New xEvil is defeating hCaptcha it seems

[Stuart Wright]

Had hCaptcha in front of our custom contact form for a long time, but spam has been coming through since early July. The spam is actually mostly promoting xEvil, which is what I'm assuming is defeating hCaptcha.
So I've changed the verification method and will update you if it doesn't work.
Has anyone else noticed xEvil spam?
Scum bags, aren't they?

 

[RobinHood]

Scum bags, aren't they?

Oh I don't know, just going by the name they sound like a friendly enough bunch.

 

[z3r010]

The thing I found to be the most useful at stopping bots from registering was adding a Cloudflare JS challenge before the registration page (I had to change the page to open as a page rather than a popup for it to work though).

 

[Blackbeard]

I use Cloudflare to block certain known countries from accessing the contact, login, and registration page. If they are they are blocked, they are forwarded to a "Please email us link page". I looked my membership is not affected, and SEO shouldn't be as well. Not a solution for everyone, but another possibility.

 

[Alpha1]

More exactly I think its XRumer 19.0.11 adding:

• increased the rate of successful registrations on XenForo

Apparently XRumer 19 and xEvil 5 work together. xEvil decodes the captcha and XRumer has XenForo targetting and uses AI to do the rest.
Spam software is getting much smarter unfortunately.

 

[Wildcat Media]

My moderators haven't mentioned much of a spam uptick, but I am considering this add-on, and similar add-ons:

[OzzModz] Contact Us Spaminator

Sick and tired of your inbox getting flooded with spam coming from the "Contact Us" system on your xenforo install(s)? You've tried everything and still it persists? You even shut off the "Contact Us" form to guest visitors? You need the...

xenforo.com

 

[Anthony Parsons]

I have used cloudflare JS on my site for a long time now, no bot spam, and we allow public posting, no captcha at all. We get little human spam too simply through using XF moderation permissions.

Cloudflare JS and Cloudflare bot control is your one-stop-shop to stopping all bot spam.

 

[chrisf]

We have custom questions for registration so have not seen any spam there but we are seeing a bunch of it on the contact form. Is there a way to keep the built in contact form but just change its URL? I suspect these bots are just scanning for the /misc/contact url. Thanks

 

[Alternadiv]

I just came to this forum to open a thread about a sudden influx of spam accounts I've been getting. Prior to this, I would only get 1-4 a month. I'm not sure if mine are from the same people, though.

 

[ENF]

We have custom questions for registration so have not seen any spam there but we are seeing a bunch of it on the contact form. Is there a way to keep the built in contact form but just change its URL? I suspect these bots are just scanning for the /misc/contact url. Thanks

We just got rid of the contact form and redirected the URL back to the main site page. We have an separate support system that people can contact us through if there's a real need. It has its own filter/spam control system and it's rare we see any attempted spam get through to our staff this way.

I just came to this forum to open a thread about a sudden influx of spam accounts I've been getting. Prior to this, I would only get 1-4 a month. I'm not sure if mine are from the same people, though.

Not necessarily the same people but more likely they are using the same software (quoted above) to spew out the spam.

So far for us, the Q&A database has been effective in keeping spammers out and those that do get through, first posts are moderated for all new accounts.

 

[digitalpoint]

The thing I found to be the most useful at stopping bots from registering was adding a Cloudflare JS challenge before the registration page (I had to change the page to open as a page rather than a popup for it to work though).

Ended up making this a one-click setup option in my Cloudflare add-on, just FYI...

[DigitalPoint] Cloudflare - Updates

xenforo.com

 

[FTL]

Scum bags, aren't they?

Yes.