[OzzModz] Registration Spaminator Stop Spam Bot Registrations [Paid] 2.2.0

[Ozzy47]

ozzy47 updated [OzzModz] Registration Spaminator Stop Spam Bot Registrations with a new update entry:

[OzzModz] Registration Spaminator for XenForo 2.1+ Update 1.1.3

This is an update to remove my IP address from the log viewing permissions for the addon. This has been in the addon form the vB days and was there for me to view the logs if people were complaining about false positives with registrations.

It has been brought to my attention that this is unacceptable. So I have immediately removed the code from the addon and issued an update. This will not happen in any addons again.

Read the rest of this update entry...

 

[JoyFreak]

I think some bot has figured out how to bypass this because they've literally been spamming my forum. Different accounts, with different IPs and each time they post the same thing. No idea how to approach this.

 

[Ozzy47]

I don’t think so, otherwise it would be widespread. If you PM me an admin account I can try to see if I can spot anything wrong.

 

[JoyFreak]

I don’t think so, otherwise it would be widespread. If you PM me an admin account I can try to see if I can spot anything wrong.

It is widespread. I've seen them posting the same thing across other forums too.

 

[Max Taxable]

It is widespread. I've seen them posting the same thing across other forums too.

He means it would be widespread, among Spaminator using sites. Not that the spam itself would be.

 

[JoyFreak]

He means it would be widespread, among Spaminator using sites. Not that the spam itself would be.

I see, but the spammer is targeting gaming websites. I don't know how many gaming websites use this add-on.

 

[gerryvz]

I too, have noticed an uptick in recent weeks in the number of spammers who have successfully registered for my site (although no spam has been posted). I don't know if these are manual registations or not, but there has been an increase.

 

[Max Taxable]

I see, but the spammer is targeting gaming websites.

Are they posting links? If so how are they getting through the regex I saw earlier, Brogan giving you?

 

[gerryvz]

I am only seeing registrations, with the following characteristics:

• Often the registrations have a birth date of Jan 1, 1990
• Generally the registrations have place of "New York"
• Generally the registrations have a spam URL relating to some random keto diet web site

As I said, they never post actual spam.

I also have a country banning add-on, as a lot of the bad registrations were coming from a couple of countries. Unfortunately this doesn't help much as they use VPNs and can register from any place they want to.

 

[Max Taxable]

I too, have noticed an uptick in recent weeks in the number of spammers who have successfully registered

Covid means more human activity online therefore logical to assume more human spammer activity as well?

 

[JoyFreak]

Are they posting links? If so how are they getting through the regex I saw earlier, Brogan giving you?

I don't quite understand what you mean in terms of regex and Brogan.

But yes, they are posting links. The posts are identical. The two countries I've noticed from these accounts are Indonesia and Philippines.

They literally been doing it ALL day today and have also done it in the past. I've been barely able to keep up. They've also been on more than one account at the same time.

I've only about an hour ago, used the challenge via captcha firewall rule for those two countries and they've stopped. I can see that it's been issued several times now and solved twice.

 

[Max Taxable]

I don't quite understand what you mean in terms of regex and Brogan.

Maybe I had you confused with someone else.

On your promotion setup you talk about here:

On our forums, when we get new registrations, the new registered user can make as many posts and threads but they’ll go into approval queue.

After the first post or thread is approved, the user will be promoted to another user group that allows them to post without approval.

The current system makes you wait an hour, I believe the cron runs at :20 of every hour which can be frustrating for us mods and the user. Say they register at :21 and the cron has already run, they will have to wait the full hour.

I think this needs to be handled better so the promotion is instant.

Obviously no spam of any type can be getting publicly posted. So, you're saying you're getting more in your approval que than before.

I don't know if you gave Ozzy ACP access, so if not I would check all of the related template modifications to make sure they're all still active. I would then put the mod in test mode and have a look at the resulting registration page.

 

[JoyFreak]

Maybe I had you confused with someone else.

On your promotion setup you talk about here:

Obviously no spam of any type can be getting publicly posted. So, you're saying you're getting more in your approval que than before.

Yeah, luckily I have a system in place where new registrations will need thread/post approval. So luckily they are not made public unless a staff member approves them. But the doesn't stop them from registering and continuing to do it. If they were human, they'd have given up by now with that system in place but they keep doing it.

 

[Max Taxable]

If they were human, they'd have given up by now with that system in place

We often see registration accomplished by a human, THEN the posting done by automation. It's nothing new at all.

 

[Max Taxable]

Yeah, luckily I have a system in place where new registrations will need thread/post approval.

I use a similar system but do it instead only when first X posts contain links. If no link, post is public. Greatly cuts down on moderation que.

 

[JoyFreak]

We often see registration accomplished by a human, THEN the posting done by automation. It's nothing new at all.

But how would you know it's a human?

 

[Max Taxable]

But how would you know it's a human?

Because it's one cheap way to get past captchas, Q&A, and etc. Then the automated spam program takes over, making posts. It's old as the web itself.

 

[Max Taxable]

I would check all of the related template modifications to make sure they're all still active. I would then put the mod in test mode and have a look at the resulting registration page.

Did you do any of this? Let's make sure the addon is active and operating properly first.

 

[Max Taxable]

Additionally, while in test mode open a different browser and register an account while checking one of the boxes or filling in one of the false fields, let's make sure that register attempt is rejected.

 

[JoyFreak]

Because it's one cheap way to get past captchas, Q&A, and etc. Then the automated spam program takes over, making posts. It's old as the web itself.

But explain this...

The user(s) register from two countries:
1. Philippines
2. Indonesia

Bare in mind that the IPs all vary. I've had probably like over 50 registrations already. More than one user registering at a time, online at a time, posting at a time.

All threads/posts are identical.

They are also found spamming other gaming forums with the same identical posts/threads. I can even show you some of them.

About an hour ago, I added those two countries on CloudFlare's firewall and challenging them with a captcha. They've stopped. The Captcha is continuing to be issued. Only two have been solved. But since this, I haven't had any more spams.

Of course, I will continue to use this and continue to monitor the registerations. But if I don't hear or see anything from them in the next few days to a week, then it's definitely an automated bot. They've probably cracked this add-on.

Did you do any of this? Let's make sure the addon is active and operating properly first.

Template mods are still active and during test mode the registration shows custom fields. The add-on is in working order.