Please.. need ideas on combatting GUMMIES and KETO postings

I'm being hit with several new users posting gummies and keto spam each and every day. I do use the Spam/Clean function, but its just never ending. I'm not a Xenforo expert, so I'm sure I'm not doing something right to keep these scammers away from my forum.

A simple solution would be to auto ban and delete any user/post that contains the words Gummies or Keto in the subject or body. Is this possible?

Thanks in advance for any help!
 

I use this add-on, and other than having to reject some bots every so often it has blocked almost all spam.

I know others also use this add-on: https://xenforo.com/community/resou...-spaminator-stop-spam-bot-registrations.7410/
 
Do you also have keys for the built in spam prevention tools? Those do catch most attempts at registering.

Cloudflare Turnstile
Stopforumspam.com database lookup
DNSBL lookup DNS Blacklist/Project Honeypot
Akismet

Stopping them from registering in the first place is a good goal.

If there is a certain string of text they always post, you can put that phrase in xenforo to be flagged for manual review, too. (Spam Phrases under Spam Management section) I have seconds set to 35 on that screen, before the submit button works, and some added fields regarding the forum's focus. Their answers help us to better screen anyone questionable.

I also use these to help with screening and managing new registrations:
Country Access Check from XF2 / Andy
Register Email from XF2 / Andy
Activation Email Reminder/User Purger from Ozzy47

It has been years since we had a spammer get through. If it became a problem, we would probably go with one of the two (paid) solutions above.
 
Cloudflare Turnstile
Stopforumspam.com database lookup
DNSBL lookup DNS Blacklist/Project Honeypot
Akismet

This right here is all I do on all my forums and I have very little, to no, problems with spammers getting through. Most of the ones I do have are actual users, not bots, who are trying to advertise their sites.

That said, on one site the nature of the posting causes Akismet to block a lot of genuine posts so the moderators have to spend time approving those. But, we only check the first 10, or so, posts so we let the members know that after they get there they won't have those issues anymore. Been the same way for years and the members don't seem to mind a little delay with their posts in exchange for the site being relatively spam-free.
 
I use this add-on, and other than having to reject some bots every so often it has blocked almost all spam.

I know others also use this add-on: https://xenforo.com/community/resou...-spaminator-stop-spam-bot-registrations.7410/

I paid for that first add-on but found it way too cumbersome, and the wording of the options way too confusing, for it to be of any use to me. I did not renew it as I gave up fighting with it after a month or two and disabled it.

The Spaminator add-ons do a great job of stopping all the automated stuff, which helps lessen the load for staff. Setting XF's remaining spam tools tends to catch just about all of the spam, as there are some triggers we can watch for that are unique to our forums. It's rare something will get past, and with a "crowd moderation" add-on we use, if two or more members report a post, spam that does get posted is soft deleted immediately. We do, however, avoid Akismet as what @mjda says is true--I always found it blocked mostly legitimate posts, and in our case anyway, it hardly ever flagged anything as spam.
 
We do, however, avoid Akismet as what @mjda says is true--I always found it blocked mostly legitimate posts, and in our case anyway, it hardly ever flagged anything as spam.

One forum I had was that way. It flagged a lot of legitimate posts but I haven't had many instances where it let spam through. Sure, some will get through, but the majority of that automated stuff is thrown into the moderation queue.
 
One forum I had was that way. It flagged a lot of legitimate posts but I haven't had many instances where it let spam through. Sure, some will get through, but the majority of that automated stuff is thrown into the moderation queue.
Yeah, I wasn't too clear there--I think our other spam-prevention measures kept the spam from reaching the Akismet trap, as we'd rarely find a spam message caught by Akismet, yet it would grab legitimate posts too easily.

To borrow a clickbait title: "Spammers HATE this simple trick!" 😁 What we do is check the first handful of messages for URLs--those are all sent to moderation. Spammers only spam so they can get their links posted in more places, a large part of that effort to boost their search engine rankings. Using the correct regex to catch any links in a post will do the most, with the least, to weed out a lot of the bad stuff.

BTW, one thing we miss about the "signup abuse" add-on is that it had detection for banned members who tried signing up again. That's really all we wanted it for. If that feature were split out on its own at a lower cost, we'd consider getting that instead.
 
I paid for that first add-on but found it way too cumbersome, and the wording of the options way too confusing, for it to be of any use to me. I did not renew it as I gave up fighting with it after a month or two and disabled it.

The Spaminator add-ons do a great job of stopping all the automated stuff, which helps lessen the load for staff. Setting XF's remaining spam tools tends to catch just about all of the spam, as there are some triggers we can watch for that are unique to our forums. It's rare something will get past, and with a "crowd moderation" add-on we use, if two or more members report a post, spam that does get posted is soft deleted immediately. We do, however, avoid Akismet as what @mjda says is true--I always found it blocked mostly legitimate posts, and in our case anyway, it hardly ever flagged anything as spam.
The add-on is a bit technical, however it has caught every spam bot, every multiple account, and every banned member trying to sign up again (which is quite a few).

Once you get it set up, you can mostly leave it and not worry about it again.
 
I use cloudflare turnstyle here.
Speak to @digitalpoint who can help you further with it. Because he’s all over it. It’s like his app.
CF TurnStyle is a standard option in the 2.2.11 version and above, no need for a 3rd party add-on. That add-on does WAY more than simply imlement TurnStyle (it did implement it for use before XenForo enabled in natively), so there is no need for it unless using the other features of CloudFlare.
 
  1. Install @Xon's sign-up abuse addon linked above.
  2. Add some custom profile fields for new users to fill in and post their spam in. The aforementioned addon will catch it.
  3. Add cloudflare security waf rules and turnstile. Block countries and TOR.
If you set up the above well then your problem should be resolved.
 
Please mind that you will need to set both the Sign-up abuse addon as well as CloudFlare and that it can be a little technical. There are some good discussions here on the matter. CloudFlare has extensive documentation to read.
Block all countries you don't need traffic from. Challenge the ones you doubt. Block TOR.

Make sure your WAF rules are setup in a logical order, because CF lets your traffic go trough the rules in that order.
Keep an eye on your WAF events and solve rate, so that you can whitelist legitimate users that get blocked. Also check with the commonalities are for the traffic that is currently making your life hard. Probably you will find that much is coming from the same ASN. (IP blocks from a provider) So add a cloudflare rule to block those providers by ASN. Most likely they will adapt a few times. just keep adding their new ASNs until it dies down.

@digitalpoint 's CloudFlare addon is very handy for setting up and managing cloudflare. It will save you time and headache, but its not critical for your purposes.

If this all goes over your head then you can always hire someone like @MySiteGuy to set things up for you.

@Xon 's addon as a feature to only allow whitelisted email domains. This is really valuable to me, because it allow me to manually review any new email domain a new user has and either block or allow that domain. Once you have a fair blacklist and whitelist setup, it becomes impossible for spammers to sign up with fake or temp email domains. This will really lower the amount of spammers.
 
Back
Top Bottom