XF 1.1 My Forum's Getting Lots Of Spam

System0

System0

Active member
edit by jake - I just posted a resource that consolidates all of the information from this thread into one guide:
http://xenforo.com/community/resources/dealing-with-forum-spam.980/

I've never had any problems with spam before but when I checked my forum today I saw lots of spam threads. Some were in Russian though many were in English.

I checked some users and they had fully validated their account using Gmail. The spam is undoubtedly automated though.

Some users have signed up using the domain andasio.com.

At the moment I am getting a new thread every few minutes and the IP addresses are all different so there doesn't seem to be any way to stop it

(note: I haven't installed any new add ons or mods in a while so I don't think that's the issue)

I used to have this problem with vBulletin though this is the first time I've ever had a problem with XenForo. It's kind of taken me by surprise to be honest.

Any idea how this is happening and how I can stop it?

Thanks,
Kevin
 
Sort by date Sort by votes
Just had a first spambot in months that bypassed SFS. I also noticed this:

dumbcrawlers.png


30 minutes before the attack, an 80legs crawler went through the site when I checked the access logs. They seem to be used by advertisers for targeted ads. Users can request crawls on websites to mine data really fast. I blocked the crawler in robots.txt, but also heard it may take a very long time for the crawler to start obeying it (unless you contact their support).
 
Upvote 0 Downvote
I'm back, since Friday night, the memberlist got bombarded with new members, I think it has been due to the SFS policy changes of not being listed without proof so you can't block them unless you get a 100% match :mad:

Thank god for me blocking links, emails & conversations during the first few posts. I have now switched over to KeyCAPTCHA so hopefully that will stop them getting through now :cool:
 
Upvote 0 Downvote
Ashley.S. said:
I'm back, since Friday night, the memberlist got bombarded with new members, I think it has been due to the SFS policy changes of not being listed without proof so you can't block them unless you get a 100% match :mad:

Thank god for me blocking links, emails & conversations during the first few posts. I have now switched over to KeyCAPTCHA so hopefully that will stop them getting through now :cool:
Click to expand...
It should.

I've not had a single spammer since my switch
 
Upvote 0 Downvote
i just want to know in SFS do i need to have a separate API key for every domain?
or i can just use single API key for all the xf domain names i have...
 
Upvote 0 Downvote
It sure seems like someone hates XF. I've never had much spam before (like 5 banned users in one year...). I've deleted or banned over 200 in the last few days. I got the
sonnb - Stop Spam Here addon and it already blocked what ever spam I got last night. It seems to be working well!
 
Upvote 0 Downvote
chrishill said:
It sure seems like someone hates XF. I've never had much spam before (like 5 banned users in one year...). I've deleted or banned over 200 in the last few days. I got the
sonnb - Stop Spam Here addon and it already blocked what ever spam I got last night. It seems to be working well!
Click to expand...
They're still getting through registration on my site using that addon, however they are not able to post the spam. Are you getting the same results or did you change up the default settings a bit?
 
Upvote 0 Downvote
jmurrayhead said:
As do I. I don't have the pro plan, however.
Click to expand...
Make sure you have most of the boxes checked. Defaults have most everything unchecked. Go through it and make sure Akismet and SFS are turned on, and block registrations. I would make post actions in moderation. It busted one of my forums spam because of the links. Works very nicely.

I would use something to track down the spammers and delete all of them before using preemptive measures. Sometimes they could be already registered and it will only block the posts, that's why I like to be notified of the posts if I forgot to ban/delete a spammer.
 
Upvote 0 Downvote
chrishill said:
Make sure you have most of the boxes checked. Defaults have most everything unchecked. Go through it and make sure Akismet and SFS are turned on, and block registrations. I would make post actions in moderation. It busted one of my forums spam because of the links. Works very nicely.

I would use something to track down the spammers and delete all of them before using preemptive measures. Sometimes they could be already registered and it will only block the posts, that's why I like to be notified of the posts if I forgot to ban/delete a spammer.
Click to expand...
Yeah, I checked most of the boxes when I set it up. I just checked the 'Users awaiting approval' area in the admin cp and found about 10 or so since I installed it. The rest are getting through, but unable to post anything. Are you using the point checking system? If so, did you add additional IP's, usernames or email domains to check?
 
Upvote 0 Downvote
jmurrayhead said:
Yeah, I checked most of the boxes when I set it up. I just checked the 'Users awaiting approval' area in the admin cp and found about 10 or so since I installed it. The rest are getting through, but unable to post anything. Are you using the point checking system? If so, did you add additional IP's, usernames or email domains to check?
Click to expand...
Nah I haven't set that up yet, but you could add disposable email like mail15 mailinator etc etc. I also screen my users by checking if they're valid Minecraft users, since I run a Minecraft Forum. That removes all of them that get through the antispam.
 
Upvote 0 Downvote
Ever since the 80legs crawler and embedding the screenshot from my XenForo domain, the spambots have literally spammed the registrations. Even with all three antispam APIs filled in, I'm getting about five spambots each day through. The registration log is being hammered too.
 
Upvote 0 Downvote
Found this on wikipedia, might be of use if it is accurate...

XRumer by default fills in every password field on a page, including those that are hidden. This has been discussed as a method of detection and blocking
Click to expand...

A way to stop this might be to create a hidden password field on the registration page, and to block the registration if this field is populated with any value (assuming the quote from wikipedia is correct).
 
Upvote 0 Downvote
Seems they are trying to hit back in force again, it had died down a few days ago, but now they seem to be trying again. Thankfully it seems that since re-tweaking the XenUtils settings around & adding KeyCAPTCHA they seem to be keeping held at bay again :cool:
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

R
  • Question Question
XF 2.1 5,000+ of my forum's 6,800 users are spambots - How to delete them?
Replies
6
Views
525
jeb35
J
Stuart Wright
  • Question Question
XF 2.1 404 Page not found on lots of links after migration. Leading and trailing slashes needed.
Replies
4
Views
709
Stuart Wright
Stuart Wright
jr777
  • Question Question
XF 2.0 Lots of trouble with email system, and not just with 2.0
2
Replies
20
Views
1K
jr777
jr777
shinyidol
Upgraded to 1.4 and still getting lots of spam
Replies
1
Views
732
Paul B
Paul B
Brian O'Neill
  • Question Question
XF 1.2 Getting lots of Undefined variable: fileName errors in Server Error Logs
Replies
2
Views
952
Brian O'Neill
Brian O'Neill
Top Bottom