XF 1.1 My Forum's Getting Lots Of Spam

[System0]

edit by jake - I just posted a resource that consolidates all of the information from this thread into one guide:
http://xenforo.com/community/resources/dealing-with-forum-spam.980/

I've never had any problems with spam before but when I checked my forum today I saw lots of spam threads. Some were in Russian though many were in English.

I checked some users and they had fully validated their account using Gmail. The spam is undoubtedly automated though.

Some users have signed up using the domain andasio.com.

At the moment I am getting a new thread every few minutes and the IP addresses are all different so there doesn't seem to be any way to stop it

(note: I haven't installed any new add ons or mods in a while so I don't think that's the issue)

I used to have this problem with vBulletin though this is the first time I've ever had a problem with XenForo. It's kind of taken me by surprise to be honest.

Any idea how this is happening and how I can stop it?

Thanks,
Kevin

 

[RobinHood]

Anyone *NOT* on this SPAM list ?
http://xenforo.com/community/threads/my-forums-getting-lots-of-spam.35195/page-11#post-401275

Is anyone who has bought branding free and whose site has been live for a decent amount of time not on this spam list?

 

[Robbo]

Anyone *NOT* on this SPAM list ?
http://xenforo.com/community/threads/my-forums-getting-lots-of-spam.35195/page-11#post-401275

Considering savagerebirth.com is on there I think it is safe to assume they go a lot of their list from the website showcase forum. savagerebirth has barely been linked from any other sites as we aren't ready and has very few posts.

 

[Jamie Edwards]

Just wanted to chime in and say that over on Kayako forums - http://forums.kayako.com - we've gone rom about 4-6 spams per day to over 100. We've used reCAPTCHA, but I just switched to Q&A to see if that works.

Given that these bots register a few days beforehand we won't see the effects immediately.

I'd love to see Xenforo host a simple community spam service, where spam reports are submitted to a central server, and Xenforo installations can be configured to check that for spam-banned IPs at registrations (based on a threshold of reports, of course).

Not holding my breath, but this seems to have stemmed most of the issue.

 

[MattW]

keycaptcha + XenUtiles has stopped 100% of spam registrations on my site. Seeing LOADS of attempts still, but at least they are being blocked (520 in the last 48 hours)

 

[Digital Doctor]

What seems weird to me is that ...
From the moderation queue I can delete posts but not a user.
From the AdminCP I can delete users, but not posts.
Very inconvenient.

 

[HWS]

What seems weird to me is that ...
From the moderation queue I can delete posts but not a user.
From the AdminCP I can delete users, but not posts.
Very inconvenient.

Xenforo is not a fully matured forum software. It lacks a lot of features you need to handle basic tasks at a forum site. No mass prune forums or threads or users for ex., if you delete forums, all their threads will stay orphaned in the database forever. This is why I always say that Xenforo is not useable for a serious forum business without addons in it's current state. For some features there are not even official addons, you have to create your own.

 

[Arty]

Anyone *NOT* on this SPAM list ?
http://xenforo.com/community/threads/my-forums-getting-lots-of-spam.35195/page-11#post-401275

Forum I'm running is on that list, but it doesn't get any spam at all. Smart question for Q&A captcha stops it all, while not causing any problems to normal users.

 

[Andy.N]

Is anyone who has bought branding free and whose site has been live for a decent amount of time not on this spam list?

Yes. I know one.

 

[Adam Howard]

I have just added to my addon "Stop Spam Here" a feature "Point Check System" that I call Risk Indicator, with this feature, you could set point for: email domain, username and IP.

In your case, if you see that email from yahoo is higher risk than the another, you could set higher point for this domain (such as: yahoo.com=>50). The same for IP, if you see that IP from Russia is higher risk than the another, you could set IPs from this country with a point (eg: 20.45.14.0/24=>30).

So users from Russia and using yahoo mail would get 80 points and you could configure how we would process for this point from option: Block, Discourage, Moderate, Allow.

I think this would help you rather than block whole IPs or Email Domains

Interesting feature.... Would help if you accepted something other than paypal though.... Paypal is illegal here. But if you come up with an alternative (Google Checkout for example) .... I may invest in this at a later time.

Yahoo though is blocked mostly because it is not reliable... ie... People registery from yahoo don't get confirmation e-mails in a timely manner. Sometimes days, weeks, months, or never at all (re-read my post).

 

[kprojects]

I'm #2576 on the list!

I just started a new section on my webmaster forum this morning to out the companies being linked (paying the spammers for black hat seo).. and posted a story about hostzilla spam a little bit ago.
http://www.webmaster.cm/forums/fight-back-on-spammers.56/

 

[Edrondol]

I added XenUtils and KeyCaptcha. XenUtils has blocked almost 50 registrations in the last hour. Won't know about KC until tomorrow.

Thanks to Jaxel for a wonderful addon!

 

[ManagerJosh]

Interesting. the spam registration rate suddenly just dropped.

 

[MichaelDance]

I would like my favourite captcha to be on XenForo.

http://areyouahuman.com/

What do you guys think?

Also I think we should be able to have both a captcha and the function to do Questions & Answers as-well.

 

[ManagerJosh]

okay..spoke too soon.. they all came back online.

 

[GokouZWAR]

I stopped it easily. I setup the Q&A questions to have no spaces in the sentence. "WhatIsTheGameWePlay?" is one of the questions. Normal humans see a sentence while bots see only one word that shows in no known dictionary and goes WTF? Lol. Worked like a charm.

I still had "guests" showing on my site so:

Second, I checked the list from the post on page 12 or 13 and my site's actual host was being hit but not my redirect my normal users use. Had the host change the sub domain and moved my DNS pointer to the proper address. I have 0 guests on my site now.

Problem solved. I have had 0 spam signups and I didn't even use xenUtils. The Stop Forum Spam website has a minor issue in my opinion: If a user uses a name from that site, then they won't be able to use that user on the site. When they sign up, then their IP is now logged preventing them from changing their username to be allowed to join the site. On top of that now when they sign up on any other site using stop forum spam's database, they won't be able to sign up anywhere else. Also if they change their IP address (as most dynamic IPs do occasionally) I'd hate to be the one that gets that guy's IP on the swing later. How does one prove that it wasn't their IP originally or that the IP was dynamically assigned to them that a spammer used?

Its good for most and obviously works for users here. So I'm not trying to knock XenUtils or anything. I worry about the regular user who gets shafted because they don't update their list or remove real people's association. I occasionally use alternate usernames to signup to my own site for testing purposes. I did this earlier today when I was testing XenUtils and inadvertently used a name that was on the list and got blocked from my own site lol. Bad thing is now my work IP is listed on that site now. Note it does not block an existing user as I was able to log in fine with my admin account. (Thankfully i used a bogus email address for it and not my primary one) I sent in a request to be removed from the list but their admins are clearly over loaded with this recent attack and addition of many new users on the database.

Just food for thought before going with mass database listings to do the work for you.

 

[HannahP]

I don't know what I will do if I ever meet a spammer in real life.

I met a spammer once, and honestly, one of the only regrets I have in my life is that I didn't stick a salad fork into his neck and piss on him while he bled to death.

But I met him at a friend's wedding, so that may not have been appropriate behavior.

It's always something, I tell ya.

 

[GokouZWAR]

I would like my favourite captcha to be on XenForo.

http://areyouahuman.com/

What do you guys think?

Also I think we should be able to have both a captcha and the function to do Questions & Answers as-well.

Omg thats totally awesome and a fun captcha to do. Great idea! I'd like it 100 times if I could. Would be great if xenforo incorporated that into their 1.2 software.

 

[sonnb]

Interesting feature.... Would help if you accepted something other than paypal though.... Paypal is illegal here. But if you come up with an alternative (Google Checkout for example) .... I may invest in this at a later time.

Yahoo though is blocked mostly because it is not reliable... ie... People registery from yahoo don't get confirmation e-mails in a timely manner. Sometimes days, weeks, months, or never at all (re-read my post).

I would try to get some alternate payment method such as: Google Checkout, WebMoney or LZ.

 

[mike os]

Anyone *NOT* on this SPAM list ?
http://xenforo.com/community/threads/my-forums-getting-lots-of-spam.35195/page-11#post-401275

we have only been live with xenforo for about a month.... & we made the list

 

[MichaelDance]

Omg thats totally awesome and a fun captcha to do. Great idea! I'd like it 100 times if I could. Would be great if xenforo incorporated that into their 1.2 software.

I've asked them if they are looking in doing one for Xenforo, and they replied with:

areyouahuman​

6:11pm via HootSuite​

@DanceMichael Thanks for the question! It wasn't on our list, but it is now. Thanks for the suggestion.

So if XenForo could implant it automatically in Xenforo like the ReCaptcha it would be perfect, it will stop bots due to the continue button is when the game is complete, which bot's cant do. It's like KeyCaptcha but easier, and funner than a puzzle.