XF 1.1 My Forum's Getting Lots Of Spam

[System0]

edit by jake - I just posted a resource that consolidates all of the information from this thread into one guide:
http://xenforo.com/community/resources/dealing-with-forum-spam.980/

I've never had any problems with spam before but when I checked my forum today I saw lots of spam threads. Some were in Russian though many were in English.

I checked some users and they had fully validated their account using Gmail. The spam is undoubtedly automated though.

Some users have signed up using the domain andasio.com.

At the moment I am getting a new thread every few minutes and the IP addresses are all different so there doesn't seem to be any way to stop it

(note: I haven't installed any new add ons or mods in a while so I don't think that's the issue)

I used to have this problem with vBulletin though this is the first time I've ever had a problem with XenForo. It's kind of taken me by surprise to be honest.

Any idea how this is happening and how I can stop it?

Thanks,
Kevin

 

[swatme]

I suspect you can improve your odds with better Q&A. What about using a question that doesn't contain the answer (hot/cold)? For example, "how many fingers are on a human hand?" And questions that don't have numeric answers are probably stronger. Numeric answers are so common with Q&A that I would expect bots to arbitrarily try a range of low numbers. A good one might be, "what is the last word in the domain name of this site?" Something like that would be stronger.

TIPS:
instead of typing the question in this format: how many fingers are on a human hand?"

i suggest to type it this way: howManyFingersAreonaHumanHand?"
or
howmany fingersareon ahumanhand?"

that way they wont be able to read the sentence

 

[T.S.]

Cloudflare is another easy way to block entire countries like Russia.

 

[AlexT]

Deleted.

 

[Cryptaline]

The thing is that blocking country isnt a good way to solve any problem you have.
Use Q&A and add questions like this:

Earth, alternative names?

Terra, Gaia
Terra
Gaia


/

NASA, motto?

For the Benefit of All

Very easy to answer or to find an answer by googling Earth. However, spamers wont pass through it, trust me.
2 days and dont have even a single spamer on our forums

 

[kprojects]

I've thought about Q&A questions that could only be answered by people involved in the forum niche.. but it would probably hurt registrations from people new to the niche

ie: for a jetski forum: Which manufacturer makes the SuperJet?
or an atv forum: When was the last production year for Yamaha's banshee?

it'd end up with 4 total users probably

 

[T.S.]

Blocking whole countries I find extreme and discriminatory. Instead, create a new usergroup and use it for users from countries where lots of spam originates from. Apply restrictions as required. Allow for later promotion of innocent users into the normal usergroup.

It depends on the forum topic in my opinion. Some have worldwide appeal, but some are more region specific. The only accounts that have ever registered from Russia or India on my forums were spammers. Mostly xrumer bots from Russia and human SEO services from India.

 

[CTXMedia]

In addition to the Q&A I also restrict the initial registered usergroup so they can't upload files/images or have a signature (they get those features after x no. posts).

 

[Taxi]

I just wanted to add another data point to this. My forum started getting hit hard on Saturday as well, same scenario as what have been reported before. (Russian messages, IPs in European countries, IPs always changing, able to defeat ReCAPTCHA etc.)

I started moderating new users, but that became a huge headache because there is no "select all" option at the moderation screen, and by default the forum wants to send the user a message about why they were rejected, which I did not want to do, so that meant two clicks per spam user, and that gets tedious when you're talking 40-50 rejects.

So I disabled new registrations for now (our forum is very small so the impact of this is negligible) but somehow this morning they were able to register one last time. Very strange.

 

[Brent W]

Maybe setting up a cron that changes from reCaptcha to question ever x hours or day would help? They would never know if they are going to get ReCaptcha or a question.

 

[Andy.N]

Maybe setting up a cron that changes from reCaptcha to question ever x hours or day would help? They would never know if they are going to get ReCaptcha or a question.

They would care less. This is all machines running thousands of attacks per minute. If human is involved, they will get in anyway.

 

[Sheldon]

I added a Q&A, asking "What is four plus 6"?

Haven't had a new registration (spam) make it through yet.

 

[Andy.N]

I added a Q&A, asking "What is four plus 6"?

Haven't had a new registration (spam) make it through yet.

Why don't you take it a step further
_______ minus (-45.5) equals (-32.8)

 

[Brent W]

So who wants to shell out the 600 dollars for the software so we can see every option it has?

 

[Digital Doctor]

What about tweaking the login process ?

(1) For people with less than 5 posts or no likes ...
When they click [Log In] ... require them to do some manual AJAX thing, like dragging a piece of paper into a basket with the mouse ... and move the location of the paper and basket for each login.

(2) Ignore [ ]Stay logged in for users with less than 5 posts ?

 

[Digital Doctor]

What about tweaking the login process ?

(1) For people with less than 5 posts or no likes ...
When they click [Log In] ... require them to do some manual AJAX thing, like dragging a piece of paper into a basket with the mouse ... and move the location of the paper and basket for each login.

(2) Ignore [ ]Stay logged in for users with less than 5 posts ?

Especially if they have a GMAIL as their email address.

 

[RobinHood]

Why don't you take it a step further
_______ minus (-45.5) equals (-32.8)

Your double negative Q&A had me actually having to think for a few seconds when I registered on your site. If these human bots get too good you'll need to change it to a solve for x, or differential equation on there!

So who wants to shell out the 600 dollars for the software so we can see every option it has?

There's a demo available on their site. This part of their FAQ made me chuckle

2. Isn't it a spam-bot?
In no way XRumer acts like a spam-bot since spam is defined in legislation as 'unsolicited email', whereas XRumer simply posts messages created by users, which cannot be illegal providing the user does not violate the legislation by provoking racial hatred or anything prohibited by the law. Besides, in most cases XRumer is smart enough to find sections like 'Flood', 'Off topic', 'Flame', 'Chit-chat' where advertising takes place with the permission from moderators and webmasters. XRumer is not an email spam bomber and should not be confused with such software. The laws of USA, Russia, Canada, Spain, Germany, France and other countries explicitly state the illegal nature of email spam which XRumer has nothing to do with.

3. Why posting messages in forums is more efficient than spamming through email?!
See for yourself. E-mail spam has been annoying people for a long time now, and quite efficient ways of fighting unsolicited email have been developed and made publicly available. For an email spammer every 1 out of 1000 emails reaching a potential reader is already luck because 999 emails are blocked by spam filters implemented both by ISP's and home users alike. Forums and guestbooks make it way different. These are places people come to read voluntarily. Any posted message will be read at least by one moderator. But a well-composed message with correctly placed links in its body will initiate a live discussion over it, leading to clicks and high rankings in Search Engines. It's not just efficient – it's smart to a degree where most people would not believe software to be capable of.

 

[HWS]

So who wants to shell out the 600 dollars for the software so we can see every option it has?

Xenforo should. And analyze it to provide an upgrade.
But...

In addition it hurts that Xenforo lacks that many administration features. Dealing with a lot of threads or users to delete or even to manually confirm is a task Xenforo cannot provide well enough.

 

[AlexT]

Deleted.

 

[Brent W]

How terrible does Gmail sign up security have to be to let them farm email accounts like this?

 

[RobinHood]

When they click [Log In] ... require them to do some manual AJAX thing, like dragging a piece of paper into a basket with the mouse ... and move the location of the paper and basket for each login.

I like those types of captchas, not sure if they can be beaten by bots or not. Demo

Not going to stop humans though..