New xEvil is defeating hCaptcha it seems

Stuart Wright

Stuart Wright

Well-known member
Had hCaptcha in front of our custom contact form for a long time, but spam has been coming through since early July. The spam is actually mostly promoting xEvil, which is what I'm assuming is defeating hCaptcha.
So I've changed the verification method and will update you if it doesn't work.
Has anyone else noticed xEvil spam?
Scum bags, aren't they?
 
The thing I found to be the most useful at stopping bots from registering was adding a Cloudflare JS challenge before the registration page (I had to change the page to open as a page rather than a popup for it to work though).
 
I use Cloudflare to block certain known countries from accessing the contact, login, and registration page. If they are they are blocked, they are forwarded to a "Please email us link page". I looked my membership is not affected, and SEO shouldn't be as well. Not a solution for everyone, but another possibility.
 
More exactly I think its XRumer 19.0.11 adding:
  • increased the rate of successful registrations on XenForo
Apparently XRumer 19 and xEvil 5 work together. xEvil decodes the captcha and XRumer has XenForo targetting and uses AI to do the rest.
Spam software is getting much smarter unfortunately.
 
My moderators haven't mentioned much of a spam uptick, but I am considering this add-on, and similar add-ons:

xenforo.com

[OzzModz] Contact Us Spaminator

Sick and tired of your inbox getting flooded with spam coming from the "Contact Us" system on your xenforo install(s)? You've tried everything and still it persists? You even shut off the "Contact Us" form to guest visitors? You need the...
xenforo.com xenforo.com
 
I have used cloudflare JS on my site for a long time now, no bot spam, and we allow public posting, no captcha at all. We get little human spam too simply through using XF moderation permissions.

Cloudflare JS and Cloudflare bot control is your one-stop-shop to stopping all bot spam.
 
We have custom questions for registration so have not seen any spam there but we are seeing a bunch of it on the contact form. Is there a way to keep the built in contact form but just change its URL? I suspect these bots are just scanning for the /misc/contact url. Thanks
 
I just came to this forum to open a thread about a sudden influx of spam accounts I've been getting. Prior to this, I would only get 1-4 a month. I'm not sure if mine are from the same people, though.
 

Attachments

  • Screen Shot 2022-07-21 at 1.19.58 PM.webp
    Screen Shot 2022-07-21 at 1.19.58 PM.webp
    90.6 KB · Views: 24
  • Screen Shot 2022-07-21 at 1.20.29 PM.webp
    Screen Shot 2022-07-21 at 1.20.29 PM.webp
    100.4 KB · Views: 25
chrisf said:
We have custom questions for registration so have not seen any spam there but we are seeing a bunch of it on the contact form. Is there a way to keep the built in contact form but just change its URL? I suspect these bots are just scanning for the /misc/contact url. Thanks
Click to expand...
We just got rid of the contact form and redirected the URL back to the main site page. We have an separate support system that people can contact us through if there's a real need. It has its own filter/spam control system and it's rare we see any attempted spam get through to our staff this way.
sixlxvi said:
I just came to this forum to open a thread about a sudden influx of spam accounts I've been getting. Prior to this, I would only get 1-4 a month. I'm not sure if mine are from the same people, though.
Click to expand...
Not necessarily the same people but more likely they are using the same software (quoted above) to spew out the spam.

So far for us, the Q&A database has been effective in keeping spammers out and those that do get through, first posts are moderated for all new accounts.
 
You must log in or register to reply here.
Back
Top Bottom