Discussion in 'General XenForo Discussion and Feedback' started by Frankie, Aug 20, 2012.
Hi now my forum have so much spam/ bot. can anyone tell me how to stop it. thank you
Same here. Since a week i have spam like never before... All started after i tried to include an Layer Ad
I have activated Captcha since the first Days. Also added AntiSpam via xenutils.
Better, but still not solved...
There is a popular spam program that recently added Xenforo.
This thread helps:
The two things to try first are:
(1) add a Question and Answer Captcha (Admin > Tools > Question and Answer)
(2) Download the addon XenUtiles (free).
Under massive attack at the moment. Literally thousands of posts i have spamcleaned in the last hour.
Why isnt there a sticky on Xenforo about this by CAM as a lot of other sites have been hit as well.
What to do?
Glad to see it's not just me. Xenutils + the blacklists seems to have helped significantly.
I've had like 50 new registers this week...all bots
Whats up guys??
seems bot from anywhere in the world? right???
First of all, it's KAM
Secondly, they aren't responsible for bots/spam on your board. You as an administrator are held responsible for any such things on your site, XenForo has already given you tools to fight spam, you only need to use them efficiently. Spammers are a pain in the neck for everyone, may it be Xenforo communities, or Vbulletin communities or IPB communities (or for that case, any forum community). We are all united in the fight against spam.
To help your board be spam free, here are my suggestions (which has helped keep spam out of my site for the last 3 days since the whole thing escalated out of hands).
1. Install the free add-on XenUtiles which can be found here - http://xenforo.com/community/resources/8wayrun-com-xenutiles-tools.104/
It allows you to set up StopForumSpam and 2 other databases which block known spam bots from registering on your site, there is also a log that is visible to you when bots/known spammers are stopped at registration.
2. If you are using ReCaptcha, stop using it. Switch to Q&A Captcha, that way you can ask a question that humans can answer but not bots, don't ask easy questions such as 2x2 = ?, ask questions related to your site's niche so that real registrations still are able to get through but spammers are stopped there itself.
There are chances that even with this method some bots get through, but its much less. Maybe 2 or 3 out of 100, which can be banned and deleted manually. These methods has saved me hours of work, since almost 500+ bots have been stopped on their track by XenUtiles alone.
Please read what I posted above as a reply to Bram
You should have a look on this addon: http://xenforo.com/community/resources/sonnb-stop-spam-here.845/
You would let you able to:
- Check registration process: Using Stop Forum Spam db and hidden field.
- Check Posting process:
Use Akismet DB
With various options you would have bigger arm to catch almost the spammers.
The captcha questions are bypassed completely it seems. Added a few good ones ysterday and 99% of todays registrations are bots
What are you asking?
I disagree. Xenforo has been cracked by bots. It was going to happen sooner or later. It is the responsibility of the developers to put a security patch up.
This is evidenced by all the webmasters on this forum alone having issues, some like myself who have been using Xenforo's given resources (and add ons) for over a year with no issues. Suddenly that's all changed.
It makes you wonder what else has been compromised. Is Xenforo hackable now as well???
same here....in my country almost sites use Xenforo be spammed...we are locking IP from anywhere in the world
Have you used any other forum software before? This has nothing to do with security, it's just spammers got a new software.
Vbulletin has the same problems, without using add-ons your site is more vulnerable to spam posts containing porn and advertisements. Xenforo already does a better job at keeping bots away than default VB as per my experience, this has nothing to do with developers needing to put a security patch up. Everyone fights spam, even sites like Facebook face spam problems, its a administrators responsibility to use the tools given to them effectively.
Just changing from just ReCaptcha to Q&A Captcha will stop most of the fake registrations on your site, unless the question you set up is too easy.
Just tried it from my iPad also and it works, we installed it last night on our site. It's free and has a Xenforo plugin. If they are getting past your new Q & A's then most likely it's human spam, not much you can do besides run XenUtiles also with SFS and bot scout enabled.
I've used IPB, VB, SMF, PHPBB....yeah I've been doing forums for about 10 years . Just saying what I think on the matter.
Im going to be blunt.
What a load of tosh.
XenForo has been "mostly" bot free as Xrumer (the largest spamming bot program in the world) was not configured to a) scan for and b) complete registration from XenForo forums.
A few days back Xrumer pushed an update to target XenForo forums. Thats why the spam has suddenly come to so many people. Nothing more. Nothing less.
XenForo has not been compromised, it has not been hacked, there is nothing currently known as being "hackable" in the XenForo core.
Noted, allow me to be blunt then
" nothing currently known " is a big wide spectrum of uncertainty and to be honest it really holds no value in any topic. Slavik you most be joking.
The fact is there is spam, it's widespread across all forums, and it's time to do something. Denial and bickering amongst ourselves wont work this time, sorry to bearer of bad news on that jazz.
Now, if you all are done harping on me, I believe there a current issue with spam bots for you to discuss....
Whats to be uncertain about.
To the best of my knowledge, the only 1 (one) exploit that XenForo in all the time since release has been a victim off relates to the SWF Uploader, and that was addressed here: http://xenforo.com/community/threads/xenforo-security-fix-for-1-0-0-1-1-2.32890/
Otherwise there is no currently known public exploit available in XenForo. Given the high quality of the product, the exceptional skillset of K+M, and the incredible skillset of the community, if there was an exploit in there... someone would have probably found it.
Until such time as an exploit is made known publicly, or privately via the ticket system, I will not allow people to make wild accusations, speculations or claims that XenForo has been "hacked".
There has been spam yes, however there are multiple 3rd party solutions already working. http://xenforo.com/community/resources/sonnb-stop-spam-here.845/
Xenforos built in Q+A system.
Now if you want to discuss this reasonably and constructively I suggest you partake in this discussion. http://xenforo.com/community/threads/my-forums-getting-lots-of-spam.35195/
Separate names with a comma.