XF 1.1 My Forum's Getting Lots Of Spam

System0

System0

Active member
edit by jake - I just posted a resource that consolidates all of the information from this thread into one guide:
http://xenforo.com/community/resources/dealing-with-forum-spam.980/

I've never had any problems with spam before but when I checked my forum today I saw lots of spam threads. Some were in Russian though many were in English.

I checked some users and they had fully validated their account using Gmail. The spam is undoubtedly automated though.

Some users have signed up using the domain andasio.com.

At the moment I am getting a new thread every few minutes and the IP addresses are all different so there doesn't seem to be any way to stop it

(note: I haven't installed any new add ons or mods in a while so I don't think that's the issue)

I used to have this problem with vBulletin though this is the first time I've ever had a problem with XenForo. It's kind of taken me by surprise to be honest.

Any idea how this is happening and how I can stop it?

Thanks,
Kevin
 
Sort by date Sort by votes
HWS said:
These are automated registrations without using the javascript on your web site. Since the ban feature in Xenforo is javascript based only, it doesn't help.

This may be a future "bug" request. :)
Click to expand...

Incorrect. The user datawriter checks the banned email list when inserting a user.
 
Upvote 0 Downvote
Jake Bunce said:
Surges in spam are normal from time to time. I have been witness to several surges on different forum platforms over the years. In this case it appears that a new spam program called XRUMER may be responsible.
Click to expand...
I understand. I am not blaming anyone and I am certainly not saying it is Xenforo's fault for my forum getting spammed. The only thing I was stating was that it doesn't seem normal for so many forums to be under attack by spammers this close together.

Personally, I have taken several measures to stop the spam and it seems to be working. From what I read about XRUMER the easiest solution to slow that particular form of spam program would be a Q&A type registration process since it uses some sort of averaging process to beat the normal captchas. I have also started using XenUtiles.
 
Upvote 0 Downvote
One of my two XF forums have been nailed by the spamming attack; I'm making adjustments on the second one now. Interesting though: the attacked forum was using ReCAPTCHA, the second was using Q&A, and has not seen the volume I've witnessed on the first forum. On the first forum, we manually approve memberships, so nothing got to the forum. But now I have to delete quite a few, and it is only increasing.

My first forum is very low volume. Since this morning when I stumbled out of bed, I've had 29 registrations. This started yesterday. We'd get maybe one spam registration per week that we would have to dump.

MikeMpls said:
The IP addresses that I checked last night were predominately in Russia, with Ukraine coming a strong second, but they were also in western Europe, U.S. and South America. They appear to be using their own computers at home and also using proxies and hijacked computers elsewhere.
Click to expand...

Botnet, perhaps? I've noticed that the IP address locations are scattershot. Can't pinpoint any one country or region.

Jake Bunce said:
Surges in spam are normal from time to time. I have been witness to several surges on different forum platforms over the years. In this case it appears that a new spam program called XRUMER may be responsible.
Click to expand...

Xrumer has been around for several years. Looks like it has been updated to get all nice and cozy with XF. In fact, I think I may have downloaded it several years ago, or something similar, to see how it worked. I don't remember much, but it was scary to see how many forums were listed in the program, and how fast it could bang away at registrations. Mind boggling stuff!

MagnusB said:
Funny how people think this is a problem with xenforo. I might have had one beer too many, but to be honest you are responsible for stopping spam on your site. Sure, the tools xF provides by default could be a little bit better, but with a minimum of effort you can prevent it.
Click to expand...

Definitely not an XF problem; however, I'm sure work will be done in future versions to lock things down a bit more, or improve our spam-fighting tools.

I will say this, though: banning IP addresses, email addresses, etc. are a total waste of time. I also tried checking for empty profile fields, or profile fields filled in with invalid data--it would only take a week or two for the spammers to adjust, and spamming would return with a vengeance. I chased all those during my days using phpBB2, and all of it was wasted work. My last iteration of phpBB2 had probably three dozen customizations, many of those done to combat spam. Just about all of those became useless only weeks after I'd installed them.

The only thing that worked was a "secret code" type of registration system, and the spammers were too dumb to figure it out. It was a variation based on Q&A. What I did was create a handful of random eight-digit numbers. I hard-coded those into a phpBB2 modification I had installed and partially rewrote, and then put the secret code at the bottom of all of the site's pages...including the forum. The hilarious part is that this "secret" code was right at the bottom of the forum registration page! Only a very small number of human spammers ever leaked through. I still have two forums running phpBB2 unfortunately (no funds for XF on those two), but spam is still not a problem for those, surprisingly!

I believe that I based this on a "VIP Code" modification for phpBB2.

Something similar could be done with XF using the existing Q&A system. "Please enter your VIP Code here." Then, put the VIP code elsewhere on the site. I used to display one of my eight codes so it looked like they were randomly generated, while any of the eight would work. As dumb and simple as it was...it worked. At least this is something that might be a little easier for non-spammers--they can copy/paste a VIP code displayed elsewhere on the site, rather than answer a question that spammers might figure out. Changing the VIP codes every so often will help.

I'm sick of this. I've wasted I don't know how many hours (hundreds at least) over the past 10 or more years battling email spam, forum spam, WordPress comment and trackback spam...I'm SO over this. I'm too polite to say what I'd do with all of those effing spammers. :D
 
Upvote 0 Downvote
BTW, it is also obvious that the version of ReCAPTCHA being used by XF has been "broken" since the spammers are now flying past it. I am pretty sure I've seen a newer version that uses a different method to display one of the two words. But I'm still switching to Q&A and perhaps going back to that VIP Code idea, displaying it on the site's home page in a widget. Installing additional plugins on XF for me is not an option.
 
Upvote 0 Downvote
Just a heads up, since we had this little attack, we added the other 2 API's on top of StopForumSpam using XenUtilities, also added one QnA, not a single spam registration passed it.
 
Upvote 0 Downvote
Xrumer, BTW, attempts to use proxies when accessing forums, so the actual computers sending the registrations are hidden. Xrumer also creates the throwaway email accounts on the fly. Therefore, blocking IPs and email addresses is hitting a moving target.

My VIP codes are in place, and I'm alerting the staff to the changes. We've got this nipped in the bud. :)
 
Upvote 0 Downvote
Just a quick update - after changing to Captcha Q/A yesterday evening (after constantly being hit by new spam registrations every minute) - there are no new spam attacks this morning :)

I made the Q/A game related, and if you don't know anything about the game the site is about, you have to look into those questions. I assume spammers don't have time for that, which is exactly why I didn't choose questions like 'what color is grass' etc.

We had new user registrations this morning, but by normal players (can see that because they filled in other fields correctly) - so I hope this means I had the spammers 'blocked' for now.

Thank you =)
 
Upvote 0 Downvote
After reading this thread, I checked the stats on my site, and the number of daily registrations had tripled in the last couple of days, and low and behold, lots of spam posts in the user profiles. That is with QA enabled and specific questions relating to our forum.

XenUtils now installed, with all 3 APIs, so hopefully should see the end of them.
 
Upvote 0 Downvote
My small network alone submitted a few thousand spammers to SFS in the last 48 hours.

I don't know what I will do if I ever meet a spammer in real life.
 
Upvote 0 Downvote
I really got fed up, and after reading quite a few posts went ahead and installed XenUtiles, it not only is stopping bots from registering but it also made by job much easier to delete all the bot accounts which were 120+, I don't know what I'd do without this add-on. At first I was against installing an add-on for this purpose and to wait for 1.2, then it struck my mind that the damage may be too much if I wait it out.

This is my advise to anyone waiting for 1.2 and not taking action right away to stop bot registrations/spammers. Install an add-on you wish (My suggestion, XenUtiles) and keep smiling as you see the registration log get filled with bots getting denied!
 
Upvote 0 Downvote
Upvote 0 Downvote
Divvens said:
I really got fed up, and after reading quite a few posts went ahead and installed XenUtiles, it not only is stopping bots from registering but it also made by job much easier to delete all the bot accounts which were 120+, I don't know what I'd do without this add-on. At first I was against installing an add-on for this purpose and to wait for 1.2, then it struck my mind that the damage may be too much if I wait it out.

This is my advise to anyone waiting for 1.2 and not taking action right away to stop bot registrations/spammers. Install an add-on you wish (My suggestion, XenUtiles) and keep smiling as you see the registration log get filled with bots getting denied!
Click to expand...
I was the same about installing something which would edit the registration process, but after seeing the logs just a few hours in, it goes to show just how good a job it's actually doing, and genuine members are still able to register with no issues.
 
Upvote 0 Downvote
Y'know, it would be nice if xenForo allows you to use RECAPTCHA and QnA at the same time, not "one or the other."

Installing xenUtilities, and I'm going to keep it to this and Tapatalk until 1.2.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

R
  • Question Question
XF 2.1 5,000+ of my forum's 6,800 users are spambots - How to delete them?
Replies
6
Views
525
jeb35
J
Stuart Wright
  • Question Question
XF 2.1 404 Page not found on lots of links after migration. Leading and trailing slashes needed.
Replies
4
Views
709
Stuart Wright
Stuart Wright
jr777
  • Question Question
XF 2.0 Lots of trouble with email system, and not just with 2.0
2
Replies
20
Views
1K
jr777
jr777
shinyidol
Upgraded to 1.4 and still getting lots of spam
Replies
1
Views
732
Paul B
Paul B
Brian O'Neill
  • Question Question
XF 1.2 Getting lots of Undefined variable: fileName errors in Server Error Logs
Replies
2
Views
952
Brian O'Neill
Brian O'Neill
Top Bottom