1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.4 Increased Spam Volume...

Discussion in 'XenForo Questions and Support' started by RoyalRumble, Jul 30, 2015.

  1. RoyalRumble

    RoyalRumble Active Member

    We're currently receiving a volume of spam I've not seen in all my days (since 2005) of forum management...

    We're on the latest stable 1.4.10 version.

    Every member on our forum needs 10 approved posts before posting freely - examples of spam clogging up the moderation queue below, followed by our spam management settings.




    I've tried altering the above, every CAPTCHA has been attempted, none are resisting the sheer volume of spam (avg 10 new threads an hour).

    Any suggestions/feedback most welcome.

  2. Brogan

    Brogan XenForo Moderator Staff Member

    They are most likely human spammers so are able to resolve captchas like any other member.

    There's not much you can do unless you want to venture into the realm of blocking whole IP address ranges, or countries.
  3. RoyalRumble

    RoyalRumble Active Member

    The questions for 'Question and Answer' are pretty niche to a UK football club. At one stage we even had emails coming in from fans of this football club not knowing the answer but still, the spam came through from Indonesia, Pakistan etc.

    Banning IP/Countries it is then...
  4. Brogan

    Brogan XenForo Moderator Staff Member

    When using Q&A, only have one question active at a time and change it regularly and especially when you notice an increase in spam.

    Once the spammers have the answer, it gets distributed amongst the various sites and apps such as xrumer.
  5. RoyalRumble

    RoyalRumble Active Member

    Thank you.
  6. Mouth

    Mouth Well-Known Member

    map $geoip_country_code $allowed_country {
            default yes;
            AR no;          #Argentina (Feb '15)
            BR no;          #Brazil (Feb '15)
            CN no;          #China (Feb '15)
            ES no;          #Spain (Feb '15)
            HU no;          #Hungary (Feb '15)
            IN no;          #India (Feb '15)
            IT no;          #Italy (Feb '15)
            JP no;          #Japan (Feb '15)
            RO no;          #Romania (Feb '15)
            RU no;          #Russia (Feb '15)
            TW no;          #Taiwan (Feb '15)
            TR no;          #Turkey (Feb '15)
            UA no;          #Ukraine (Feb '15)
            VN no;          #Vietnam (Feb '15)
            PK no;          #Pakistan (Aug '15)
            CM no;          #Cameroon (Aug '15)
    The bottom 2 just added today, after a small influx of spam from here.
    RoyalRumble likes this.
  7. RoyalRumble

    RoyalRumble Active Member

    Thank you very much
  8. melbo

    melbo Well-Known Member

    You should also get and enter keys for StopForumSpam, Project Honey Pot and Askimet. I see the fields are empty in your screenshots.
  9. RoyalRumble

    RoyalRumble Active Member

    Nice one, thanks. I did try that, removed keys for screens :)

    If anyone stumbles across this thread at a later date, I've found this has stemmed the flow for the time being.
    melbo likes this.
  10. jauburn

    jauburn Well-Known Member

    What in the world do these losers hope to gain with this spam? I've never understood it. The spammers never get beyond my moderation queue, but they keep on trying, endlessly, nevertheless. Who pays these people? And how much? I'd love to understand the economics of this silliness from the spammers' end. Maybe we're all in the wrong business.
  11. Floyd R Turbo

    Floyd R Turbo Well-Known Member

    yeah I had about 1 or 2 spammer registrations per day for a long time, using Askimet, StopSpamForum and Project Honey Pot keys, and Q&A Captcha, they were all human spammers. The mod queue caught about 99% of them, some even tried posting a text-only gibberish post like "tagrafasreafdasfd" which did go through, then the next post would get snagged (still under min posts)...

    Eventually when I was running the spam cleaner, I wrote a long message basically asking what the point of it all was, since none of it was getting by the spam filters. What's funny is...it stopped. Completely.

    The next thing I caught is that people have been registering and not posting anything at all, but they enter in a website for their hope page that is suspect at best. Like a gamer site, some random site "exposing a real estate scam" etc. Useless if you disable indexing of user profiles, but that's another way I've seen human spammers trying to sneak in. Now I find myself checking all new registrations after a few days to see if they have set a home page. So watch out for that one.
  12. semprot

    semprot Active Member

    there is an automated software to do these forum spam.
    some new website owners may order "cheap backlinks" from these guys.
  13. RoyalRumble

    RoyalRumble Active Member

    Noticed this myself Yesterday, so I installed this: [ITD] Remove "Home Page" from user profile.

    Now trying to work out how to remove the option to enter a home page all together...
  14. jauburn

    jauburn Well-Known Member

    This does not sound good to me: A new user who enters a home page is one of the biggest clues that he or she is a spammer. If I had some plugin that removed this or disallowed it, I'd have one less clue to work with.
  15. RoyalRumble

    RoyalRumble Active Member

    As long as there's no actual spam, does it matter if their account then lies dormant?

    Since installing the above, they're now including their links in the 'About' section of their bio.
  16. jauburn

    jauburn Well-Known Member

    Yes, it matters! Your response provides just one explanation of why it matters. Cut off one avenue, and they'll find another. Better to allow the signature link to identify them so that you can catch them early before they do damage in another way.
  17. Pieman

    Pieman Member

    I'd prefer a system that promoted all users that have less than x posts to moderated status if they fill in a homepage as virtually every legitimate user takes an age to fill those details in.
  18. RoyalRumble

    RoyalRumble Active Member

    But I've now prevented the about section containing a link, so currently any spam signup can't post a link anywhere and we prune anyone who doesn't post within a year.

    The problem with leaving the signature link to be spammed, was we get that many registrations it wasn't practical to go back and review all.
  19. jauburn

    jauburn Well-Known Member

    I also don't see shutting off or down regular forum features as a reasonable solution to combatting spam. One may as well admit that the spammers simply won the game.
  20. Floyd R Turbo

    Floyd R Turbo Well-Known Member

    I agree with you completely @jauburn

    This is spot on. Very few users ever fill out the details on their profile page, so someone who does right off the bat throws a red flag in my book.

    What is needed is a way to search all profiles for users who have entered information into the Home Page field. Right now in the Search Users or Batch Update page, this is not an option. You have to go into phpMyAdmin and look it up. FWIW I did this and out of 2000 users on our site, only 4 of those had this filled in. Me, one other legit user, and 2 spammers whom I had already banned.

    Having a way to search for users with an entry in the Home Page would make it pretty easy to weed out spammers. I feel a suggestion coming. Like it!

Share This Page