Please.. need ideas on combatting GUMMIES and KETO postings

R

rockymountainmotos

Member
I'm being hit with several new users posting gummies and keto spam each and every day. I do use the Spam/Clean function, but its just never ending. I'm not a Xenforo expert, so I'm sure I'm not doing something right to keep these scammers away from my forum.

A simple solution would be to auto ban and delete any user/post that contains the words Gummies or Keto in the subject or body. Is this possible?

Thanks in advance for any help!
 
Sort by date Sort by votes
xenforo.com

Signup abuse detection and blocking

From (simple) multiple accounts detection to isp/connection fingerprinting with score-based moderating/rejecting logic. These are very effective low-hanging fruit at reducing spam. Supports migration configuration from the following XF1 add-ons...
xenforo.com xenforo.com

I use this add-on, and other than having to reject some bots every so often it has blocked almost all spam.

I know others also use this add-on: https://xenforo.com/community/resou...-spaminator-stop-spam-bot-registrations.7410/
 
Upvote 1 Downvote
Do you also have keys for the built in spam prevention tools? Those do catch most attempts at registering.

Cloudflare Turnstile
Stopforumspam.com database lookup
DNSBL lookup DNS Blacklist/Project Honeypot
Akismet

Stopping them from registering in the first place is a good goal.

If there is a certain string of text they always post, you can put that phrase in xenforo to be flagged for manual review, too. (Spam Phrases under Spam Management section) I have seconds set to 35 on that screen, before the submit button works, and some added fields regarding the forum's focus. Their answers help us to better screen anyone questionable.

I also use these to help with screening and managing new registrations:
Country Access Check from XF2 / Andy
Register Email from XF2 / Andy
Activation Email Reminder/User Purger from Ozzy47

It has been years since we had a spammer get through. If it became a problem, we would probably go with one of the two (paid) solutions above.
 
Upvote 0 Downvote
Rhody said:
Cloudflare Turnstile
Stopforumspam.com database lookup
DNSBL lookup DNS Blacklist/Project Honeypot
Akismet
Click to expand...

This right here is all I do on all my forums and I have very little, to no, problems with spammers getting through. Most of the ones I do have are actual users, not bots, who are trying to advertise their sites.

That said, on one site the nature of the posting causes Akismet to block a lot of genuine posts so the moderators have to spend time approving those. But, we only check the first 10, or so, posts so we let the members know that after they get there they won't have those issues anymore. Been the same way for years and the members don't seem to mind a little delay with their posts in exchange for the site being relatively spam-free.
 
Upvote 0 Downvote
Forsaken said:
I use this add-on, and other than having to reject some bots every so often it has blocked almost all spam.

I know others also use this add-on: https://xenforo.com/community/resou...-spaminator-stop-spam-bot-registrations.7410/
Click to expand...

I paid for that first add-on but found it way too cumbersome, and the wording of the options way too confusing, for it to be of any use to me. I did not renew it as I gave up fighting with it after a month or two and disabled it.

The Spaminator add-ons do a great job of stopping all the automated stuff, which helps lessen the load for staff. Setting XF's remaining spam tools tends to catch just about all of the spam, as there are some triggers we can watch for that are unique to our forums. It's rare something will get past, and with a "crowd moderation" add-on we use, if two or more members report a post, spam that does get posted is soft deleted immediately. We do, however, avoid Akismet as what @mjda says is true--I always found it blocked mostly legitimate posts, and in our case anyway, it hardly ever flagged anything as spam.
 
Upvote 0 Downvote
Wildcat Media said:
We do, however, avoid Akismet as what @mjda says is true--I always found it blocked mostly legitimate posts, and in our case anyway, it hardly ever flagged anything as spam.
Click to expand...

One forum I had was that way. It flagged a lot of legitimate posts but I haven't had many instances where it let spam through. Sure, some will get through, but the majority of that automated stuff is thrown into the moderation queue.
 
Upvote 0 Downvote
mjda said:
One forum I had was that way. It flagged a lot of legitimate posts but I haven't had many instances where it let spam through. Sure, some will get through, but the majority of that automated stuff is thrown into the moderation queue.
Click to expand...
Yeah, I wasn't too clear there--I think our other spam-prevention measures kept the spam from reaching the Akismet trap, as we'd rarely find a spam message caught by Akismet, yet it would grab legitimate posts too easily.

To borrow a clickbait title: "Spammers HATE this simple trick!" 😁 What we do is check the first handful of messages for URLs--those are all sent to moderation. Spammers only spam so they can get their links posted in more places, a large part of that effort to boost their search engine rankings. Using the correct regex to catch any links in a post will do the most, with the least, to weed out a lot of the bad stuff.

BTW, one thing we miss about the "signup abuse" add-on is that it had detection for banned members who tried signing up again. That's really all we wanted it for. If that feature were split out on its own at a lower cost, we'd consider getting that instead.
 
Upvote 0 Downvote
Wildcat Media said:
I paid for that first add-on but found it way too cumbersome, and the wording of the options way too confusing, for it to be of any use to me. I did not renew it as I gave up fighting with it after a month or two and disabled it.

The Spaminator add-ons do a great job of stopping all the automated stuff, which helps lessen the load for staff. Setting XF's remaining spam tools tends to catch just about all of the spam, as there are some triggers we can watch for that are unique to our forums. It's rare something will get past, and with a "crowd moderation" add-on we use, if two or more members report a post, spam that does get posted is soft deleted immediately. We do, however, avoid Akismet as what @mjda says is true--I always found it blocked mostly legitimate posts, and in our case anyway, it hardly ever flagged anything as spam.
Click to expand...
The add-on is a bit technical, however it has caught every spam bot, every multiple account, and every banned member trying to sign up again (which is quite a few).

Once you get it set up, you can mostly leave it and not worry about it again.
 
Upvote 0 Downvote
Gizmoandsooz said:
I use cloudflare turnstyle here.
Speak to @digitalpoint who can help you further with it. Because he’s all over it. It’s like his app.
Click to expand...
CF TurnStyle is a standard option in the 2.2.11 version and above, no need for a 3rd party add-on. That add-on does WAY more than simply imlement TurnStyle (it did implement it for use before XenForo enabled in natively), so there is no need for it unless using the other features of CloudFlare.
 
Upvote 0 Downvote
  1. Install @Xon's sign-up abuse addon linked above.
  2. Add some custom profile fields for new users to fill in and post their spam in. The aforementioned addon will catch it.
  3. Add cloudflare security waf rules and turnstile. Block countries and TOR.
If you set up the above well then your problem should be resolved.
 
Upvote 0 Downvote
Please mind that you will need to set both the Sign-up abuse addon as well as CloudFlare and that it can be a little technical. There are some good discussions here on the matter. CloudFlare has extensive documentation to read.
digitalpoint

Thread 'Cloudflare optimizations for XenForo'

I've had a few people that use my Cloudflare add-on ask me what Cloudflare options/settings are best for XenForo. So rather than repeating myself privately, I'm going to turn this post into a bit of a configuration help document for those that want to read it.

Cloudflare is pretty great out of the box, but here's some things you can do if you feel it's beneficial to your site...


Protect yourself

First things first, this goes for any important account you own, but it's worth repeating... Protect your Cloudflare account with two-factor authentication, ideally with a...
  • Like
  • Love
Resource icon N

Cloudflare Firewall Rule: Ban Country Codes from Registration

Quickly add a Cloudflare Firewall Rule to block registration from specific countries.
Block all countries you don't need traffic from. Challenge the ones you doubt. Block TOR.

Make sure your WAF rules are setup in a logical order, because CF lets your traffic go trough the rules in that order.
Keep an eye on your WAF events and solve rate, so that you can whitelist legitimate users that get blocked. Also check with the commonalities are for the traffic that is currently making your life hard. Probably you will find that much is coming from the same ASN. (IP blocks from a provider) So add a cloudflare rule to block those providers by ASN. Most likely they will adapt a few times. just keep adding their new ASNs until it dies down.

@digitalpoint 's CloudFlare addon is very handy for setting up and managing cloudflare. It will save you time and headache, but its not critical for your purposes.
[DigitalPoint] App for Cloudflare® digitalpoint

[DigitalPoint] App for Cloudflare®

Configure and manage your Cloudflare account from within XenForo.

If this all goes over your head then you can always hire someone like @MySiteGuy to set things up for you.

Signup abuse detection and blocking X

Signup abuse detection and blocking

Provides a toolkit to reduce signup spam
@Xon 's addon as a feature to only allow whitelisted email domains. This is really valuable to me, because it allow me to manually review any new email domain a new user has and either block or allow that domain. Once you have a fair blacklist and whitelist setup, it becomes impossible for spammers to sign up with fake or temp email domains. This will really lower the amount of spammers.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

P
  • Question Question
XF 1.4 Urgent Spam Problem on Xenforo
Replies
5
Views
910
PetForums
P
Top Bottom