XF 1.1 My Forum's Getting Lots Of Spam

[System0]

edit by jake - I just posted a resource that consolidates all of the information from this thread into one guide:
http://xenforo.com/community/resources/dealing-with-forum-spam.980/

I've never had any problems with spam before but when I checked my forum today I saw lots of spam threads. Some were in Russian though many were in English.

I checked some users and they had fully validated their account using Gmail. The spam is undoubtedly automated though.

Some users have signed up using the domain andasio.com.

At the moment I am getting a new thread every few minutes and the IP addresses are all different so there doesn't seem to be any way to stop it

(note: I haven't installed any new add ons or mods in a while so I don't think that's the issue)

I used to have this problem with vBulletin though this is the first time I've ever had a problem with XenForo. It's kind of taken me by surprise to be honest.

Any idea how this is happening and how I can stop it?

Thanks,
Kevin

 

[robdog]

Definitely need to switch the Q&A. I have noticed a lot of spammers using proxies to signup to my site, avoiding the block country add-on, they logging back in with blocked country IPs.

Going through my sites today to delete the accounts in question and then change my Q&A's.

 

[ineedhelp]

HELP!!!!!!


I delete them and they just keep pouring in....

Since saturday I must have deleted over a 100+ I'd say....

 

[Chris D]

tl;dr

Just to confirm is one of the suggestions to move from reCAPTCHA to Q&A only?

 

[Chris D]

I'm just playing around with a few ideas.

The following is something I could easily develop into an add-on.

What if my CAPTCHA question was this:
Enter one of the words that appears on <a href="CAPTCHA" class="OverlayTrigger">this page</a>.

And what if that overlay displayed one random word out of an array of 10 words. Any one of those 10 words is an answer to my "question".

That's nice and simple for the end user, right? But the beauty is it would probably confuse the hell out of the spam bots for a while.

 

[Abracadaniel]

Don't forget, that those spammers are real people. 10% of my registrations passed by human (after answering QA).

 

[intradox]

Have not had many spam problems and i use captcha questions only. Only one spam "bot" per week and I get ~50 regular members signed up a day.

 

[ineedhelp]

So far I've switched to Q&A and it's stopped the spammers.... I think what a good idea will be is to randomly keep updating the Q&A everyday or whenever the spammers start returning.

 

[erich37]

tl;dr

Just to confirm is one of the suggestions to move from reCAPTCHA to Q&A only?

yes.

 

[Ashley.S.]

XenUtiles on it's own seems to be stopping the best part of the spammers on my small community with them being denied registration

 

[mike os]

seems to have calmed down now?

not had any spam registrations since changing to q&a yesterday, real users are still getting through ok

 

[Roo]

I've switched to Q & A and added XenUtiles - which has blocked around 360 spam registrations in the last 24 hours - and also added Deny Country. But some are slipping through the net still, I'd say about 2 to 3 an hour. Some of these IPs resolve to locations in Russia or Ukraine, both of which are on my 'deny' list, so I don't know why those are getting through. I'm still having to watch the site like a hawk to delete spam registrations and/or posts. I just switched 'Registration Heuristics' to High in XU to see if that helps - what setting do you guys have it on? And can anyone suggest anything else I can do to stop these spammers? Thanks a lot.

 

[Stimo]

Ive always been on Q&A and keep changing back and forth and nothing is stopping these spammers!

 

[Walter]

Some observations coming from a network of 30+ forums using

• Q&A
• 3 spam defense sites queries (e.g. stopforumspam)
• GEO-IP rules to block countries

After some 48 hours fighting against the new flood and automatically reporting a five figure number (!) of spammers to the spam defense sites I see:

• Their new tool is quite good, it tries a large number of username/ip/email variations
• They are able to solve or guess many Q&A questions. Definitely some calculations like (2+2=4) but even questions like "Is fire hot or cold?" If your question is answerable with a number, they simply try all numbers.
• They are doing batches, some of my sites are flooded in 2 hour batches, their forum list has to be huge.
• We are currently able to stop 97% of spammers automatically, but thats not enough - the reminding 3% takes to much time to remove (that equals hundreds of spammres coming through!)

If your site still has no spammers coming through and you think Q&A protects you: just wait.

We need better weapons.

 

[RobinHood]

It would be good to know which Q&A a user is presented with when they register, so if spammers do get through on a Q&A you can take that one out of the mix and create tougher ones.

 

[Andy.N]

Some observations coming from a network of 30+ forums using

• Q&A
• 3 spam defense sites queries (e.g. stopforumspam)
• GEO-IP rules to block countries

After some 48 hours fighting against the new flood and automatically reporting a five figure number (!) of spammers to the spam defense sites I see:

• Their new tool is quite good, it tries a large number of username/ip/email variations
• They are able to solve or guess many Q&A questions. Definitely some calculations like (2+2=4) but even questions like "Is fire hot or cold?"
• They are doing batches, some of my sites are flooded in 2 hour batches, their forum list has to be huge.
• We are currently able to stop 97% of spammers automatically, but thats not enough - the reminding 3% takes to much time to remove (that equals hundreds of spammres coming through!)

If your site still has no spammers coming through and you think Q&A protects you: just wait.


We need better weapons.

I use that same layers of protection, and when spammers got through and post spam threads, I have sonb - Spam addon which use Askimet to see if a post has links in it, etc.
It will automatic block that spammer and alerts me.

 

[Jake Bunce]

They are able to solve or guess many Q&A questions. Definitely some calculations like (2+2=4) but even questions like "Is fire hot or cold?"

I suspect you can improve your odds with better Q&A. What about using a question that doesn't contain the answer (hot/cold)? For example, "how many fingers are on a human hand?" And questions that don't have numeric answers are probably stronger. Numeric answers are so common with Q&A that I would expect bots to arbitrarily try a range of low numbers. A good one might be, "what is the last word in the domain name of this site?" Something like that would be stronger.

 

[Digital Doctor]

The latest round of spammers *ALL* use gmail.
Maybe there could be tougher rules for someone trying to sign up with gmail.

 

[Jake Bunce]

You know what would make a good verification question? Create a required custom field with a PHP callback:

http://xenforo.com/community/resources/custom-user-field-callback-validate-value.379/

Ask the user to type in a palindrome. The callback would allow you to validate input like that, where there isn't a correct answer but rather a correct format. Though you would want to impose some restrictions, like alpha characters only, and at least x number of characters. That way bots can't accidentally satisfy the palindrome with simple guesses like numbers.

A custom user field with a callback allows for lots of interesting possibilities if you are handy enough with code to do some string stuff.

 

[kprojects]

The xenutils has blocked 15 attempts on my forum in the last hour. I'm also using Q&A like "spell terminal backwards".. Then I have it paired up with the new user registration email add-on so I can check the ones that get through..

 

[swatme]

I'm just playing around with a few ideas.

The following is something I could easily develop into an add-on.

What if my CAPTCHA question was this:
Enter one of the words that appears on <a href="CAPTCHA" class="OverlayTrigger">this page</a>.

And what if that overlay displayed one random word out of an array of 10 words. Any one of those 10 words is an answer to my "question".

That's nice and simple for the end user, right? But the beauty is it would probably confuse the hell out of the spam bots for a while.

this is a nice idea chris.
let say a forum for car collectors..
the question would be

- what car is this [random graphics of the car ] ?

i also suggest to coordinate with solvemedia.com to have an addon for solvemedia + the random graphics

go chris!