New xEvil is defeating hCaptcha it seems

Stuart Wright

Well-known member
Had hCaptcha in front of our custom contact form for a long time, but spam has been coming through since early July. The spam is actually mostly promoting xEvil, which is what I'm assuming is defeating hCaptcha.
So I've changed the verification method and will update you if it doesn't work.
Has anyone else noticed xEvil spam?
Scum bags, aren't they?
 

z3r010

Active member
The thing I found to be the most useful at stopping bots from registering was adding a Cloudflare JS challenge before the registration page (I had to change the page to open as a page rather than a popup for it to work though).
 

Blackbeard

Well-known member
I use Cloudflare to block certain known countries from accessing the contact, login, and registration page. If they are they are blocked, they are forwarded to a "Please email us link page". I looked my membership is not affected, and SEO shouldn't be as well. Not a solution for everyone, but another possibility.
 

Alpha1

Well-known member
More exactly I think its XRumer 19.0.11 adding:
  • increased the rate of successful registrations on XenForo
Apparently XRumer 19 and xEvil 5 work together. xEvil decodes the captcha and XRumer has XenForo targetting and uses AI to do the rest.
Spam software is getting much smarter unfortunately.
 

Wildcat Media

Well-known member
My moderators haven't mentioned much of a spam uptick, but I am considering this add-on, and similar add-ons:

 

Anthony Parsons

Well-known member
I have used cloudflare JS on my site for a long time now, no bot spam, and we allow public posting, no captcha at all. We get little human spam too simply through using XF moderation permissions.

Cloudflare JS and Cloudflare bot control is your one-stop-shop to stopping all bot spam.
 

chrisf

Member
We have custom questions for registration so have not seen any spam there but we are seeing a bunch of it on the contact form. Is there a way to keep the built in contact form but just change its URL? I suspect these bots are just scanning for the /misc/contact url. Thanks
 

alt⟨div⟩

Well-known member
I just came to this forum to open a thread about a sudden influx of spam accounts I've been getting. Prior to this, I would only get 1-4 a month. I'm not sure if mine are from the same people, though.
 

Attachments

  • Screen Shot 2022-07-21 at 1.19.58 PM.png
    Screen Shot 2022-07-21 at 1.19.58 PM.png
    286 KB · Views: 22
  • Screen Shot 2022-07-21 at 1.20.29 PM.png
    Screen Shot 2022-07-21 at 1.20.29 PM.png
    320.3 KB · Views: 22

ENF

Well-known member
We have custom questions for registration so have not seen any spam there but we are seeing a bunch of it on the contact form. Is there a way to keep the built in contact form but just change its URL? I suspect these bots are just scanning for the /misc/contact url. Thanks
We just got rid of the contact form and redirected the URL back to the main site page. We have an separate support system that people can contact us through if there's a real need. It has its own filter/spam control system and it's rare we see any attempted spam get through to our staff this way.
I just came to this forum to open a thread about a sudden influx of spam accounts I've been getting. Prior to this, I would only get 1-4 a month. I'm not sure if mine are from the same people, though.
Not necessarily the same people but more likely they are using the same software (quoted above) to spew out the spam.

So far for us, the Q&A database has been effective in keeping spammers out and those that do get through, first posts are moderated for all new accounts.
 
Top