XF 1.1 My Forum's Getting Lots Of Spam


Active member
edit by jake - I just posted a resource that consolidates all of the information from this thread into one guide:

I've never had any problems with spam before but when I checked my forum today I saw lots of spam threads. Some were in Russian though many were in English.

I checked some users and they had fully validated their account using Gmail. The spam is undoubtedly automated though.

Some users have signed up using the domain andasio.com.

At the moment I am getting a new thread every few minutes and the IP addresses are all different so there doesn't seem to be any way to stop it

(note: I haven't installed any new add ons or mods in a while so I don't think that's the issue)

I used to have this problem with vBulletin though this is the first time I've ever had a problem with XenForo. It's kind of taken me by surprise to be honest.

Any idea how this is happening and how I can stop it?


mike os

Active member
nope, ban was set this morning, registrations this afternoon....

one thought... do i need to run a cron to update settings? or is it a case of registration before but validation after ban?


Well-known member
What kind of spam are people getting?

I've just been onto a phpBB forum the chap there has had about 70 spam prescription drug threads since 10am. Unfortunately he's not online to delete them.

Wondering if it's more than just XF affected.

Jake Bunce

Well-known member
Recaptcha and Q&A will help stop automated registrations. But they do nothing for human registrations, or human assisted registrations. That means some spammers will get through. Those that get through must be dealt with manually. The spam cleaner tool in XF is great for this. If you don't have the time or moderator coverage on your forum to adequately deal with these spammers then you can enable account moderation:

Admin CP -> Home -> Options -> User Registration -> Enable Manual Approval

These pending accounts must be approved by an admin. The link is on the Home page in the Admin CP:

Screen shot 2012-08-18 at 8.29.45 AM.png

Or you can use promotions to enable moderation of posts for new users:


That is how you deal with spam.


Well-known member
I was getting hammered on 2 of my forums. Saw one of Jakes posts about blocking country's. Installed it on one site, blocked RU, no spam since... other site, still getting hammered. Installing and blocking RU on 2nd site ;) Thanks Jake!


Active member
I turned on Question and answers on, and it seemed to have died down myself, but I gained 30+ bots last night alone that destroyed the forum with spam, it is crazy.

I cannot simply block a country since some of my actual members are from Russia :/


Well-known member
Human or Bot spam is not necessarily a 'security' issue. Just one of those nuisances that must be dealt with constantly when running a forum. Just have to make it as difficult for those bots and human spammers to do their thing.


Active member
Did you find a specific bug?

A surge in spam doesn't necessarily mean there is a flaw in XF. Spam is a normal occurrence, and surges in spam are known to happen from time to time.

Its so random though! This isnt a normal thing as I think anyone in this thread would agree.. I get no spam bots what so ever as I have all the security addons in place ready.. but in 5 hours i now have 15 sign ups?!!? Bit random that.


Well-known member
Its so random though! This isnt a normal thing as I think anyone in this thread would agree.. I get no spam bots what so ever as I have all the security addons in place ready.. but in 5 hours i now have 15 sign ups?!!? Bit random that.
What sites are targeted are random. I had a site that had no spam for over a year, then suddenly it got targeted hard, and over night there were daily around 30 spam sign ups. The best thing you can do is to deal with as best you can.


Well-known member
phew, glad it is not just us

any idea why banning registrations from gmail is not working?.... I can't register a new account using gmail, but these *******s can?
setting in banned emails is *@gmail.com and *gmail.com

These are automated registrations without using the javascript on your web site. Since the ban feature in Xenforo is javascript based only, it doesn't help.

This may be a future "bug" request. :)


Well-known member
What did you change? Is it something that others can temporarily implement?

You need to change some variable name at the registration form. But this may be to complicated for a quick fix.

I think it also would help if you add any custom field (with some check for a correct value) to your registration that new users have to fill out to be successfully registered. It may even be a useless fake field. "Write SOMETHING into the text field:".

This way your forum registration is different from all other Xenforo boards and the automated bot cannot register any more.