how well does Xenforo do at keeping bots from joining the forum?

[macuser]

bots have always been an issue with my SMF forum. They get past the questions I set up, and the captcha stuff. Does Xenforo keep them from joining or no?

 

[Paul B]

The built in spam options allow for rejection or moderation.

Relatively, very few spam posts make it through.

 

[Claudio]

bots have always been an issue with my SMF forum. They get past the questions I set up, and the captcha stuff. Does Xenforo keep them from joining or no?

If you set complex questions then there are almost no possibilities a bot can answer them. Avoid simple questions like "what's the color of the sun" or "what's the name of this forum". Those are easy to guess by bots.

 

[Alpha1]

Out of the box, its pretty much the same as SMF, but if you add the signup abuse addon then its a world of difference.

Signup abuse detection and blocking

From (simple) multiple accounts detection to isp/connection fingerprinting with score-based moderating/rejecting logic. These are very effective low-hanging fruit at reducing spam. Supports migration configuration from the following XF1 add-ons...

xenforo.com

 

[Ozzy47]

I’ve got a paid addon that is very affective against spam bots registration,

[OzzModz] Registration Spaminator Stop Spam Bot Registrations

There is a 10% tax added to our products. We do not offer invoices, you need to use your PayPal Receipt for your accounting or VAT needs. Tax will be added at checkout. This addon is another tool in fighting spam bot registrations at your forum...

xenforo.com

 

[macuser]

my questions are easy, that is what SMF suggested I used.

can you give me an example of what a complex question may look like? Thanks

If you set complex questions then there are almost no possibilities a bot can answer them. Avoid simple questions like "what's the color of the sun" or "what's the name of this forum". Those are easy to guess by bots.

 

[Ozzy47]

I don’t like questions, they hinder the user. Punish the bots, not humans.

 

[macuser]

I don’t like questions, they hinder the user. Punish the bots, not humans.

me either, but I was trying anything I could find to stop the bots from joining. .

 

[Ozzy47]

Do anything but hinder the user experience. Nothing is more off putting than trying to register somewhere and have to fold captcha/puzzles or answer questions.

 

[MySiteGuy]

Complex questions actually hinder humans. You need questions any real person can answer. And it shouldn't be a question about your topic/niche because they might be just starting out and not know anything about it.

Example:
"The dog is swimming in a lake, and the cat is in a desert. Which animal is wet?"
Possible answers:
dog
the dog

Bots are not figuring out human verification questions based on complexity. They do it based on a database of questions they've collected. That's why you need several questions (which randomly rotate).

 

[beerForo]

Do anything but hinder the user experience. Nothing is more off putting than trying to register somewhere and have to fold captcha/puzzles or answer questions.

Especially with the new post before register.

 

[Paul B]

That's why you need several questions (which randomly rotate).

I originally had several questions but then when one of them made its way into xrumer, I had no way of knowing which one it was, so had to scrap them all.

Now I just have a single question and as soon as it gets compromised, I create a new one.

 

[briansol]

This change is really all i did beside out of the box functionality, and it reduced our 20-30 spam posts to next to nothing.

XF 2.1 - Link/BBCode processing in a post, and spam detection

We have been using regex in "Spam Phrases" to find any link pasted into a site where the string starts with https:// or http:// and it has worked well. I found a new angle. I found that if someone pastes in a link to a site, like www.xenforo.com without the https:// or http:// prefix, it is...

xenforo.com

 

[beerForo]

Bookmarked!

 

[alv4]

For me, it blocks almost all of the bots trying to register. So I'm happy with the out of the box protection

 

[frm]

xrumer

I didn't think we were allowed to mention this word as to why I kept using X in my posts when referring to spam.

On topic, though, I use human questions as @MySiteGuy suggested and they work fine. Almost anyone with a 3rd-grade reading level can answer them and are much easier than sometimes picking a storefront in a CAPTCHA.

 

[Paul B]

Q&A captcha coupled with first post moderation and no ability to edit profiles for new members means there has never been a single spam post on my forum.

 

[whynot]

I originally had several questions but then when one of them made its way into xrumer, I had no way of knowing which one it was, so had to scrap them all.

Now I just have a single question and as soon as it gets compromised, I create a new one.

Just mark and disable them. Later on they can be used again.

 

[cdub]

Q&A captcha coupled with first post moderation and no ability to edit profiles for new members means there has never been a single spam post on my forum.

I'd rather not hinder legitimate posters.

Basically I have a TON of flagged keywords.

Spammers sometimes get through... But they don't last long.

 

[frm]

I'd rather not hinder legitimate posters.

What method do you use; Q&A, CAPTCHA, nothing?

Basically I have a TON of flagged keywords.

This would make for a good resource if allowed to be downloaded in a text file (due to censorship on this forum I believe) as I know some but not all, and it's an ever-growing list too.

Spammers sometimes get though... But they don't last long.

Do you delete a spammer? Keep their account? Ban IP?...