XF 1.1 My Forum's Getting Lots Of Spam

System0

System0

Active member
edit by jake - I just posted a resource that consolidates all of the information from this thread into one guide:
http://xenforo.com/community/resources/dealing-with-forum-spam.980/

I've never had any problems with spam before but when I checked my forum today I saw lots of spam threads. Some were in Russian though many were in English.

I checked some users and they had fully validated their account using Gmail. The spam is undoubtedly automated though.

Some users have signed up using the domain andasio.com.

At the moment I am getting a new thread every few minutes and the IP addresses are all different so there doesn't seem to be any way to stop it

(note: I haven't installed any new add ons or mods in a while so I don't think that's the issue)

I used to have this problem with vBulletin though this is the first time I've ever had a problem with XenForo. It's kind of taken me by surprise to be honest.

Any idea how this is happening and how I can stop it?

Thanks,
Kevin
 
Sort by date Sort by votes
Wow, I didn't think I had any attempts yesterday, but perhaps I did an no one got through - is there somewhere in the standard XF ACP you can see failed registration attempts?

I've been using Q&A since setting up each forum, so that obviously helped yesterday.

I installed XenUtiles as a precaution last night and added API keys for all three spam registration engines. XenUtiles adds a registration log on the Tools tab. In the last 15 hours two of my sites have had over 100 attempts on each. One site I haven't even started promoting yet, so it's only got a handful of users.

I'm still getting attempts every 2-20mins according to the log.
 
Upvote 0 Downvote
I don't have time to read through all of this however I am being hit at mercenarydesign.com.au as well and if it gets bad enough will make add-on/s to fight against it. I know of one method which adds nothing extra to the user but should stop bots at least for a while. Is there any other methods people want to try out in this thread?

The best protection from these kind of bots is creating your own custom registration system, obviously not for everyone but I might write a tutorial on it so you can make all your POST data etc custom making it so unless specifically targeted you should be fine.
 
Upvote 0 Downvote
Robbo said:
I don't have time to read through all of this however I am being hit at mercenarydesign.com.au as well and if it gets bad enough will make add-on/s to fight against it. I know of one method which adds nothing extra to the user but should stop bots at least for a while. Is there any other methods people want to try out in this thread?

The best protection from these kind of bots is creating your own custom registration system, obviously not for everyone but I might write a tutorial on it so you can make all your POST data etc custom making it so unless specifically targeted you should be fine.
Click to expand...
I would be interested in that tutorial. I've just resorted to utilities and Q & A and we're doing okay.
 
Upvote 0 Downvote
Sylar said:
I would be interested in that tutorial. I've just resorted to utilities and Q & A and we're doing okay.
Click to expand...
I have been planning on starting a XenForo related technical blog however I am waiting until I move to a new host and have time to do it. Unfortunely I also have basically no time for months due to the Media Gallery commitment so don't see this happening for some time.

However if this spam issue is bad enough I will find time to fight it as it would obviously be something that could give XenForo a bad name and that affects me. A dynamically created registration form could work so the bots couldn't recognize fields... I'll have to research a bit :/
 
Upvote 0 Downvote
i had about a dozen spam signups over the weekend and thought that was really bad... until i looked at my logs and saw xenutils (with no q&a) had blocked over 400 registration attempts in the past 3 days.

spam.webp
 
Upvote 0 Downvote
This is getting ridiculous now haha, I've gone from not having any spambots ever to now having over 100 in 3 days?! What has gone off??!? I installed the said ban country add-on but russians are still signing up!
 
Upvote 0 Downvote
XenUtiles offers a lot of great goodies... I was however able to resolve the russian bogus registrations (so far, so good!) by switching from the ReCaptcha option to the Q & A, in the native XenForo Admin system. So far, so good!
 
Upvote 0 Downvote
Yeah good idea to change the questions. I also have mine configured that I DO verify they've purchased my publication before I grant them rights... I added a form field that requires a valid order number.

I would however like to know if there's any mod that could add pattern matching to that field as currently if there is ANYthing in it, the do did get to sign up, before I pulled Re-Captcha and added the custom questions.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

R
  • Question Question
XF 2.1 5,000+ of my forum's 6,800 users are spambots - How to delete them?
Replies
6
Views
523
jeb35
J
Stuart Wright
  • Question Question
XF 2.1 404 Page not found on lots of links after migration. Leading and trailing slashes needed.
Replies
4
Views
708
Stuart Wright
Stuart Wright
jr777
  • Question Question
XF 2.0 Lots of trouble with email system, and not just with 2.0
2
Replies
20
Views
1K
jr777
jr777
shinyidol
Upgraded to 1.4 and still getting lots of spam
Replies
1
Views
730
Paul B
Paul B
Brian O'Neill
  • Question Question
XF 1.2 Getting lots of Undefined variable: fileName errors in Server Error Logs
Replies
2
Views
950
Brian O'Neill
Brian O'Neill
Top Bottom