me and all I found was an empty page. I could not see where it was attempted spam by the user trying to sell anything, just an empty page.

All the new users were using different IP address. However, a check revealed all the ip's were from Russia and the Ukraine. Now I found a user that was granted administrator access and not be me. I always delete the user and ban the IP address after reading the anti-American related posted threads. I have all guests posting moderated. I have had no less then thirteen new users with a Russian and/or Ukraine IP in the last couple of days.

Is there an addon or a way in Xenforo that I can ban an entire country? (Russia and the Ukraine) I am spending more and more time deleting users and threads now than I do trying to create more related site content.
 
UPDATE: I am still getting bombarded by these spammers from Russia and the Ukraine, even with installing the above recommended addon. I really hate to turn off guest posting as I get a good share of replies from guest. But, it's looks like I am going to have to do it. Any ideas on allowing guest posting unless they are from a Russia or Ukraine IP?
 
Not sure if this is related to the Russian spam, but it's an interesting (and long) read:

http://www.nytimes.com/2015/06/07/m...n-region&region=top-news&WT.nav=top-news&_r=0
This is what I thought of, too.

Here's two more articles on Putin's professional trolls:
http://www.theguardian.com/world/2015/apr/02/putin-kremlin-inside-russian-troll-house
http://www.rferl.org/content/how-to-guide-russian-trolling-trolls/26919999.html

Trolls always suck, but I find this type of troll particularly repugnant.

It appears that Putin's Kremlin has decided to attempt to achieve its mission by systematically spreading lies and deceit (read the links, plus one that Rudy provided above). It seems clear that if a government decides that the best way for it to stay in power is through propaganda and lies, then that government has no integrity.

I was actually thinking of starting a thread about the recent news reports regarding the Russian "troll factory." I'm proud of the independence of my forum, and the idea of a foreign government attempting to control that just doesn't seem right. Everybody deserves a space where they can chat about mutual interests without harassment.

In terms of specific tools, I use TPU's Detect and Block Spam Registrations tool and find it very helpful for gathering information:
https://xenforo.com/community/resources/tpu-detect-and-block-spam-registrations.2973/
Pay attention to the ASNs in the Spam Trigger Log. Chances are, all of the trolls will come from a relatively small number of ASNs because chances are they will only use the same ISP or the same collection of ISPs. My understanding is that ASNs are often country specific, so if you block an ASN in your firewall, not only will you only be blocking in a single country (such as Russia or Ukraine), you will only be blocking a subset of visitors from that country. In addition, if they use a US-based proxy, you can also use ASN based blocking to block them as well. Once you do this, your site will become completely inaccessible to the trolls. I do this with Pakistani spammers and it works wonders.

I found the following site helpful when interpreting the ASNs from TPU's addon:
http://www.tcpiputils.com/browse/as
Likewise, of course:
http://en.wikipedia.org/wiki/Autonomous_system_(Internet)

If you use Apache, another tool you might want to investigate is mod_geoip2 for blocking certain countries. Here's a simple tutorial:
http://www.linux-dev.org/2012/09/playing-with-apache-mod_geoip/
My inclination would be to use the firewall first, though.
 
Last edited:
I guess that the reason why I feel strongly about this is that I had made an account on @RichardGaspa 's forum a little while back just to check the forum out. It appears that my account was hacked and used to post trollish propaganda in one of the threads. Here's the post:
http://veteransbriefing.com/threads/936/#post-2536

WTF.

To be clear, I did not make that post. I haven't made any posts on that site, but that is my account.

I promptly changed the password to a more secure one and notified Richard. He responded that he was having quite a bit of other problems that could easily be associated with Putin's professional trolls. I won't go into the details, as it's not my information to share, but I ended up believing that he is most likely the victim on state-sponsored trolling.

The wording chosen by the troll, seems designed to undermine the morale and dignity of my country in a way that one of Putin's professional trolls might appreciate. As is often the case, the fly-by troll didn't read the original article well enough to figure out that the OP was satire.

While people from many countries use XenForo and while I respect that different people will have different feelings about different countries, I hope we can all agree that state-sponsored trolling is wrong (if indeed that is what happened). Having only been a forum admin for 7 years now, I'm already quite proud of the small independent sites that forums are part of. I hate the idea of a corrupt government trying to kick them around.

I've never had any problems at any other sites and I almost never visit Richard's site, so it's not like I'm giving an attacker a large "attack surface" on that site. Rather, I think that his site was targeted because it serves US veterans.

Edit: In fairness, a wide variety of countries may do state sponsored trolling. Here's an article:
http://www.theguardian.com/world/2015/apr/02/russia-troll-factory-kremlin-cyber-army-comparisons
I hope we can agree that whoever does it, it sucks. Let's try to keep the topic on state-sponsored trolling rather than on specific countries.
 
Last edited:
@ForestForTrees Thanks for your email and heads up on the possibility of someone hacking your account. I am afraid I would have to agree with you on this point. I do believe it was hacked. Thank you for immediately changing your password.

For the past couple of weeks, I have been bombarded by new user registrations. The new user registration information entered are all American names, and the cities and states are all in the United States. (location information entered in new user registration)

A large number of the new users have an IP address in Russia and the Ukraine even though the registration information is American. Name, city, state, etc.

After confirming email address and granted a full account, these new users start Anti-American, anti-American-military content thread. Many times there are hidden links in the thread. I clicked a couple to see where it took me and all I found was an empty page. I could not see where it was attempted spam by the user trying to sell anything, just an empty page. No one has ever tried selling any items.

All the new users were using a different IP address. However, a check revealed all the IP's were from Russia and the Ukraine. Now I found a user that was granted administrator access and not be me. I always delete the user and ban the IP address after reading the anti-American related posted threads. I have all guests posting moderated. I have had no less than thirteen new users with a Russian and Ukraine IP in the last couple of days.

I have notified XenForo admin about this as well as started a new thread on XenForo so other admins could be aware of my problem. I also asked if there was an addon so that I could restrict new users from both Russia and the Ukraine.

I am a member of other American active military and American-Veteran sites (non-XenForo) and was told that some of the other subject related sites are having the same problem.
 
Top Bottom