XF 2.2 Forum Spam From Old Accounts (300+ Accounts So Far)

2FastRacing

2FastRacing

Member
Hello, After trying to fight this battle I am finally reaching out for help. My community has been spam free, and by that I mean ZERO since 2021 when it was started but for some reason on May 03 2024 it was like a lightswitch turned on and I had hundreds of accounts that seem as if they we're compromised posting new threads and replies to EVERY node/thread on my forum. I want to be clear that These are not accounts that just registered to post spam, these are accounts registered from 2021 and so on. A few of the spam accounts are premium forum accounts that have made purchases on the forum.
I have hours invested into banning these accounts and deleting posts but it seems to never stop coming and have tried many different methods to try and slow it down but it's very difficult because they are old accounts doing it, not new accounts.
If there is any solution out there then please feel free to let me know. I will list below what spam prevention addons I already run.

Thanks in advance.

Addons:
  • [OzzModz] Security Lock Old Accounts
  • Signup abuse detection and blocking
 
Sort by date Sort by votes
It is due to a data leak and reused passwords.

You just have to manually clean the spam posts and send a password reset.

S

XF 2.2 Thread 'Old users are becoming SPAM everyday !'

Hello

Recently I upgraded our forum from 2.2.8 to latest version and I noticed that many old users are becoming SPAM everyday (5 to 10 old memberships are stolen everyday and posting spam threads). I can't see any relation between the upgrade and the issue, however, this is what happened. Is it a coincidence? Is this a new method of SPAM attacking to steal the users accounts instead of new registration? I mean I am moderating this forum since 2006, moved to Xenforo since 2015 and I didn't face something similar.

Currently I am trying to control the SPAM posts by banning many valuable...
 
Upvote 0 Downvote
Lots of threads recently .


have you read this

S

XF 2.2 Thread 'Old users are becoming SPAM everyday !'

Hello

Recently I upgraded our forum from 2.2.8 to latest version and I noticed that many old users are becoming SPAM everyday (5 to 10 old memberships are stolen everyday and posting spam threads). I can't see any relation between the upgrade and the issue, however, this is what happened. Is it a coincidence? Is this a new method of SPAM attacking to steal the users accounts instead of new registration? I mean I am moderating this forum since 2006, moved to Xenforo since 2015 and I didn't face something similar.

Currently I am trying to control the SPAM posts by banning many valuable...
 
Upvote 0 Downvote
Force a global password reset to EVERY user. Been there, done that, Aug 2021, to 150k+ member accounts. I still get emails from users every few days with outdated emails, looking to access their account (I require that they know their username AND the email associated with the account before I update)

After that bit of fun, THEN force that same reset to any user not active in 60 days (or something).

I also have a dozen other "catches" in place, including one releasing soon from OZZMODZ that I've been testing for the past week.
 
Upvote 0 Downvote
Digital Doctor said:
Lots of threads recently .


have you read this

S

XF 2.2 Thread 'Old users are becoming SPAM everyday !'

Hello

Recently I upgraded our forum from 2.2.8 to latest version and I noticed that many old users are becoming SPAM everyday (5 to 10 old memberships are stolen everyday and posting spam threads). I can't see any relation between the upgrade and the issue, however, this is what happened. Is it a coincidence? Is this a new method of SPAM attacking to steal the users accounts instead of new registration? I mean I am moderating this forum since 2006, moved to Xenforo since 2015 and I didn't face something similar.

Currently I am trying to control the SPAM posts by banning many valuable...
Click to expand...
I have not but the solution of using cloudflare does not really work for me because I need to be able to allow users to upload resources up to 2gb in size to XFRM and cloudflare's limit is 100mb. I will try a captcha and see how that works.
 
Upvote 0 Downvote
ideas here ?
K

Thread 'Security Lock: User must contact Admin'

The recent wave of compromised accounts that are suspected to originate from compromised email accounts has brought up the question how to deal with them without potentially upsetting users that might return.

Right now there seem to be several options to handle compromised accounts:
  1. Ban the account
    Does stop spam activity, but might upset some human users
  2. Set security lock to "User must change password"
    Might work a bit, but as bots know the password they can easily change it
  3. Set security lock to "User must reset password"
    Pretty much the same as before, but requires a bit...
  • Like
 
Upvote 0 Downvote
woody said:
One option: moderate inactive accounts, much like newly registered accounts might be moderated during their initial posts...

ie: a member hasn't logged in for 4 months, and gets placed into a "moderated" usergroup. When they log back in, any new post with a link or any post edit gets flagged for review. Add in Conversations too. Perhaps include the option for keyword flags, ie: Venmo, Paypal, etc.
Click to expand...
 
Upvote 0 Downvote
In my opinion, the best thing is to get the Clean Talk addon for Xenforo. It stopped everything. It even stops them before it hits your server with the spam firewall. It's only $12/year per a website.
 
Upvote 0 Downvote
We're getting it too, but not a ton. What concerns me is that we already have a forced password reset for anyone who hasn't logged in prior to end of 2023, and some old accounts are still slipping through with spam. I guess their emails are compromised as well.
 
Upvote 0 Downvote
grabacontroller said:
In my opinion, the best thing is to get the Clean Talk addon for Xenforo
Click to expand...
The addon is [Unmaintained].

RED FLAG.

AlexanderBezborodov

Thread 'Anti-Spam by CleanTalk'

AlexanderBezborodov submitted a new resource:

Anti spam by CleanTalk - Cloud antispam. No CAPTCHA, no questions, no counting animals, no puzzles, no math and no spam bots.

MOD checks new registrations on the forum using a series of tests to detect spambots - blacklisted IP, EMAIL address, the presence of JavaScript, form submitting time, etc.

We have developed antispam for WordPress that would provide maximum protection from spam bots and you can provide for your visitors a simple and convenient form of comments/registrations without annoying CAPTCHAs and...
Click to expand...
  • Like
 
Upvote 0 Downvote
Digital Doctor said:
The addon is [Unmaintained].

RED FLAG.

AlexanderBezborodov

Thread 'Anti-Spam by CleanTalk'

AlexanderBezborodov submitted a new resource:

Anti spam by CleanTalk - Cloud antispam. No CAPTCHA, no questions, no counting animals, no puzzles, no math and no spam bots.

MOD checks new registrations on the forum using a series of tests to detect spambots - blacklisted IP, EMAIL address, the presence of JavaScript, form submitting time, etc.

We have developed antispam for WordPress that would provide maximum protection from spam bots and you can provide for your visitors a simple and convenient form of comments/registrations without annoying CAPTCHAs and...
Click to expand...
  • Like
Click to expand...
Indeed. The xf2 version is released only on github.

github.com

GitHub - CleanTalk/xenforo2-antispam: Xenforo2 Anti-Spam

Xenforo2 Anti-Spam. Contribute to CleanTalk/xenforo2-antispam development by creating an account on GitHub.
github.com github.com

Edit: apparently I was mistaken.
AntiSpam by CleanTalk CleanTalk Team

AntiSpam by CleanTalk

Max power, all-in-one, no CAPTCHA, premium antispam plugin. No comment spam, no registration spam.
 
Last edited:
Upvote 0 Downvote
2FastRacing said:
I have not but the solution of using cloudflare does not really work for me because I need to be able to allow users to upload resources up to 2gb in size to XFRM and cloudflare's limit is 100mb. I will try a captcha and see how that works.
Click to expand...

Install the chunked uploads add-on. It gets around this limitation.

JulianD

Thread 'Chunked Uploads - XF2 [Paid]'

JulianD submitted a new resource:

Chunked Uploads - XF2 - Allows you to upload very large files even if your server doesn't allow it

This addon enables "chunked uploads" in XenForo and allows you to set a virtually higher maximum upload limit up to 128GB regardless of your server configuration.

Features
  • Option to define the chunk size of each upload. This value cannot be higher than the maximum upload file size reported by your server.
  • Virtually increase the maximum attachment size up to 128GB (see limitations below)
  • Integrates seamlessly...
Click to expand...

Or you can wait for XF 2.3 to be release status, with its native chunked support.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

S
  • Question Question
XF 2.1 Spam accounts getting through manual checks
Replies
7
Views
1K
Max Taxable
Max Taxable
alternadiv
Spam accounts from .xyz email addresses
Replies
17
Views
1K
alternadiv
alternadiv
D
  • Question Question
XF 2.1 Removing Old Spam User Accounts
Replies
5
Views
563
dvduval
D
schroeffu
  • Question Question
XF 1.5 How to prevent SPAM from Google/Facebook Login Accounts
Replies
2
Views
757
schroeffu
schroeffu
Nicky Vermeersch
  • Question Question
XF 1.3 Getting spammed with spam accounts, spam cleaner no avail
Replies
3
Views
684
Chris D
Chris D
Back
Top Bottom