I've been using XenForo for just over a year now on www.thetabletennisforum.com.
Past 3 months or so we've been getting hit by spam... incessantly.
I run quite a few WordPress websites and I use CleanTalk.org to moderate those. One of those websites has good Google ranking and pulls in about 30,000 to 40,000 unique visitors per week yet I don't get any spam thanks to the WordPress/CT combination. When I check the reports for CT there's a ton of spam trying to hit the website, but none of it getting through - last month it was 26,000 users/comments.
On my XenForo install I've probably only had about 1,800 spam users/comments but a significant portion of those have gotten through.
Here's what I've got setup, options-wise:
- Check new registrations against CleanTalk
- Check new registrations against the StopForumSpam database (mod when 1 flag, reject when 3 flag, count flags from past 60 days)
- Check DNBSL on registration (Project Honey Pot)
- Manually approve reg if user shares IP used by a banned user
- 10s reg timer
- Check 3 messages
- Akisment API key
- Antispam by CleanTalk 1.0.0
- KeyCAPTCHA 2.2
I'm no expert with this, at all. I don't know if I'm possibly bamboozling XenForo by using too many different spam-checking services. Therefore I'm here to seek some advice from fellow users or XenForo staff.
I've bullet-pointed my main concerns and would appreciate any advice which addressed them:
- A lot of new registrations are bots. I'd estimate that 50% of them are getting through my spam filtering options. I have ~700 members and I think around ~400 of them are bots. I can't find any way of identifying the bots en masse - I've gotten rid of all .ru mail users but the remaining bots are on @Outlook, @yahoo and @gmail, but so are a lot of our human users.
- Once bots have registered, they tend to put weblinks in their profile. Is there any way I can search for all users with profile posts?
- When the bots start posting, XenForo catches about 80% of the posts and they go into "Moderation". However, this means that for Administrator users, we've got page after page of green-highlighted spam posts (not visible to standard users). To remove these from the forum entirely, I have to manually click through them and delete them. That's pretty much the same as not having any spam filtering!
- The other 20% of posts have to be manually deleted/spam cleaned