• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

bot/ spam

Status
Not open for further replies.
B

bogus

Guest
#2
Same here. Since a week i have spam like never before... All started after i tried to include an Layer Ad

I have activated Captcha since the first Days. Also added AntiSpam via xenutils.

Better, but still not solved...
 

Bram

Well-known member
#4
Under massive attack at the moment. Literally thousands of posts i have spamcleaned in the last hour.

Why isnt there a sticky on Xenforo about this by CAM as a lot of other sites have been hit as well.

What to do?
 

Divvens

Well-known member
#8
Under massive attack at the moment. Literally thousands of posts i have spamcleaned in the last hour.

Why isnt there a sticky on Xenforo about this by CAM as a lot of other sites have been hit as well.

What to do?
First of all, it's KAM

Secondly, they aren't responsible for bots/spam on your board. You as an administrator are held responsible for any such things on your site, XenForo has already given you tools to fight spam, you only need to use them efficiently. Spammers are a pain in the neck for everyone, may it be Xenforo communities, or Vbulletin communities or IPB communities (or for that case, any forum community). We are all united in the fight against spam.

To help your board be spam free, here are my suggestions (which has helped keep spam out of my site for the last 3 days since the whole thing escalated out of hands).

1. Install the free add-on XenUtiles which can be found here - http://xenforo.com/community/resources/8wayrun-com-xenutiles-tools.104/
It allows you to set up StopForumSpam and 2 other databases which block known spam bots from registering on your site, there is also a log that is visible to you when bots/known spammers are stopped at registration.

2. If you are using ReCaptcha, stop using it. Switch to Q&A Captcha, that way you can ask a question that humans can answer but not bots, don't ask easy questions such as 2x2 = ?, ask questions related to your site's niche so that real registrations still are able to get through but spammers are stopped there itself.

There are chances that even with this method some bots get through, but its much less. Maybe 2 or 3 out of 100, which can be banned and deleted manually. These methods has saved me hours of work, since almost 500+ bots have been stopped on their track by XenUtiles alone.
I've had like 50 new registers this week...all bots :(

Whats up guys??
Please read what I posted above as a reply to Bram :)
 

Bram

Well-known member
#10
The captcha questions are bypassed completely it seems. Added a few good ones ysterday and 99% of todays registrations are bots :(
 

Cal

Well-known member
#12
First of all, it's KAM

Secondly, they aren't responsible for bots/spam on your board. You as an administrator are held responsible for any such things on your site, XenForo has already given you tools to fight spam, you only need to use them efficiently. S

I disagree. Xenforo has been cracked by bots. It was going to happen sooner or later. It is the responsibility of the developers to put a security patch up.

This is evidenced by all the webmasters on this forum alone having issues, some like myself who have been using Xenforo's given resources (and add ons) for over a year with no issues. Suddenly that's all changed.

It makes you wonder what else has been compromised. Is Xenforo hackable now as well???
 

Divvens

Well-known member
#14
I disagree. Xenforo has been cracked by bots. It was going to happen sooner or later. It is the responsibility of the developers to put a security patch up.

This is evidenced by all the webmasters on this forum alone having issues, some like myself who have been using Xenforo's given resources (and add ons) for over a year with no issues. Suddenly that's all changed.

It makes you wonder what else has been compromised. Is Xenforo hackable now as well???
Have you used any other forum software before? This has nothing to do with security, it's just spammers got a new software.

Vbulletin has the same problems, without using add-ons your site is more vulnerable to spam posts containing porn and advertisements. Xenforo already does a better job at keeping bots away than default VB as per my experience, this has nothing to do with developers needing to put a security patch up. Everyone fights spam, even sites like Facebook face spam problems, its a administrators responsibility to use the tools given to them effectively.

Just changing from just ReCaptcha to Q&A Captcha will stop most of the fake registrations on your site, unless the question you set up is too easy.
 

Steve F

Well-known member
#15
The captcha questions are bypassed completely it seems. Added a few good ones ysterday and 99% of todays registrations are bots :(
Try KeyCaptcha

https://www.keycaptcha.com/

Just tried it from my iPad also and it works, we installed it last night on our site. It's free and has a Xenforo plugin. If they are getting past your new Q & A's then most likely it's human spam, not much you can do besides run XenUtiles also with SFS and bot scout enabled.
 

Cal

Well-known member
#16
Have you used any other forum software before? This has nothing to do with security, it's just spammers got a new software.

Vbulletin has the same problems, without using add-ons your site is more vulnerable to spam posts containing porn and advertisements. Xenforo already does a better job at keeping bots away than default VB as per my experience, this has nothing to do with developers needing to put a security patch up. Everyone fights spam, even sites like Facebook face spam problems, its a administrators responsibility to use the tools given to them effectively.

Just changing from just ReCaptcha to Q&A Captcha will stop most of the fake registrations on your site, unless the question you set up is too easy.
I've used IPB, VB, SMF, PHPBB....yeah I've been doing forums for about 10 years :unsure:. Just saying what I think on the matter.
 

Slavik

XenForo moderator
Staff member
#17
I disagree. Xenforo has been cracked by bots. It was going to happen sooner or later. It is the responsibility of the developers to put a security patch up.

This is evidenced by all the webmasters on this forum alone having issues, some like myself who have been using Xenforo's given resources (and add ons) for over a year with no issues. Suddenly that's all changed.

It makes you wonder what else has been compromised. Is Xenforo hackable now as well???
Im going to be blunt.

What a load of tosh.

XenForo has been "mostly" bot free as Xrumer (the largest spamming bot program in the world) was not configured to a) scan for and b) complete registration from XenForo forums.

A few days back Xrumer pushed an update to target XenForo forums. Thats why the spam has suddenly come to so many people. Nothing more. Nothing less.

XenForo has not been compromised, it has not been hacked, there is nothing currently known as being "hackable" in the XenForo core.
 

Cal

Well-known member
#18
Noted, allow me to be blunt then

" nothing currently known " is a big wide spectrum of uncertainty and to be honest it really holds no value in any topic. Slavik you most be joking.

The fact is there is spam, it's widespread across all forums, and it's time to do something. Denial and bickering amongst ourselves wont work this time, sorry to bearer of bad news on that jazz.

Now, if you all are done harping on me, I believe there a current issue with spam bots for you to discuss....
 

Slavik

XenForo moderator
Staff member
#19
Noted, allow me to be blunt then

" nothing currently known " is a big wide spectrum of uncertainty and to be honest it really holds no value in any topic. Slavik you most be joking.

The fact is there is spam, it's widespread across all forums, and it's time to do something. Denial and bickering amongst ourselves wont work this time, sorry to bearer of bad news on that jazz.

Now, if you all are done harping on me, I believe there a current issue with spam bots for you to discuss....
Whats to be uncertain about.

To the best of my knowledge, the only 1 (one) exploit that XenForo in all the time since release has been a victim off relates to the SWF Uploader, and that was addressed here: http://xenforo.com/community/threads/xenforo-security-fix-for-1-0-0-1-1-2.32890/

Otherwise there is no currently known public exploit available in XenForo. Given the high quality of the product, the exceptional skillset of K+M, and the incredible skillset of the community, if there was an exploit in there... someone would have probably found it.

Until such time as an exploit is made known publicly, or privately via the ticket system, I will not allow people to make wild accusations, speculations or claims that XenForo has been "hacked".

There has been spam yes, however there are multiple 3rd party solutions already working. http://xenforo.com/community/resources/sonnb-stop-spam-here.845/
http://xenforo.com/community/resources/8wayrun-com-xenutiles-tools.104/
https://www.keycaptcha.com/captcha-for-cms/
Xenforos built in Q+A system.


Now if you want to discuss this reasonably and constructively I suggest you partake in this discussion. http://xenforo.com/community/threads/my-forums-getting-lots-of-spam.35195/
 
Status
Not open for further replies.