XF 1.1 My Forum's Getting Lots Of Spam

[System0]

edit by jake - I just posted a resource that consolidates all of the information from this thread into one guide:
http://xenforo.com/community/resources/dealing-with-forum-spam.980/

I've never had any problems with spam before but when I checked my forum today I saw lots of spam threads. Some were in Russian though many were in English.

I checked some users and they had fully validated their account using Gmail. The spam is undoubtedly automated though.

Some users have signed up using the domain andasio.com.

At the moment I am getting a new thread every few minutes and the IP addresses are all different so there doesn't seem to be any way to stop it

(note: I haven't installed any new add ons or mods in a while so I don't think that's the issue)

I used to have this problem with vBulletin though this is the first time I've ever had a problem with XenForo. It's kind of taken me by surprise to be honest.

Any idea how this is happening and how I can stop it?

Thanks,
Kevin

 

[Digital Doctor]

It comes with the latest upgrade of XRumer.

How many IPB forums are there ?
What about vBulletin ?

Do you have those stats ?

 

[AlexT]

Deleted

 

[ManOnDaMoon]

For now, Sonnb addon Stop Spam Here has stopped all of the numerous registration attempts from spammers since yesteday on Kosminea (about 60).
My Q&A did not block many. I suppose one should also avoid colors on top of maths... I'm struggling finding questions that are not too tricky and not too simple, as a big part of my target members are youngsters.

2) Started using CloudFlare

I did that too today, both for speed and security reasons. Do you have data in your threat stats yet? Did this block some of the spammers?

 

[ManagerJosh]

Checked, and they found my test board license and my actual site.

 

[Andy.N]

I think it should be quite trivial to run a google query and parse the result into the list.
In my opinion, this is a good exercise for all admin so that they can pay more attention with their site security, spam prevention, etc.
As a result, many sites are now less prone to current method of attacks.

It's a cat and mouse game. We get better, they get better. It's fun.

 

[jmurrayhead]

Not that it is of any direct help, check out the attach list of (mostly) XF forums to see if you are on their target list.

if all of these were actually paid licenses, it kind of gives you an idea of how much money XF has made.

 

[cmeinck]

Note that user submitted links are given a "nofollow" attribute to prevent them from having any SEO impact. Exceptions are made for admins / mods.

I don't believe that no-follow is sufficient enough for Google. Not to mention, some spammers will attempt to point other spammy links to these profiles. Regardless of whether they are no-follow, your site will start to see a spammy backlink profile. That's definitely not good in the post-Penguin age.

Is there a way to completely remove this section or remove privileges. I delete 10-20 of these per day.

 

[cmeinck]

Not that it is of any direct help, check out the attach list of (mostly) XF forums to see if you are on their target list.

I've got all of my forums on there. Great.

 

[Digital Doctor]

Anyone know if the Bots registered a long time ago ... and then come to life a few days or weeks later ?
or do they register and then post right away ?
or both ?

 

[ManagerJosh]

last night. 94 pages. right now... 126 pages of spam registration attempts

 

[Edrondol]

Yup. I had about 1000 new accounts in the space of a couple days. It happened during my wife's birthday so I was away. My mods took care of the posts but couldn't completely blow away the users.

I actually removed them all in the database. It was easier.

 

[ManagerJosh]

For those of you waiting for the "antispam" tools from XenForo 1.2, I suggest you guys do not wait and look into using one of the third-party free plugins. Looking at the data we've been capturing and sending to the various antispam solutions, there is a general upward trend.

 

[GokouZWAR]

Not that it is of any direct help, check out the attach list of (mostly) XF forums to see if you are on their target list.

Why am I on this list for? Where did you get it? What is the reporter of that list?

 

[Taxi]

Anyone know if the Bots registered a long time ago ... and then come to life a few days or weeks later ?
or do they register and then post right away ?
or both ?

Both. I found "questionable" registrations from back in mid June. (Random names, and Russian/Ukrainian IP addresses.)

My forum is so small that if they don't post, I rarely take note of them. But there were maybe 3/4 registrations per week before Mr. "why did you delete my account" guy showed up, which I'm guessing was some test/trigger that gets you on the Xrumer list.


Edit: I should add that switching from reCAPTCHA to Q/A has eliminated all of the spam registrations on my site... for now.

 

[Taxi]

Why am I on this list for? Where did you get it? What is the reporter of that list?

It's the list of sites that the xrumer software is using to spam XF forums.

 

[Walter]

Looking at the data we've been capturing and sending to the various antispam solutions, there is a general upward trend.

Yours is below 100? Mine is in the 800 mark this week

 

[Walter]

In this minute SFS ran out of mysql connections

If the addons can't connect to SFS....
Hope the best.

 

[GokouZWAR]

It's the list of sites that the xrumer software is using to spam XF forums.

oh really? Again, how do they obtain my tiny little nothing website with a whole 21 users signed up to it when I don't even really advertise heavily? What do they hope to gain from attacking my site?

I have all the guest stuff disabled so my users have no clue this is even going on. It's just a rather annoying thing to have to go delete about 100 sign ups a day who are still pending email confirmation.

Is there anyway to automate the delete process if a user is not email confirmed after 24 hours so I can basically ignore all this? I got better things to do with my time then deal with garbage like this. I'd just as soon let them continue to sign up and just leave them in the database but I do have a limit and I'd rather not wait till i have 100,000 users in my database to have to go thru and delete them then. The deleting process is really annoying since there doesn't appear to be a way to mass delete the users from the database without manually deleting them from the MySQL database...:\ At least leave me in the user list instead of throwing me back to the main menu...

 

[Digital Doctor]

Anyone *NOT* on this SPAM list ?
http://xenforo.com/community/threads/my-forums-getting-lots-of-spam.35195/page-11#post-401275

 

[ManagerJosh]

oh really? Again, how do they obtain my tiny little nothing website with a whole 21 users signed up to it when I don't even really advertise heavily? What do they hope to gain from attacking my site?

I have all the guest stuff disabled so my users have no clue this is even going on. It's just a rather annoying thing to have to go delete about 100 sign ups a day who are still pending email confirmation.

Is there anyway to automate the delete process if a user is not email confirmed after 24 hours so I can basically ignore all this? I got better things to do with my time then deal with garbage like this. I'd just as soon let them continue to sign up and just leave them in the database but I do have a limit and I'd rather not wait till i have 100,000 users in my database to have to go thru and delete them then. The deleting process is really annoying since there doesn't appear to be a way to mass delete the users from the database without manually deleting them from the MySQL database...:\ At least leave me in the user list instead of throwing me back to the main menu...

XenUtiles should aid in that