XF 1.1 My Forum's Getting Lots Of Spam

System0

System0

Active member
edit by jake - I just posted a resource that consolidates all of the information from this thread into one guide:
http://xenforo.com/community/resources/dealing-with-forum-spam.980/

I've never had any problems with spam before but when I checked my forum today I saw lots of spam threads. Some were in Russian though many were in English.

I checked some users and they had fully validated their account using Gmail. The spam is undoubtedly automated though.

Some users have signed up using the domain andasio.com.

At the moment I am getting a new thread every few minutes and the IP addresses are all different so there doesn't seem to be any way to stop it

(note: I haven't installed any new add ons or mods in a while so I don't think that's the issue)

I used to have this problem with vBulletin though this is the first time I've ever had a problem with XenForo. It's kind of taken me by surprise to be honest.

Any idea how this is happening and how I can stop it?

Thanks,
Kevin
 
Sort by date Sort by votes
iTuN3r said:
Well i have xenutiles installed /keycaptcha but somehow there's lot of traffic coming through hongkong/china in last 2 days deleted over 25 accounts seems like they are human spammers.
Click to expand...
Have you tried StopCountrySpam (to black list that country for human spammers), unless your forum is relevant to that country

There is also FoolBotHoneyPot ( to stop many Xrumer/bot attempts) << This acutaly creates a unique registration page, since every feild needed to be filled in is a UUID (as opposed to name / email / password), and the default fields are hidden traps for the bot to fill out, there is also sonbs StopForumSpam
 
Upvote 0 Downvote
I'm still getting a lot of registration spam getting through. Is there any add on which lets you automatically delete members with 0 posts after a set number of days. Most of the registration spam members I am getting do not post - they're simply adding links to their profile.
 
Upvote 0 Downvote
Upvote 0 Downvote
Correct. Perma-banned users cannot have their profiles viewed by anyone except those with this permission:

Admin CP -> Users -> List User Groups -> [click a group] -> Bypass user privacy
 
Upvote 0 Downvote
Thanks Jake. I read through that today.

The only solutions I've yet to try are the paid add ons. The 'Are You Human' add on looks good but causes an error during registration. It seems it doesn't connect to the service correctly. Haven't used honeypot or country banner yet (I don't want to exclude whole countries if I can).

I'm still getting new registrations every 20-30 minutes. Will look into it more and try out a few more things :)
 
Upvote 0 Downvote
I've now all API's for all three services running on xenutilities. Spam registrations are still occurring. The same ip or email seems to register 2 or 3 accounts and then it changes.
 
Upvote 0 Downvote
Your current mechanisms will only stop known bots by looking up IP addresses / emails /usernames, if they are unknown bots (which we will see more of soon) they will get though the StopForumSpam and other DB look ups

Try the free CAPTCHA: CustomImgCaptcha .... http://xenforo.com/community/resources/customimgcaptcha.1161/
It will work hand in hand with all of the other mechanisms you have (The honeypot may make XenUtils ineffective, but does work with CustomImgCatpcha, but you might not need the honeypot once you have CustomImgCapcha, I would advise at least a double net to catch spam though)

You might think the customImgCaptcha is a simple mechanism, but it's long lasting (It can't be targeted any time in the near future)... it can also be customised for your site

If they are still getting through, check your access logs and search for their IP to find out how they registered, this is usually found on your server here:
/access-logs/yourforum..txt

... I have noticed a worrying trend, some bots are starting to get though the FaceBook registration system (let me know if this is also the case)

I belive this is now being target by some bot users, as most anti-spam mechanisms have not covered this area and no CAPTCHA is present in the FaceBook registration, this makes it easy for bot users to create one FB account then use this account to bypass lots of bot mechanism for many forums... I'm looking at making the CAPTCHAs (including CustomImgCaptcha) also cover this area.
 
Upvote 0 Downvote
System0 said:
Thanks Jake. I read through that today.

The only solutions I've yet to try are the paid add ons. The 'Are You Human' add on looks good but causes an error during registration. It seems it doesn't connect to the service correctly. ...:)
Click to expand...
Can you tell me what error? I did not get any error with the published version and XenForo v1.1.3. I have no connection problems. Try xenfacil.com register.

Salud2
 
Upvote 0 Downvote
tenants said:
Your current mechanisms will only stop known bots by looking up IP addresses / emails /usernames, if they are unknown bots (which we will see more of soon) they will get though the StopForumSpam and other DB look ups

Try the free CAPTCHA: CustomImgCaptcha .... http://xenforo.com/community/resources/customimgcaptcha.1161/
It will work hand in hand with all of the other mechanisms you have (The honeypot may make XenUtils ineffective, but does work with CustomImgCatpcha, but you might not need the honeypot once you have CustomImgCapcha, I would advise at least a double net to catch spam though)

You might think the customImgCaptcha is a simple mechanism, but it's long lasting (It can't be targeted any time in the near future)... it can also be customised for your site

If they are still getting through, check your access logs and search for their IP to find out how they registered, this is usually found on your server here:
/access-logs/yourforum..txt

... I have noticed a worrying trend, some bots are starting to get though the FaceBook registration system (let me know if this is also the case)

I belive this is now being target by some bot users, as most anti-spam mechanisms have not covered this area and no CAPTCHA is present in the FaceBook registration, this makes it easy for bot users to create one FB account then use this account to bypass lots of bot mechanism for many forums... I'm looking at making the CAPTCHAs (including CustomImgCaptcha) also cover this area.
Click to expand...

Thanks for taking the time to write such a long detailed response. I'm installing that plugin on my forums just now. Hopefully this will greatly reduce spam sign ups without annoying users too much. :):)

lms said:
Can you tell me what error? I did not get any error with the published version and XenForo v1.1.3. I have no connection problems. Try xenfacil.com register.

Salud2
Click to expand...

The exact error is:

A server error occurred. Please try again later.
Click to expand...
 
Upvote 0 Downvote
System0, that errror you mentioned is a genreal error

If you look in your admin control panel >> tools > server errors

You should be able to dig out a more detailed error (helping "are you human" dev to fix the issue... if it is an issue with that plug-in)
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

R
  • Question Question
XF 2.1 5,000+ of my forum's 6,800 users are spambots - How to delete them?
Replies
6
Views
525
jeb35
J
Stuart Wright
  • Question Question
XF 2.1 404 Page not found on lots of links after migration. Leading and trailing slashes needed.
Replies
4
Views
709
Stuart Wright
Stuart Wright
jr777
  • Question Question
XF 2.0 Lots of trouble with email system, and not just with 2.0
2
Replies
20
Views
1K
jr777
jr777
shinyidol
Upgraded to 1.4 and still getting lots of spam
Replies
1
Views
732
Paul B
Paul B
Brian O'Neill
  • Question Question
XF 1.2 Getting lots of Undefined variable: fileName errors in Server Error Logs
Replies
2
Views
952
Brian O'Neill
Brian O'Neill
Top Bottom