1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.1 Influx of bots, what do?

Discussion in 'Troubleshooting and Problems' started by JABRONI, Nov 29, 2011.


    JABRONI Well-Known Member

    How can I stop this? I'm not sure how they are getting in since I have a question that must be answered before logging in.

    Is there something to help with this?
  2. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    They are registering accounts?

    A verification question will stop automated registrations but not human registrations. It might be a human spammer, or a human who discovered the answer to your verification question and then programmed it into a bot.

    You can help the problem by creating multiple verification questions (it will show one at random). Or you can temporarily moderate new registrations.
  3. DSF

    DSF Well-Known Member

    I have 50 random Q&A and NO spam. Nothing!
    With GeoIP included i have realise NO access from spezific countrys.
  4. Floris

    Floris Guest

    I have 1 Q/A question for guests,
    no email verification, no moderation.

    We get 1 spammer every other month. But our mods click 'spam' and it's gone.
  5. DSF

    DSF Well-Known Member

    With one question where the answer is included? I do not believe it!
  6. Floris

    Floris Guest

    I didn't say that. It's called "Q/A", and I have one set.
    Clearly I am not giving them the answer * hehe
    It's plain text captcha, and seems to work.
  7. mrGTB

    mrGTB Well-Known Member

    You've been lucky to be fair then, but then your domain used now "XenFans" is pretty new. I've had to spam clean away 3 accounts today. One posting signature and website links, along with filling in the About Me with about 10 links also in the write-up added. I've switched from reCaptcha to Q/A now and have activated moderating all new members. It just not an option to leave "open registration" without SFP being there as a secondary back-up against Human Spammers. But it's also not a realistic option to keep manually moderating new accounts either.

    I think some are getting hit worse because they have much older domains like mine that are well visited by spammers already before installing XenForo. I had the same problem with MyBB and why I had to install SFP, Q/A and use default MyBB Captcha all working together on registration page. That halted them right away, and did so for 12 months (not one spammer got in). But using Q/A and MyBB Captcha together didn't stop them. Human spammers are the problem for me it seems, not so much spam bots.

    XenForo really needs some Human Spam defence adding in there by default. SFP for me should be a part of XenForo running alongside Q/A or ReCaptcha. I'd even go further and say there should be an option there in XenForo to use both Q/A and ReCaptcha combined together if you wanted.
  8. Floris

    Floris Guest

    127 domains that I used in the past point to xenfans, they got a lot of spam on vBulletin in the past.
    Yes, it's a new site, and surely over time spam becomes more annoying, we will consider turning mail verification on by then.

    Every spam we do get, we review. We take the time to go through the account, the access_log and error_log for the ips used, the referrer data, and go through the blacklist report sites, etc.

    Having good contacts with data centers helps too. They get a bi-monthly report with a log file they can process. Which helps prevent repeat offenders on the site to crawl to almost 0.

    As time passes, we will turn on email verification, add additional q/a questions, and perhaps moderate 0 posters. Install stopforumspam plugins, etc. We've been running the site since July 2010 and spam is minimum, so can't justify compromising the user experience vs 10 bots a year.
  9. mrGTB

    mrGTB Well-Known Member

    No offence, but if you want to spend each day having to do that above. Fair enough, that's you! But I sure don't and would sooner be able to allow manual registration without having to worry if I'm going to have to spam clean away 5-10 spammers each day. Like I said above, I did have that same issue with MyBB at first. But adding Q/A and SFP as mods cured it, which could both run alongside default MyBB Captcha (all 3) on registration solved the problem and I was able to sit back and enjoy the site knowing they was getting stopped.

    The mass majority of forum owners don't want to be doing all that manually checking stuff, they just want them stopped at the front-door from getting in first and foremost.

    I wish that was me, I'll have more than that getting in if I open manual registration in a week, probably double it easy. Let me put it this way, I had to stop logging blocked spammers in the TXT file wit MyBB and SFP, because it was growing massive daily with the amount of blocked spammers listed in it. I'm talking 50-150 human spammers per day. They'd already bypassed Q/A and Captcha - being stopped last by SFP and logged.

    All I'm trying to say, is that for some of us having only the choice of using Q/A or ReCapctha by default doesn't cut it, and not by a long way.
  10. Floris

    Floris Guest

    Every day?
    I mentioned we get a bot per month, if not every other month.
  11. mrGTB

    mrGTB Well-Known Member

    You get on average only one spam bot a month. :eek:

    It's a good job you don't run my domain then, it would drive you round the bend. I usally get at least one a day getting in, had 3 today alone. :)

    Before adding SFP and Q/A to MyBB. I think the average was about 10-12 a day getting in. So that gives you an example of what will happen using XenForo if I open the floodgates allowing manual activation using only ReCaptcha or Q/A. Although Q/A works much better in lowering those figures if done right. ReCaptcha isn't working stopping them, 3 got in today using it in the space of 2 hours.

Share This Page