• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.4 Increased Spam Volume...

#1
We're currently receiving a volume of spam I've not seen in all my days (since 2005) of forum management...

We're on the latest stable 1.4.10 version.

Every member on our forum needs 10 approved posts before posting freely - examples of spam clogging up the moderation queue below, followed by our spam management settings.

upload_2015-7-30_10-57-38.png


upload_2015-7-30_10-58-33.png
upload_2015-7-30_10-59-0.png

upload_2015-7-30_10-59-20.png

I've tried altering the above, every CAPTCHA has been attempted, none are resisting the sheer volume of spam (avg 10 new threads an hour).

Any suggestions/feedback most welcome.

Thanks
 

Brogan

XenForo moderator
Staff member
#2
They are most likely human spammers so are able to resolve captchas like any other member.

There's not much you can do unless you want to venture into the realm of blocking whole IP address ranges, or countries.
 
#3
They are most likely human spammers so are able to resolve captchas like any other member.

There's not much you can do unless you want to venture into the realm of blocking whole IP address ranges, or countries.
The questions for 'Question and Answer' are pretty niche to a UK football club. At one stage we even had emails coming in from fans of this football club not knowing the answer but still, the spam came through from Indonesia, Pakistan etc.

Banning IP/Countries it is then...
 

Brogan

XenForo moderator
Staff member
#4
When using Q&A, only have one question active at a time and change it regularly and especially when you notice an increase in spam.

Once the spammers have the answer, it gets distributed amongst the various sites and apps such as xrumer.
 

Mouth

Well-known member
#6
the spam came through from Indonesia, Pakistan etc.
Banning IP/Countries it is then...
Code:
map $geoip_country_code $allowed_country {
        default yes;
        AR no;          #Argentina (Feb '15)
        BR no;          #Brazil (Feb '15)
        CN no;          #China (Feb '15)
        ES no;          #Spain (Feb '15)
        HU no;          #Hungary (Feb '15)
        IN no;          #India (Feb '15)
        IT no;          #Italy (Feb '15)
        JP no;          #Japan (Feb '15)
        RO no;          #Romania (Feb '15)
        RU no;          #Russia (Feb '15)
        TW no;          #Taiwan (Feb '15)
        TR no;          #Turkey (Feb '15)
        UA no;          #Ukraine (Feb '15)
        VN no;          #Vietnam (Feb '15)
        PK no;          #Pakistan (Aug '15)
        CM no;          #Cameroon (Aug '15)
}
The bottom 2 just added today, after a small influx of spam from here.
 
#7
Code:
map $geoip_country_code $allowed_country {
        default yes;
        AR no;          #Argentina (Feb '15)
        BR no;          #Brazil (Feb '15)
        CN no;          #China (Feb '15)
        ES no;          #Spain (Feb '15)
        HU no;          #Hungary (Feb '15)
        IN no;          #India (Feb '15)
        IT no;          #Italy (Feb '15)
        JP no;          #Japan (Feb '15)
        RO no;          #Romania (Feb '15)
        RU no;          #Russia (Feb '15)
        TW no;          #Taiwan (Feb '15)
        TR no;          #Turkey (Feb '15)
        UA no;          #Ukraine (Feb '15)
        VN no;          #Vietnam (Feb '15)
        PK no;          #Pakistan (Aug '15)
        CM no;          #Cameroon (Aug '15)
}
The bottom 2 just added today, after a small influx of spam from here.
Thank you very much
 

melbo

Well-known member
#8
You should also get and enter keys for StopForumSpam, Project Honey Pot and Askimet. I see the fields are empty in your screenshots.
 
#9
You should also get and enter keys for StopForumSpam, Project Honey Pot and Askimet. I see the fields are empty in your screenshots.
Nice one, thanks. I did try that, removed keys for screens :)

If anyone stumbles across this thread at a later date, I've found this has stemmed the flow for the time being.
 

jauburn

Well-known member
#10
Once the spammers have the answer, it gets distributed amongst the various sites and apps such as xrumer.
What in the world do these losers hope to gain with this spam? I've never understood it. The spammers never get beyond my moderation queue, but they keep on trying, endlessly, nevertheless. Who pays these people? And how much? I'd love to understand the economics of this silliness from the spammers' end. Maybe we're all in the wrong business.
 

Floyd R Turbo

Well-known member
#11
yeah I had about 1 or 2 spammer registrations per day for a long time, using Askimet, StopSpamForum and Project Honey Pot keys, and Q&A Captcha, they were all human spammers. The mod queue caught about 99% of them, some even tried posting a text-only gibberish post like "tagrafasreafdasfd" which did go through, then the next post would get snagged (still under min posts)...

Eventually when I was running the spam cleaner, I wrote a long message basically asking what the point of it all was, since none of it was getting by the spam filters. What's funny is...it stopped. Completely.

The next thing I caught is that people have been registering and not posting anything at all, but they enter in a website for their hope page that is suspect at best. Like a gamer site, some random site "exposing a real estate scam" etc. Useless if you disable indexing of user profiles, but that's another way I've seen human spammers trying to sneak in. Now I find myself checking all new registrations after a few days to see if they have set a home page. So watch out for that one.
 

semprot

Active member
#12
What in the world do these losers hope to gain with this spam? I've never understood it. The spammers never get beyond my moderation queue, but they keep on trying, endlessly, nevertheless. Who pays these people? And how much? I'd love to understand the economics of this silliness from the spammers' end. Maybe we're all in the wrong business.
there is an automated software to do these forum spam.
some new website owners may order "cheap backlinks" from these guys.
 
#13
yeah I had about 1 or 2 spammer registrations per day for a long time, using Askimet, StopSpamForum and Project Honey Pot keys, and Q&A Captcha, they were all human spammers. The mod queue caught about 99% of them, some even tried posting a text-only gibberish post like "tagrafasreafdasfd" which did go through, then the next post would get snagged (still under min posts)...

Eventually when I was running the spam cleaner, I wrote a long message basically asking what the point of it all was, since none of it was getting by the spam filters. What's funny is...it stopped. Completely.

The next thing I caught is that people have been registering and not posting anything at all, but they enter in a website for their hope page that is suspect at best. Like a gamer site, some random site "exposing a real estate scam" etc. Useless if you disable indexing of user profiles, but that's another way I've seen human spammers trying to sneak in. Now I find myself checking all new registrations after a few days to see if they have set a home page. So watch out for that one.
there is an automated software to do these forum spam.
some new website owners may order "cheap backlinks" from these guys.
Noticed this myself Yesterday, so I installed this: [ITD] Remove "Home Page" from user profile.

Now trying to work out how to remove the option to enter a home page all together...
 
#15
This does not sound good to me: A new user who enters a home page is one of the biggest clues that he or she is a spammer. If I had some plugin that removed this or disallowed it, I'd have one less clue to work with.
As long as there's no actual spam, does it matter if their account then lies dormant?

Since installing the above, they're now including their links in the 'About' section of their bio.
 

jauburn

Well-known member
#16
As long as there's no actual spam, does it matter if their account then lies dormant?

Since installing the above, they're now including their links in the 'About' section of their bio.
Yes, it matters! Your response provides just one explanation of why it matters. Cut off one avenue, and they'll find another. Better to allow the signature link to identify them so that you can catch them early before they do damage in another way.
 
#18
Yes, it matters! Your response provides just one explanation of why it matters. Cut off one avenue, and they'll find another. Better to allow the signature link to identify them so that you can catch them early before they do damage in another way.
But I've now prevented the about section containing a link, so currently any spam signup can't post a link anywhere and we prune anyone who doesn't post within a year.

The problem with leaving the signature link to be spammed, was we get that many registrations it wasn't practical to go back and review all.
 

jauburn

Well-known member
#19
But I've now prevented the about section containing a link, so currently any spam signup can't post a link anywhere and we prune anyone who doesn't post within a year.

The problem with leaving the signature link to be spammed, was we get that many registrations it wasn't practical to go back and review all.
I also don't see shutting off or down regular forum features as a reasonable solution to combatting spam. One may as well admit that the spammers simply won the game.
 

Floyd R Turbo

Well-known member
#20
I agree with you completely @jauburn

I'd prefer a system that promoted all users that have less than x posts to moderated status if they fill in a homepage as virtually every legitimate user takes an age to fill those details in.
This is spot on. Very few users ever fill out the details on their profile page, so someone who does right off the bat throws a red flag in my book.

What is needed is a way to search all profiles for users who have entered information into the Home Page field. Right now in the Search Users or Batch Update page, this is not an option. You have to go into phpMyAdmin and look it up. FWIW I did this and out of 2000 users on our site, only 4 of those had this filled in. Me, one other legit user, and 2 spammers whom I had already banned.

Having a way to search for users with an entry in the Home Page would make it pretty easy to weed out spammers. I feel a suggestion coming. Like it!