Can't keep out spammer "Maria#####"

tourmeister

tourmeister

Active member
So lately we are constantly getting spammers that are some how getting into the forum without their accounts being approved by an admin. We are set up so that all new accounts must be manually vetted by an admin. I only have three other admins with approval powers and they are well known to me personally, so I am confident they aren't letting anyone through. These are not accidental either as the username is always "Maria#####", where the ###### is just some random numbers. Also, their email addresses are always extremely obvious as spammers. I have created questions that have to be answered before an account gets approved. Yet, somehow the spammers seem to be able to bypass all of this.

I used to have the Facebook Connected account active but I disabled that and these spammers are still getting in somehow. All the admins have changed their passwords. I don't see any new admin accounts that might have been created by a hack of some kind.

Is anyone else having this issue? What can I check or do?
 
I have pretty much all of the spam management features enabled in XF, but also use Ozz's Spaminator addon.

Before I was using Spaminator, learned that there were quite a few automated profiles created months before, but hadn't posted anything. We started noticing them when we marked a post as spam, and used XF's features to check if other profiles matched in any way. found three groups of profiles, with ten users each, that hadn't posted at all. One day a spammer logged in with all ten of their previously-created profiles, at the same time, but hadn't posted anything - I just happened to be online at the same time and noticed.

After cleaning them up, I started "managing" profiles with zero posts/media.
 
motowebmaster said:
I have pretty much all of the spam management features enabled in XF, but also use Ozz's Spaminator addon.

Before I was using Spaminator, learned that there were quite a few automated profiles created months before, but hadn't posted anything. We started noticing them when we marked a post as spam, and used XF's features to check if other profiles matched in any way. found three groups of profiles, with ten users each, that hadn't posted at all. One day a spammer logged in with all ten of their previously-created profiles, at the same time, but hadn't posted anything - I just happened to be online at the same time and noticed.

After cleaning them up, I started "managing" profiles with zero posts/media.
Click to expand...
The login spaminator stops automated logins from legacy spambot accounts, just as an aside.
 
You must log in or register to reply here.

Similar threads

C
XF 2.1 Can't figure out why my xf:css tag is not being honored
Replies
1
Views
377
cmpe
C
B
  • Question Question
XF 2.2 New to XenForo, a couple issues that I can't figure out
Replies
4
Views
824
Matthew S
Matthew S
Godzilla
  • Question Question
Keep login out
Replies
3
Views
805
Chris D
Chris D
Shane Greer
  • Question Question
XF 1.5 Keep Getting Logged Out
Replies
9
Views
4K
dtrumbower
dtrumbower
Z
  • Question Question
XF 1.5 Spam Patterns Figured Out
2
Replies
22
Views
3K
craigiri
craigiri
Back
Top Bottom