Anyone else being hit with more than the usual spam today?

Spammers got past my Q&A. I couldn't believe it. I thought my questions would be too hard for bots. I need to change them now. :cautious:
We definitely need an effective tool to catch spam. Most of these spam posts have the same keywords/links. A cloud based forum spam fighting solution might be a good idea or does it already exist?
 
jeffinj said:
Spammers got past my Q&A. I couldn't believe it. I thought my questions would be too hard for bots. I need to change them now. :cautious:
We definitely need an effective tool to catch spam. Most of these spam posts have the same keywords/links. A cloud based forum spam fighting solution might be a good idea or does it already exist?
Click to expand...
Likewise. I've had my Q&A questions the same for the past 2+ years and never had a bot register, only human spammers. Makes me wonder if these truly were bots.

For example one of my questions was:
'What color are Suzuki dirt bikes?'
 
This is flat out appalling. I think if you need this terrible program to promote your own site at the expensive of possibly damaging other sites, then you do not deserve to be a webmaster/site owner/.

I have still yet to see a spam bot get through XenUtilities/KeyCaptha/our inhouse stuff but the amount of denied registrations is just flat out ridiculous, Just yesterday we have again blocked thousnds of spambots and I know if they got in the damage would bring us down for a good long while, so we could clean the boards etc.
 
jeffinj said:
Spammers got past my Q&A. I couldn't believe it. I thought my questions would be too hard for bots. I need to change them now. :cautious:
Click to expand...

They only need to be answered by a human once, if that human then logs the question & response in Xrumer's database.

I'd suggest you try KeyCAPTCHA. You can always revert to challenge questions, but so far I have not heard of KeyCAPTCHA failing.

DBA said:
Likewise. I've had my Q&A questions the same for the past 2+ years and never had a bot register, only human spammers. Makes me wonder if these truly were bots.

For example one of my questions was:
'What color are Suzuki dirt bikes?'
Click to expand...

Depends on the frequency. When I got one per day or week, I figured they were humans. When I started getting as many as 5 per hour in a single forum, with posts all formatted the same way including worthless HTML links in the title & 10 poll items (Xrumer reportedly likes to fill in every form field it finds :D), I knew they were bots.

I knew something was afoot & figured it was time to check here, where I noted reports of an updated Xrumer (which seems to be updated more of than XF these days ... never mind ;)).
 
I actually just got an email from a spammer, I found it pretty funny:

Hi,

I am the WWSM Webmaster with http://www.worldwideshoppingmall.co.uk/. I wanted to thank you for linking to our site from http://www.adminforums.org/members/pbmargiewacn.1022. However, it has come to our attention that this link may have been acquired against Google's Webmaster Guidelines. It is important for us to bring our site into compliance. Could you please remove our link from this page and any other page on your site?

Thank You,

the WWSM Webmaster
Click to expand...

I just wrapped an if statement around the homepage fields so they are not visable for guests, it's a shame that some people ruin it for the rest.
 
I wonder if a good Q&A system could be dynamic. The example I have in mind is something looking like :
"Please enter the following number: 4242"
where 4242 is a random number generated (with javascript or server-side) on page load, and included in a hidden form field in order to send it back on submit via POST and compare it to user input.

This example has flaws, but its purpose is to demonstrate the idea. You could also imagine pre-filling a text field instead of printing the number directly in the question, thus possibly confusing bots a bit more.
 
I just tried enabling Akismet on several of my vB 3.8.x forums which have been getting hit hard and it has actually done a great job so far of identifying spam posts.

I tried this functionality when it first became available several years ago and found it to be unreliable, but they seem to have tuned it somewhat, since it is working well for me now.

I believe someone has written a XenForo plugin for Akismet, but I haven't tried it yet, so I can't comment on performance there.
 
ARGH. This is so infuriating. I have to clean out spam registrations every few days... but now I have 6+ pages to go through. And they ALL have different IP addresses.
 
brendanc said:
Aye, I ended up writing a custom script to mark an ID range as moderated and then deleted them via the "users awaiting approval" page in the Admin backend.

I also implemented CustomImgCaptcha, so we'll see if that works.
Click to expand...

Just save yourself some pain. Just install it. Tie into StopForumSpam. Watch the spam go down :p
 
C
Sim said:
I use Mandrill for all outbound email from my forums and for auto-disabling any accounts which have email bouncing back as undeliverable.

In the past few days I've seen a dramatic upswing in the number of undeliverable emails from registration - which to me indicates registration bots, rather than humans (humans typically use legitimate email addresses).

View attachment 37027

The above stats show delivered vs bounced emails over the past 14 days - notice the orange line (bounced emails) spiking today?

I usually monitor my deliverability percentage over the past 7 days and this particular forum typically hovers around the 94-95% mark (lower than my other forums, but still acceptable). It recently dropped to below 30%, which means that more than 2 out of every 3 emails being sent by the forum are to email addresses which are invalid.

Looking at the actual addresses - most of them are made-up gmail addresses. So I'm hoping that this is some kind of bot that Google have been able to block from their end and disabled the email addresses it created.

Either way, I've seen a dramatic up-tick in the volume of spam on most of my forums, including my vBulletin forums.
Click to expand...

Can you describe how this works? They seem to offer also a free version if you habe less than 12.000 emails per month. I would be interested in this not because of spamming issues, but for better handling bounced emails for xenforo...
 
snoopy5 said:
Can you describe how this works? They seem to offer also a free version if you habe less than 12.000 emails per month. I would be interested in this not because of spamming issues, but for better handling bounced emails for xenforo...
Click to expand...

You can set your outbound email to use the Mandrill SMTP servers, which tracks all emails sent from your forum - which is useful for diagnosing problems and tracking down missing emails that people said they never received.

There is also the ability to run a webhook any time a message bounces back as undeliverable. I have the webhook run a routine on my server which puts the user into a "Bad Email" usergroup. This disables all future email sending (sending the same failing email over and over destroys your deliverability reputation!) and alerts the user to a problem with their account.

I don't have a version that runs on XenForo yet - but it's running smoothly on my vB 3.8.x forums now. I'll be tackling my first major migration later this year, at which point I'll need to re-write this integration to work with XF.
 
jeffinj said:
Spammers got past my Q&A. I couldn't believe it. I thought my questions would be too hard for bots. I need to change them now. :cautious:
We definitely need an effective tool to catch spam. Most of these spam posts have the same keywords/links. A cloud based forum spam fighting solution might be a good idea or does it already exist?
Click to expand...

For Xrumer, there is no such thing as a QA that is too hard, each posting cycle they can look at the QA's that failed and manual add the answer to the textcaptcha.txt (which can then be shared with all Xrumer users). They recently held a competition to answer lots of QAs, see here:

http://xenforo.com/community/thread...-than-the-usual-spam-today.40965/#post-443697

and here:

http://xenforo.com/community/threads/why-are-there-so-many-spams-here.40295/page-2#post-439151
 
ManOnDaMoon said:
I wonder if a good Q&A system could be dynamic. The example I have in mind is something looking like :
"Please enter the following number: 4242"
where 4242 is a random number generated (with javascript or server-side) on page load, and included in a hidden form field in order to send it back on submit via POST and compare it to user input.

This example has flaws, but its purpose is to demonstrate the idea. You could also imagine pre-filling a text field instead of printing the number directly in the question, thus possibly confusing bots a bit more.
Click to expand...

Any bot can read numbers...so I think this idea won´t work. That´s why many bots read on q&a systems "which color red" and they just try to answer red. Many times they have success
 

Similar threads

TimWilson
  • Question Question
XF 2.2 Restricting thread-starting permission in one forum only
Replies
7
Views
550
TimWilson
TimWilson
A
Extremely annoying member
2 3
Replies
58
Views
4K
Suzanne O
Suzanne O
Vercingetorix
Activity Summary emails are the digital equivalent of junk mail.
Replies
3
Views
1K
Vercingetorix
Vercingetorix
mattrogowski
Confusing app_api_validate_request event behaviour
Replies
0
Views
343
mattrogowski
mattrogowski
M
  • Question Question
XF 2.2 Disable automatic link shortening with ellipsis/periods/dots? URLs displayed with dots will be broken when copy-pasted.
Replies
0
Views
469
MaximilianKohler
M
Top Bottom