XF 2.1 Massive spam issue

P

PJK

Active member
Last Friday I randomly had 6,000 new registrations who posted a lot. One of the mods manually went through and spam cleaned as much as possible, it took hours. I then required manual approval for all new registrations. Today, I got 50+ email notifcations from users spamming via PM, which were accounts created on Friday. And today, hundreds more registered and are under approval. I disabled registration and also updated the registration question on Friday.

What's the best/fastest way to clean up these PM/registration/post spam of hundreds of people and how can I prevent them going forward? I've used XF for years and never had this issue until now.

Thanks.
 
Sort by date Sort by votes
I'd recommend a CATCHA instead of Questions: Once a spammer knows at least 1 question/answer combination they can automatically spam (just reload until the known question appears).
 
Upvote 0 Downvote
alextam said:
Which CATCHA you recommend? the default google CATCHA was blocked in China
Click to expand...

You could try if hCaptcha runs in China (I assume it does).

xenforo.com

XF 2.2 - Assorted improvements

We're fast approaching the time where we're able to unleash XenForo 2.2 on this very forum but, before we do, we wanted to tell you about a few slightly more miscellaneous features that we've been keeping under our hat. Advanced options switch The eagle-eyed amongst you may have already spotted...
xenforo.com xenforo.com

.. but you need XF 2.2 in order to have it out of the box.
 
Upvote 0 Downvote
nocte said:
You could try if hCaptcha runs in China (I assume it does).

xenforo.com

XF 2.2 - Assorted improvements

We're fast approaching the time where we're able to unleash XenForo 2.2 on this very forum but, before we do, we wanted to tell you about a few slightly more miscellaneous features that we've been keeping under our hat. Advanced options switch The eagle-eyed amongst you may have already spotted...
xenforo.com xenforo.com

.. but you need XF 2.2 in order to have it out of the box.
Click to expand...

i am pretty sure CloudFlare is working in China, so i think hcaptcha is working in China. thank you so much, i'll try it
 
Upvote 0 Downvote
Chromaniac said:
developers.google.com

Frequently Asked Questions | reCAPTCHA | Google for Developers

Get answers to questions about reCAPTCHA Enterprise, versions, limits, customization, and more.
developers.google.com developers.google.com

do they block recaptcha.net domain as well? there was a discussion on this in another thread few days ago. not sure if xenforo uses this domain over google's.
Click to expand...

not sure, but recaptcha is not working for me on many sites here in China. i think they just block the whole google family
 
Upvote 0 Downvote
from the looks of it, this should be fixed in next update.

xenforo.com

Fixed - The domain name used by reCAPTCHA in XenForo.

This thread talks about how reCAPTCHA gets used in XenForo. There are some reasons for certain webmasters to prefer reCAPTCHA over hCAPTCHA, hence this thread. To be honest, reCAPTCHA is not blocked by mainland China only if being accessed through "recaptcha.net". The solution of this bug is...
xenforo.com xenforo.com

xenforo is switching to recaptcha.net domain. assuming you are in china, you can just try loading this domain to see if this works?
 
Upvote 0 Downvote
Chromaniac said:
from the looks of it, this should be fixed in next update.

xenforo.com

Fixed - The domain name used by reCAPTCHA in XenForo.

This thread talks about how reCAPTCHA gets used in XenForo. There are some reasons for certain webmasters to prefer reCAPTCHA over hCAPTCHA, hence this thread. To be honest, reCAPTCHA is not blocked by mainland China only if being accessed through "recaptcha.net". The solution of this bug is...
xenforo.com xenforo.com

xenforo is switching to recaptcha.net domain. assuming you are in china, you can just try loading this domain to see if this works?
Click to expand...

we usually don't use Google product here in China if it has alternatives, because you don't know when they gonna block it again, but anyway thank you
 
Upvote 0 Downvote
Brogan said:
Only enable 1.

If you enable 5 at a time, you will never know which one has been compromised by xrumer, so you have to ditch them all.


The spam cleaner is the best tool for the job.
Click to expand...
Thanks for the suggestions guys. Spam cleaner works great usually, but with these attacks, it is labor intensive, took about 5 hours to spam clean all the accounts last time. Is there anyway to do it more automated? We're having a lot of issues here. Thanks.

I will be setting this up soon too:
xenforo.com

Approval queue tools

Premium upgrade: This XF2 add-on along with the entire collection can be purchased for $35.00 USD. Your Premium upgrade will allow you to download as many XF2 add-ons as you like for one year. Please see the entire collection located in the...
xenforo.com xenforo.com
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

cmeinck
  • Question Question
XF 2.0 Stop massive influx of spam
Replies
6
Views
3K
Martok
Martok
O
Massive Spam botnet?
Replies
5
Views
706
Robru
Robru
Sim
Fixed Moderators can access user email addresses via spam cleaner (GDPR legal issue)
Replies
15
Views
4K
Chris D
Chris D
Okenyon
  • Question Question
XF 1.4 Spam issue.
Replies
3
Views
479
Okenyon
Okenyon
Scott Dixon
  • Question Question
XF 1.2 Massive Spam attack
Replies
6
Views
1K
Scott Dixon
Scott Dixon
Back
Top Bottom