XF 1.1 My Forum's Getting Lots Of Spam

System0

Active member
edit by jake - I just posted a resource that consolidates all of the information from this thread into one guide:
http://xenforo.com/community/resources/dealing-with-forum-spam.980/


I've never had any problems with spam before but when I checked my forum today I saw lots of spam threads. Some were in Russian though many were in English.

I checked some users and they had fully validated their account using Gmail. The spam is undoubtedly automated though.

Some users have signed up using the domain andasio.com.

At the moment I am getting a new thread every few minutes and the IP addresses are all different so there doesn't seem to be any way to stop it

(note: I haven't installed any new add ons or mods in a while so I don't think that's the issue)

I used to have this problem with vBulletin though this is the first time I've ever had a problem with XenForo. It's kind of taken me by surprise to be honest.

Any idea how this is happening and how I can stop it?

Thanks,
Kevin
 

HWS

Well-known member
ALL of the Xenforo sites I know and I've visited today had and have a spam problem. It seems that this is a huge organized SPAM attack at all 1.300 known live Xenforo sites.

Except a single one: xenforo.com

Jack: Did you get SPAM registrations too today? And if not: Why are you left out of this attack?
 

polle

Active member
I changed to approve manually the accounts and I just see how a bot registered, stay there like 5 minutes and nothing appears under users awaiting moderation.

How is that possible ?
 

M@rc

Well-known member
I ended up turning off new member registrations in 5 of my 6 XF boards tonight, still took me an hour & a half to clean up the mess. Fortunately I was still up & working on line, I hate to see much crud would have been there if I'd hadn't noticed for another 8-10 hours.
I've turned off new registrations last night as well (and deleted all current spammers). Stopped all of the spammers right at the door, ;) (but unregistered users will turn their backs - that's the downfall).
However, I added a link to my FaceBook and Twitter accounts for people to contact me if they wish to open an account at the forum.

The spammer is definitely this guy: http://xenforo.com/community/threads/do-you-have-an-angryuser.34810/

On registration at my forum, there's an extra field to add. The user inserted "123456", the same number used for AngryUser (and every spam account created).
 

3rd AnGle

Well-known member
funny.. i came in here to ask the same thing..

btw few of you suggested we should use both ReCaptcha and Q&A... how could we do that? I can see options for using either reCaptcha or QnA but not both in User registration option
 

HWS

Well-known member
The spammer is definitely this guy: http://xenforo.com/community/threads/do-you-have-an-angryuser.34810/

On registration at my forum, there's an extra field to add. The user inserted "123456", the same number used for AngryUser (and every spam account created).

Yes, this obviously was a test run.

Add a new custom field to the registration process and check its entry. Like "Please write 'WORLD' into this field:" and check if the new user entered "WORLD". This will halt automated spam registrations until the spammer has changed his script.
 

HWS

Well-known member
Check this post http://xenforo.com/community/thread...ns-from-a-specific-country.35196/#post-399609 and the posts after that.

For now only Russian version of Xrumer is updated. The update on the Xrumer english version is going to be released in a week. Botmaster has specially mentioned XenForo spamming capabilities of the updated Xrumer. This software can churn out 1000 posts per minute. Expect to get nailed like crazy :(

It seems that a big automated spammer script has got an update with Xenforo "support".

I think Xenforo developers should check that script (how it attacks Xenforo) and get out an update VERY soon to protect from that malware!

Otherwise we all have to live with that spam problem for a long time.
 

akia

Well-known member
Its so random though! This isnt a normal thing as I think anyone in this thread would agree.. I get no spam bots what so ever as I have all the security addons in place ready.. but in 5 hours i now have 15 sign ups?!!? Bit random that.
I've found its mainly down to a piece of software called GSA Search Engine Ranker, it was recently updated to work with xenforo, ever since then I'm getting battered by spammers. You can tell as all the spam has quite a obvious signature.
 

Lykke

Well-known member
Same issue on one of my forums here as well. Been spending a lot of time to clean up and they keep coming.

I just switched from captcha to Q/A - and now I get this error when trying to click on 'who's online' list:


Undefined variable: userActivity
  1. XenForo_Application::handlePhpError() in LNBlog/ControllerPublic/Entries.php at line 225
  2. LNBlog_ControllerPublic_Entries::getSessionActivityDetailsForList()
  3. call_user_func() in XenForo/Model/Session.php at line 312
  4. XenForo_Model_Session->addSessionActivityDetailsToList() in XenForo/ControllerPublic/Online.php at line 50
  5. XenForo_ControllerPublic_Online->actionIndex() in XenForo/FrontController.php at line 310
  6. XenForo_FrontController->dispatch() in XenForo/FrontController.php at line 132
  7. XenForo_FrontController->run() in /var/www/vhosts/cyreneforum.com/httpdocs/index.php at line 13

I do not have the error if I switch back again :(
 
Top