Getting hit by spam hard :(

Shelley said:
it seems you can add multiple questions in the admincp but when it comes to the registration form it'll only display one question and answer. I always thought the reg form would display all the questions.
Click to expand...

I would have thought the multiple Questions you add can be refreshed manually to show another one on registration page if a person wants to by clicking a link to do it, that's what my forum offers anyone to do and shows no answers to pick from.

And a random question is auto generated each time to shown a different question next time you visit the registration page. Sound like the whole Questions and Answers feature is way too simplistic to me in XenForo reading what your saying here, it needs to be improved.
 
EQnoble said:
I was wondering what you meant in your post...now I get it....that would be kind of cool to have multiple checks used (multiple questions and or other implementations of human verification). I think it doesn't display them I think because then someone could get all your questions, come up with answers and then build a bot based on them.
Click to expand...

Yeah I do agree, but I am one for changing the existing questions around frequently. I also feel a random generator would be nice where the admin can create 100 or so questions and answers which are jumbled round at random when it comes to displaying the questions and answers on the registration form.

There would also be an additional field in the admincp where the admin can input a number for the amount of questions they want to be applied to the registration form.
 
Shelley said:
Yeah I do agree, but I am one for changing the existing questions around frequently. I also feel a random generator would be nice where the admin can create 100 or so questions and answers which are jumbled round at random when it comes to displaying the questions and answers on the registration form.

There would also be an additional field in the admincp where the admin can input a number for the amount of questions they want to be applied to the registration form.
Click to expand...
Shelley you actually just gave me the most awesome idea for a verification method. Damn I wish I was a real coder.
 
EQnoble said:
Shelley you actually just gave me the most awesome idea for a verification method. Damn I wish I was a real coder.
Click to expand...

I think it might be worth creating a topic in the feedback area regarding this. I feel if the devs can get more suggestions with the question and answers and improving upon it it wouldn't hurt to try. :)
 
Shelley said:
I think it might be worth creating a topic in the feedback area regarding this. I feel if the devs can get more suggestions with the question and answers and improving upon it it wouldn't hurt to try. :)
Click to expand...

I wouldn't even know how to put this in text, I'll try...I only thought of the idea actually because a very private site I belong to needs you to get invited to get in...once in your still not really in...you need to read around the news and announcements of the site before you can post , download, or view most sections of the site.

Once you absorb the MO of the site and the rules...you click a button that says "get it in" and it locks you out of the rest of the site and you go to a questionnaire about the site purposes and rules. you can get 2 wrong out of 15 question. If you get 2 or less wrong you are a full member...if you get 3 or more incorrect answers...your banned for 1 week. and will get an email as to when you can try again starting with reading rules and announcements. 3 bad verify attempts and your gone, if you turn out to be a bad invitee, the person who invited you gets reviewed and possibly banned. The system really is foolproof and not one has gotten passed it yet.


I don't want to suggest something like this as realistically I think it may be just a bit of overkill but it is way beyond my scope of knowledge to know how long or how much effort this would take to build. I would be intersted in getting somehting like this developed, I just don't know what the reality is of making this work and just how much would be involved.
 
EQnoble said:
I wouldn't even know how to put this in text, I'll try...I only thought of the idea actually because a very private site I belong to needs you to get invited to get in...once in your still not really in...you need to read around the news and announcements of the site before you can post , download, or view most sections of the site.

Once you absorb the MO of the site and the rules...you click a button that says "get it in" and it locks you out of the rest of the site and you go to a questionnaire about the site purposes and rules. you can get 2 wrong out of 15 question. If you get 2 or less wrong you are a full member...if you get 3 or more incorrect answers...your banned for 1 week. and will get an email as to when you can try again starting with reading rules and announcements. 3 bad verify attempts and your gone, if you turn out to be a bad invitee, the person who invited you gets reviewed and possibly banned. The system really is foolproof and not one has gotten passed it yet.

I don't want to suggest something like this as realistically I think it may be just a bit of overkill but it is way beyond my scope of knowledge to know how long or how much effort this would take to build. I would be intersted in getting somehting like this developed, I just don't know what the reality is of making this work and just how much would be involved.
Click to expand...

That really is a great idea. I think for closely knit sites, which are more like family than generic visitors this would be a godsend. Realistically, for most communities I don't think this would appeal to them most admins like stats more than quality people at their site but that is something i would certainly like to have.
 
@Kaiser I wish you all the luck getting this sorted, For whatever reason it would seem that you are the target.
My advice... close your board from new registrations and prepare for a disruptive month or so because I would expect some bandwidth being thrown around at some point.
 
Brett Peters said:
@Kaiser I wish you all the luck getting this sorted, For whatever reason it would seem that you are the target.
My advice... close your board from new registrations and prepare for a disruptive month or so because I would expect some bandwidth being thrown around at some point.
Click to expand...

I was going to suggest that myself before, make registration manual validation or even close it for a while. Does look like he may have become a target for some reason?
 
Make all posts moderated for everyone that joined in the last week and going forward.
Consider preventing new memberships temporarily.
Don't hassle the members you already have.
 
Any question that you can look up on google won't work.

If it's a bot, you might want to try something like this:

Q: Which of the FOLLOWING words is written in capital letters?
A: following, FOLLOWING

Easy enough. If it's humans it's a whole different thing.
 
Brogan said:
If they're human spammers, as they appear to be, then nothing you can do will make any difference.
Click to expand...

They get paid for links in their signatures, ergo .....

Movie sites get hit with these people on a constant basis for no apparent reason. ON the bright side a whole bunch of them will never post, so you have some good member numbers happening. Of course against posting rates it looks weird.
 
Jethro said:
They get paid for links in their signatures, ergo .....

Movie sites get hit with these people on a constant basis for no apparent reason. ON the bright side a whole bunch of them will never post, so you have some good member numbers happening. Of course against posting rates it looks weird.
Click to expand...

Although the member count may look good I would be concerned with the amount of these members marking any email they get as spam, If this happens on a decent enough scale then their may be undesirable consequences with spam traps.
 
HI,

I'm not sure if you're using CloudFlare based on this post (since someone recommended it). One thing you could do is block the IPs or IP ranges in your CloudFlare threat control panel to prevent them from accessing the site. Blocking by IP or IP range = no access to your site.
 
Thanks to everyone who has tried to help :)

EQnoble said:
I thought he was trying to see if the registrations were humans or bots. If no more spam registrations come through after changing the registration procedure it was probably a well coded bot. If they do continue they are more than likely human.
Click to expand...
They are human if you read my first replies with the 2 links I provided.

Kaiser said:
Yea.. if you read http://www.topix.com/forum/drug/valium/TQE9TH3S9QD046I7E and the second page: http://www.topix.com/forum/drug/valium/TQE9TH3S9QD046I7E/p2 you will see its them thats joining.
Click to expand...

I am already taking every single measure to prevent spam, and I always have since day one. I have hard questions set to prevent spam bots, but there is nothing I can do if they are human which they are.. they all are joining in hopes of buying/selling drugs.. you will see if you read those links, read both pages.

And to those who keep recommending StopForumSpam, I have mentioned that I already have it :)

Shelley said:
it seems you can add multiple questions in the admincp but when it comes to the registration form it'll only display one question and answer. I always thought the reg form would display all the questions.
Click to expand...

It displays each question randomly, not together. What I would like to see is being able to use Q&A captcha, and reCaptcha together.. thats what most other scripts allow.

Brett Peters said:
Although the member count may look good I would be concerned with the amount of these members marking any email they get as spam, If this happens on a decent enough scale then their may be undesirable consequences with spam traps.
Click to expand...
They dont show up on the member count as they are banned. Xenforo has this by default where unactivated/banned members dont add to the membercount.
 
As serious as this issue is, I have to say that that's some funny replies in the topix thread, the best ones are "yeah bt what'S THE 1NSENT1VE" and "Just signed up with a throw away mail acc. Just for the crack , i cant even find a fkg aspirin mate - wot gives ?". Extremely funny!

This is where a built-in promotion system would come in handy. New users are jailed to certain forums and can not post links, not have links in their sigs, etc, and then once they posted enough they are automagically promoted to gain additional privileges.
 
You might want to consider:

- set the Enable Manual Approval option in ACP > User Registration. That way no one gets in without you first checking the account info

- the discourage option sounds great too. From the ACP
Prevent discouraged IP addresses from registering
You may prevent any visitors browsing from discouraged IP addresses from registering new accounts. They will be informed that registration is currently disabled.
Click to expand...
If it's live people spamming your site, they will think you disabled registration for everyone and give up for a bit. They wont have any idea it's just for their IP.
 
User said:
As serious as this issue is, I have to say that that's some funny replies in the topix thread, the best ones are "yeah bt what'S THE 1NSENT1VE" and "Just signed up with a throw away mail acc. Just for the crack , i cant even find a fkg aspirin mate - wot gives ?". Extremely funny!

This is where a built-in promotion system would come in handy. New users are jailed to certain forums and can not post links, not have links in their sigs, etc, and then once they posted enough they are automagically promoted to gain additional privileges.
Click to expand...
Yea I am not going to lie, there were some funny comments lol.
Oracle said:
You might want to consider:

- set the Enable Manual Approval option in ACP > User Registration. That way no one gets in without you first checking the account info

- the discourage option sounds great too. From the ACP

If it's live people spamming your site, they will think you disabled registration for everyone and give up for a bit. They wont have any idea it's just for their IP.
Click to expand...
I wouldnt do that as it would also stop actual members from joining.
 
Kaiser said:
I wouldnt do that as it would also stop actual members from joining.
Click to expand...

It shouldn't. As long as you are around you can promptly approve any new members. If you go away, you can delegate that task to another admin or mod.

Even if you didn't wish to take that suggestion, the IP discourage would only affect the guys who are spamming your board. The only way others would be affected is if their IP happened to be in the same IP range. As long as you use reasonable IP #s the likelihood is far less then a 1% chance.
 

Similar threads

Okenyon
XF 2 SPAM expert
Replies
1
Views
233
Claudio
Claudio
MapleOne
Contact & Registration spam stopped almost 100% at zero cost
2
Replies
23
Views
1K
Zardoz43
Zardoz43
BoostN
Not a bug Undefined array key "cookieConsent" src/XF/CookieConsent.php:56
Replies
1
Views
154
BoostN
BoostN
creativeforge
Addon to replace Stop Forum Spam?
Replies
4
Views
508
Kevin
Kevin
alexm
  • Question Question
XF 2.2 Error processing unsubscribe message
Replies
3
Views
206
alexm
alexm
Top Bottom