• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.4 bot invasion

Joe.

Active member
#1
They are registering constantly. Even with strict settings on User Registration.

How do I keep them out?

They are bot-bot's, not humans. Getting a few per minute on a couple occasions.
 

Mike

XenForo developer
Staff member
#4
Are you absolutely positive they're bots and not humans? There are certainly plenty of cases where they appear to be bots at first glance (based on the content they post), but further investigation shows that they're pretty clearly human based on their activity and some browser details. You'll find they are almost always in countries like India and Pakistan or using a VPN service.
 

Joe.

Active member
#6
Are you absolutely positive they're bots and not humans? There are certainly plenty of cases where they appear to be bots at first glance (based on the content they post), but further investigation shows that they're pretty clearly human based on their activity and some browser details. You'll find they are almost always in countries like India and Pakistan or using a VPN service.
They're too quick to be humans and I got about 100 in the last few hours alone.

I thought they might have been coming from tapatalk but I unstalled it, removed files from the server and they're still coming.
 

Brogan

XenForo moderator
Staff member
#9
No, only one at a time.

No captcha is human proof but with Q&A, it at least makes them spend time finding the answer if it's about your forum niche.
 

Joe.

Active member
#11
No, only one at a time.

No captcha is human proof but with Q&A, it at least makes them spend time finding the answer if it's about your forum niche.
Hmm, why not have the ability to have both enabled at the same time?

I'll try using that Q&A instead though. I'll update later on & let you guys know if it was effective. :)
 

Mike

XenForo developer
Staff member
#12
I'd say KeyCaptcha may be good -- I haven't heard of bots breaking it, but that may just be because of a lack of focus on it.

Can you look up the IPs of the spammers? Do you have raw access log access? (To see if that gives any further info.)
 

Joe.

Active member
#13
Well, a more complex Q&A seems to have helped a little bit.

I'd still like the ability to have both a image captcha and a Q&A captcha functioning at the same time on the registration screen. Seems odd for that not to be an option.