Mass spam

Pascal Martin · Dec 25, 2017

Hello,
Since my passage under XF2, my forum is victim of wave of spam. Every other day, I have about ten new members who post hundreds of messages in Chinese.

What are the good methods to fight against this?

I used ReCAPTCHA and Stopforumspam...

Thank you in advance for your help and advice.

whynot · Dec 25, 2017

Include a few questions and answers and change them often.

XxUnkn0wnxX · Dec 25, 2017

well setup ur forums so that every new post by new members. I have it setup where a moderator or admin needs to manually approve posts for new members still that member hits like 6-10 approved posts before they can post without moderation. also, I have it setup where can only post 1 thread every 10 min give or take even those are moderated till they hit the 6-7 approved posts limit. then they automatically get promoted to full member where there posts do not need moderation approval.

XxUnkn0wnxX · Dec 25, 2017

ok here is my setup: i'm on XF 1.5.x (sorry just noticed ur on XF 2.0), but i assume it should be similar or the same

Options: Performance - Minimum Time Between Messages 600 (10 Min)

Default User group i renamed to Member, [this has to be core user group for every user on the site]
Follow message moderation rules: Not Set (Off)
Bypass flood check: Not Set (Off)

now create another user group called Registered

and set:
Follow message moderation rules: Allow (On)
Bypass flood check: Allow (On)

now create a user group promotion

Add User to User Groups: Registered

Apply this promotion filter
User has posted at least X messages: 10

now what all this does is. any new member who wishes to post a new thread or post will be automatically moderated as in not visible to the public only to admins and moderators. you will see in moderation bar if any posts need to be approved.

now once a set member has hit 10 approved thread posts or normal posts they will be promoted and the 2nd user group Registered will be applied. This will override the rules set in core user group. This way they can post freely as much as they want without moderation approval.

Notes:

Bypass flood check Allow = can post as many times as they want
Bypass flood check Not Set = can post every 10 min as set in the Minimum Time Between Messages (Options page)

some other notes: if you have a forum specific permissions like revoke post new thread and then allow post new thread only for VIP members this rule still stays in effect no matter what so it takes Precedence over node specific permissions. i have it set when a user purchases VIP or premium subscription they automatically get added to Registered user group via a promotion.

now this setup is done with the forums options set to:

Moderate new threads posted in this forum [Unchecked]

Moderate replies posted in this forum [Unchecked]

XxUnkn0wnxX · Dec 25, 2017

as for user registration Spam management, if you want to take a further step:

this is my setup:

Screen Shot 2017-12-25 at 8.55.44 pm.webp

Screen Shot 2017-12-25 at 8.56.16 pm.webp

Moderate registrations when this many warning flags are detected: what his means if a minimum of 1 flag is hit EG: email, username, ip address the user is sent to the moderation list on your forum. if you did 2 flags that would mean users email + username would have to be blacklisted on the DB for it to be sent to your forums moderation list.

Reject registrations when this many warning flags are detected: mine is set to 2, so if a user with an email & ip address is trying to register on your forum and that user users a blacklisted email from an blacklisted IP his registration will be rejected wont be able to even register on your forum.

Only count flags recorded within the last X days: i have it set to 31 days (1 month) meaning, that flags are only valid up to 1 month anything older then that doesnt count. if you had it set to infinite, that would be bad as that could result in a large number of false positives and real users wont be able to register then either.

Only count flags recorded at least this many times: i have it set to 3, now this is to help reduce false positives so real users don't get blocked. what this does is a known spammer from the DB needs to be recored as a spammer at least 3 times before any of the above flags take effect. so if a user with bad email & bad IP address tries to register but only has been caught as a bad spammer only 2 times. they will still be allowed to register on your forums. this option is optional but its best to have this set.

Manually approve registration if user shares IP used by a banned user in last X days: mines set to 14 days (2 weeks)
what this does is, if a user got banned on your forum the IP address os recored from that banned user. and say 4 days pass and a new user tries to register but using that same ip address that the banned user used it will be sent to the moderation Queue on your forums instead. but if they try to register after 2 weeks, the registration will go through since its past the x days limit.

Registration Timer (seconds): mine set to 10 seconds, this is to stop bots from auto registering or help reduce, it takes a min of 10 seconds before they can press the submit button. think about how long would it take you to register on your own site? filling in username, password, email etc...

Enable CAPTCHA for Guests: used on registration page, Use reCAPTCHA (No CAPTCHA) much better then default CAPTCHA, it uses the google one you have seen everywhere the one with the tick and sometimes turns into select these images etc..

you need to register here: http://www.google.com/recaptcha

and get your own Keys for it to work.

with this all setup i barely get any spam at all + i have double post merge as well from a plugin what his does if normal fully registered users try to spam all there posts are merged into 1 post so they have to wait after a set time before new post is considered a new post. this is to stop users from cheating their up in increasing their post count.

when i refer to DB i mean by Project Honey Pot, StopForumSpam DB's

alexD · Dec 25, 2017

If the messages include Chinese characters, the Spam Phrases option (admin.php?options/groups/spam/#spamPhrases) could be of help.

Code:

/.*的.*/i
/.*一.*/i
/.*是.*/i
...

https://blogs.transparent.com/chinese/100-most-common-chinese-characters/

Screenshot from 2017-12-25 13-00-29.webp

AndyB · Dec 25, 2017

Pascal Martin said:
What are the good methods to fight against this?

What is your forum about? If it's specific enough you can use Questions and Answers with great success.

Pascal Martin · Dec 26, 2017

AndyB said:
What is your forum about? If it's specific enough you can use Questions and Answers with great success.

Yes, it's a forum that talks about 3D computer graphics. Despite the introduction of questions / answer, this morning some spam has passed.

thank you all for your help

Yugensoft · Dec 26, 2017

Pascal Martin said:
Yes, it's a forum that talks about 3D computer graphics. Despite the introduction of questions / answer, this morning some spam has passed.

thank you all for your help

Do you think it's bots, or human spammers?

Pascal Martin · Dec 26, 2017

human I guess, the rule proposed by @alexD works, the messages remain pending approval.

AndyB · Dec 26, 2017

Pascal Martin said:
Despite the introduction of questions / answer, this morning some spam has passed

You need to ask a question like this:

Q: What is the generic term used to describe the software used to design 3D objects. Hint starts with C.
A: CAD

In addition I suggest using a Custom user field like '3D software'. So you can ask during registration what type of software they use in their 3D design.

Also use Regitration confirmation so that each new registration needs to be manually approved. I suggest using this add-on to so you can see how they answered the '3D software' question and where they are from.

https://xenforo.com/community/resources/register-email.5617/

Yugensoft · Dec 26, 2017

Pascal Martin said:
human I guess, the rule proposed by @alexD works, the messages remain pending approval.

Well the test will be: if the spam rate drops, but eventually returns back to a similar level, bots are probably being used (possibly with human assistance), because sophisticated spammers register Q&As in a central database.

Joe Kuhn · Mar 29, 2018

On a forum I'm a member of, we keep getting Chinese spam even after the IPs are banned. How do the Bots manage this? I'd like to know as I'll be managing a small site soon. Thanks.

Yugensoft · Mar 29, 2018

They just have stacks of proxies.
You can try my post guard add-on with a Han character regex.

Joe Kuhn · Mar 29, 2018

Yugensoft said:
They just have stacks of proxies.
You can try my post guard add-on with a Han character regex.

Thanks. I've referred the people who work the site to this thread. It's up to them to decide what to do. Will pass back to them the concept that there is no end to their IP resource.

Mass spam

Pascal Martin

Member

whynot

Well-known member

XxUnkn0wnxX

Active member

XxUnkn0wnxX

Active member

XxUnkn0wnxX

Active member

alexD

Well-known member

AndyB

Well-known member

Pascal Martin

Member

Yugensoft

Well-known member

Pascal Martin

Member

AndyB

Well-known member

Yugensoft

Well-known member

Joe Kuhn

Well-known member

Yugensoft

Well-known member

Joe Kuhn

Well-known member

Similar threads

We value your privacy