XF 1.1 My Forum's Getting Lots Of Spam

System0

Active member
edit by jake - I just posted a resource that consolidates all of the information from this thread into one guide:
http://xenforo.com/community/resources/dealing-with-forum-spam.980/


I've never had any problems with spam before but when I checked my forum today I saw lots of spam threads. Some were in Russian though many were in English.

I checked some users and they had fully validated their account using Gmail. The spam is undoubtedly automated though.

Some users have signed up using the domain andasio.com.

At the moment I am getting a new thread every few minutes and the IP addresses are all different so there doesn't seem to be any way to stop it

(note: I haven't installed any new add ons or mods in a while so I don't think that's the issue)

I used to have this problem with vBulletin though this is the first time I've ever had a problem with XenForo. It's kind of taken me by surprise to be honest.

Any idea how this is happening and how I can stop it?

Thanks,
Kevin
 
Thanks Jake.

I'm not sure if I want to go down that route to be honest, as users could get pissed off and leave if their posts are not approved quickly.

I've just installed AntiSpam and XenUtiles. I'm looking into StopSpam as well

At the moment I'm using Google ReCaptcha. Are questions and answers better to prevent spam registration?
 
I'm getting proper hammered on both my sites. it really does look like the honeymoon period is other for Xenforo in regards to spam, the bots back with a vengeance.
 
Me too akia. All 3 of my forums have been getting spammed by the same people today. It's a royal pain in the ass. Hopefully these add ons will resolve the issue.
 
If you have a relatively low instance of signups and are on your board regularly, use manual approval AND a question and answer. THE QA will even have most human spammers leaving....if it is good enough.

Manual approval lets you look at their IP location first and also their username and email - you can apply your own fuzzy logic to that. For instance, in my case I know that most all signups from cable companies (comcast, verizon, etc.) are good.

But if you have more than 10 or 20 signups per day, this gets a bit tedious. Still, I do it even when we have that many.
 
Woke up this morning to the same thing. Around 15 new spam accounts hammered my site overnight. I have 3 Q and A's set up. Time to change them I guess.
 
My main forum is getting between 10-15 sign ups a day. I have three forums though and between them it's probably closer to 30 new members a day. I simply don't have the time to go through each account manually and vet people.

Also, before today, I've never had a problem with spam. I'd consider manual approval a last resort due to the time and energy it takes. I wouldn't rule it out if spammers keep coming back.

:)
 
If you have a relatively low instance of signups and are on your board regularly, use manual approval AND a question and answer. THE QA will even have most human spammers leaving....if it is good enough.

Manual approval lets you look at their IP location first and also their username and email - you can apply your own fuzzy logic to that. For instance, in my case I know that most all signups from cable companies (comcast, verizon, etc.) are good.

But if you have more than 10 or 20 signups per day, this gets a bit tedious. Still, I do it even when we have that many.

Outdated advice...

This registration seems to be automatied, and the challenge questions only slow them down enough to adjust their scripts. The IP addresses are centered in Russia/eastern Europe but elsewhere as well.

I ended up turning off new member registrations in 5 of my 6 XF boards tonight, still took me an hour & a half to clean up the mess. Fortunately I was still up & working on line, I hate to see much crud would have been there if I'd hadn't noticed for another 8-10 hours.
 
I've turned on manually approval, but in the time since my last post i've got 62 account waiting, all spam, i've tried recaptcha and Q&A's
 
Yeah, almost all Xenforo Sites are under SPAM attack today. We have changed the whole registration process to a custom one at our site, so we fortunately had no problem.
 
If you have a relatively low instance of signups and are on your board regularly, use manual approval AND a question and answer. THE QA will even have most human spammers leaving....if it is good enough.

Manual approval lets you look at their IP location first and also their username and email - you can apply your own fuzzy logic to that. For instance, in my case I know that most all signups from cable companies (comcast, verizon, etc.) are good.

But if you have more than 10 or 20 signups per day, this gets a bit tedious. Still, I do it even when we have that many.
If you really get hit by spam you will have to deal with 30 - 40 signups per day that are just spam sign ups. That happened to me once, and in the end I got so angry that I started using blacklists addons to screen the registrations, even though that was against my better judgement. It worked, but I feel that is a last resort situation.

I started getting spam registrations the last few days as well, so I guess that RECAPTCHA is no longer an option. I set up a Q&A, but very simple math questions with a mix of word, symbols and numbers. Seems to do the trick so far, and it is easy to maintain.
 
I use usergroup promotion so that my registered user group is locked down tight and unlocked more people post, but I want to make it so that all new posts have to be approved, but can't work out how. can anyone help?
 
phew, glad it is not just us

any idea why banning registrations from gmail is not working?.... I can't register a new account using gmail, but these *******s can?
setting in banned emails is *@gmail.com and *gmail.com
 
Top Bottom