XF 1.1 My Forum's Getting Lots Of Spam

[System0]

edit by jake - I just posted a resource that consolidates all of the information from this thread into one guide:
http://xenforo.com/community/resources/dealing-with-forum-spam.980/

I've never had any problems with spam before but when I checked my forum today I saw lots of spam threads. Some were in Russian though many were in English.

I checked some users and they had fully validated their account using Gmail. The spam is undoubtedly automated though.

Some users have signed up using the domain andasio.com.

At the moment I am getting a new thread every few minutes and the IP addresses are all different so there doesn't seem to be any way to stop it

(note: I haven't installed any new add ons or mods in a while so I don't think that's the issue)

I used to have this problem with vBulletin though this is the first time I've ever had a problem with XenForo. It's kind of taken me by surprise to be honest.

Any idea how this is happening and how I can stop it?

Thanks,
Kevin

 

[mike os]

still no problems here..... perhaps because we are a niche market?

 

[Cryptaline]

I have no idea how many have been been blocked by the country blocker (blocking China, India, Russia, Ukraine & assorted other places & anonymous proxies); it doesn't keep any stats.

Do you really think that blocking countries will solve your problems?
I just have one simple question, each day more spammers buying Xrumer or whatever it is. At the end of this or next month all contries will spamm your & other sites. So the question is, are you going to block all contries?

Something strange is going on. I have Q&A turned on, and for experimental purposes we set our only Q&A question to something that can't be answered (like 79876532, or so). There still some new registrations.
How do they skip Q&A section?

Questions with numbers = mnom mnom mnom for bots. Even when you will input answers like this: 6408526562060960698686806896795

 

[DFI]

After the Spam Attack, now another headache on my forum. No one is able to post reply. Disabled all add-on, checked server, rebuild cache but hell no resolution since last One hour.

Looks like XF partytime is over soon due to no modification and improvement since long time.

 

[Edrondol]

Have you opened a ticket here? That's the best way to let the devs know.

 

[DFI]

Yes, Did that almost half an hour back

 

[ManOnDaMoon]

Yes, Did that almost half an hour back

And we're almost sunday...

 

[DFI]

I missed this entire thread and today only came to know that Spam Attack was almost on all XF forums. I did my own way to stop spammers by adding fully customized Q & A along with manual registration and also banning every unwanted country IP and proxy servers.

So, my forum is now spam free. but today a new issue started.

 

[DFI]

Check the Speed of Spam Attack

 

[MikeMpls]

Do you really think that blocking countries will solve your problems?

No, and I didn't say that it did or would. If you had bothered to read my entire post, you would have known that it was one three levels of defense:

1. Banning 4 countries and certain IP ranges are that are sources of hardly anything except spam.
2. Using Xen-Utiles to check the three forum spam databases.
3. Challenge questions.

Collectively they are working very well.

With regard to banning IPs, counties, etc., I would prefer that the "abuse" contacts for the source IP range get an email every time there's a problem, but that's an issue for StopForumSpam, etc., to deal with. If other customers are inconvenienced because spammers have cause them to be blocked, that's too bad. I have wasted countless hours dealing with forum spam from India, China, Russia and the Ukraine for the last several years, and I don't care!.

 

[MichaelDance]

Xrumer don't count it as spam, "spam is un-wanted emails" quoted from their website. SPAM is anything not wanted in our eyes.

 

[Cryptaline]

No, and I didn't say that it did or would. If you had bothered to read my entire post, you would have known that it was one three levels of defense:

1. Banning 4 countries and certain IP ranges are that are sources of hardly anything except spam.
2. Using Xen-Utiles to check the three forum spam databases.
3. Challenge questions.

Collectively they are working very well.

With regard to banning IPs, counties, etc., I would prefer that the "abuse" contacts for the source IP range get an email every time there's a problem, but that's an issue for StopForumSpam, etc., to deal with. If other customers are inconvenienced because spammers have cause them to be blocked, that's too bad. I have wasted countless hours dealing with forum spam from India, China, Russia and the Ukraine for the last several years, and I don't care!.

I see the problem deep enough
If you had bothered to read my entire post,
just as i ve said before:

Xrumer starting to be very popular. At the end of this or next month or next year all contries will spamm your & other sites. Just curious what will you do with your "tower defense".

I'm not trolling etc, just pointing that should be another way to block spammers instead of blocking all countries.

 

[Rho Delta]

Spam is hitting me HARD and my spam cleaner button seems to have disappeared... WTF is going on???

 

[Jake Bunce]

Something strange is going on. I have Q&A turned on, and for experimental purposes we set our only Q&A question to something that can't be answered (like 79876532, or so). There still some new registrations.
How do they skip Q&A section?

As justadam said, numeric answers are very common so bots are programmed to test numeric answers. Use questions with word answers, where the answer is not contained in the question.

But more to the point of your question... bots can pass Q&A by entering the correct answer or by having registered before you implemented Q&A.

 

[Jake Bunce]

Spam is hitting me HARD and my spam cleaner button seems to have disappeared... WTF is going on???

That spam cleaner option is available to mods for "new" users based on this criteria:

Admin CP -> Home -> Options -> Spam Management -> Spam Cleaner User Criteria

 

[MikeMpls]

One emerging trend in the U.S. is to make it a crime to access a computer system/site/whatever in violation of its terms of service. Prosecutors are just starting to figure out how to best use this and have stumbled badly in a couple cases, but in the long term this could be one of our best weapons against XRumer and its customers. Forum spam has been on the rise in large part because effective laws & filtering has checked email spamming.

Step #1 is that we need to tighten up XenForo's "Terms of Service and Rules". This is the default TOS&R that comes with XenForo 1.1.2:

The providers ("we", "us", "our") of the service provided by this web site ("Service") are not responsible for any user-generated content ("Content"). Content posted express the views of their author only.
You agree to not use the Service to post or link to any Content which is defamatory, abusive, hateful, threatening, spam or spam-like, likely to offend, contains adult or objectionable content, contains personal information of others, risks copyright infringement, encourages unlawful activity, or otherwise violates any laws.
We reserve the rights to remove or modify any Content posted for any reason without explanation. Requests for Content to be removed or modified will be undertaken only at our discretion. We reserve the right to take action against any account with the Service at any time.
You are granting us with a non-exclusive, permanent, irrevocable, unlimited license to use, publish, or re-publish your Content in connection with the Service. You retain copyright over the Content.
All Content you submit or upload may be reviewed by staff members. Do not submit any Content that you consider to be private or confidential.
These terms may be changed at any time without notice.
If you do not agree with these terms, please do not register or use this Service. If you wish to close your account, please contact us.

Note that although it prohibits spam, it does not prohibit automated registrations nor the manual creation of signons to be used later under program control, which potentially gives the bots a level of access not available to search engines. We need to add something like:

You agree not to use automated software to complete or assist in registering with us. Your registration must be an entirely manual process completed by a human being.

You agree your log-in will only be used by human beings interacting directly with us, and that your log-in information will not be used by any automated software.

Step #2 is to start forwarding that TOS&R & your XenUtiles logs to the Justice Dept. As the noise level increase, at some point hopefully they will notice and take action. Although XRumer itself is largely out of reach, they have U.S. domain names, customers here and money trails that can be interrupted.

Other countries, the EU, etc., might also have authorities that could act. Site administrators need to research what options are available in their jurisdictions and start lodging complaints.

Email spam was checked (though obviously nowhere near eliminated) because large ISP's filed civil suits and some governments filed criminal cases. ISP's and governments have to deal with email directly, but forum spam isn't as visible to them and we aren't on their radar. We need to get on their radar.

 

[MikeMpls]

So far the most appropriate place I've found for reporting this to the Justice Dept. is their IC3 (Internet Crime Complaint Center) contact form at:

http://www.ic3.gov/contact/default.aspx​

​

​

​

In the comments indicate that your forum at www . xxy . yyy has been degraded by spambots attempting to register under automated program control to create log-ins for use in future spamming, and that this activity is contrary to your TOS&R (include link to TOS&R) and is therefore illegal under U.S. law,then include the log of your latest hundreds or thousands of rejected registerations. Perhaps also help to point the finger at XRumer with a link. Etc.​

​

Their crime-reporting dialog is geared too much toward financial fraud that's already happened. You would have to misrepresent some answers to get to the open-ended questions at the end to convey the info we need to convey.​

 

[MikeMpls]

Can we estimate an economic cost for these intrusions? Has anyone on a pay-by-usage plan (e.g. scalable cloud service) computed the actual costs of servicing each rejected registration attempt? Remember, there are bandwidth costs , front-end CPU time, time or transaction costs on the back-end DB server ... anything else?

My sites are all on flat-rate plans, although one does have a bandwidth cap, so I can't help w/ that data. Right now on my most active site a quarter of the "active users" are spambots banging on the doors & rattling the windows.

 

[RobinHood]

Can we estimate an economic cost for these intrusions?

Approximately $20 billion.

Give or take a few bucks.

 

[MikeMpls]

Approximately $20 billion.

Give or take a few bucks.

Your link is only concerned with email spam. I was asking specifically about forum spam.

 

[RobinHood]

I know, but some of what it talks about is still applicable and I just figured some people might be interested while we were on the subject