XF 2.0 Prevent a URL in the post title

[dvduval]

For some time now I have been getting spammers who post a URL as the title of the thread. I am hoping to achieve one of the following

1. Just don't allow www or http or even .com in the title, and in general be able to insert spam words for post titles
2. The above but only apply it to new users (join date a month ago or more, post count higher than 10)
3. And EVEN better, when a new user tries to use a spam word, not only does the post fail, they are banned at that moment.

Any ideas?

 

[Ozzy47]

Check out this post, https://xenforo.com/community/threa...en-thread-title-is-a-url.124078/#post-1119309

 

[dvduval]

Check out this post, https://xenforo.com/community/threa...en-thread-title-is-a-url.124078/#post-1119309

Ok, and I am thinking that was under Options > Spam Management > Spam Phases, just add this as one of the phrases:

/^https?:\/\/\S+\n/si

 

[Ozzy47]

Correct.

 

[dvduval]

Correct.

Did not work

 

[Ozzy47]

Hmm, it should have worked. Maybe @Mike has a idea since he came up with the solution.

 

[Mike]

We use that exact regex here and I can see that it was matched earlier today.

If that didn't match, then it may indicate that the user's content isn't being checked as spam (which is controlled via the options and user group permissions).

 

[dvduval]

We use that exact regex here and I can see that it was matched earlier today.

If that didn't match, then it may indicate that the user's content isn't being checked as spam (which is controlled via the options and user group permissions).

This is what I have for registered users

 

[Mike]

This is also affected by the "Maximum messages to check for spam" option.

You may wish to check the spam trigger log to see if it's being matched as well.

 

[dvduval]

This is also affected by the "Maximum messages to check for spam" option.

You may wish to check the spam trigger log to see if it's being matched as well.

Ok, it seems there are matches in the Spam trigger log, which I assume means those messages did NOT get through (?). So maybe that regular expression did not catch the two I just posted.

 

[Mike]

The matches will tell you the particular action. Do you see examples of that regex being matched?

Of the threads shown in the screenshot, only one of them should be matched by the regex. It's hard to say exactly what may have happened there from the screenshot.

 

[dvduval]

The matches will tell you the particular action. Do you see examples of that regex being matched?

Of the threads shown in the screenshot, only one of them should be matched by the regex. It's hard to say exactly what may have happened there from the screenshot.

I feel much better now. I really appreciate your help. I think I can discuss with our developer about the regex And at least have some idea what I’m talking about.

 

[RallyFan]

I know this is old, but figure this might help others in the future.

Another spam method used these days is dropping an image in a thread as a guest, and even if you prevent images being posted by Guests, they can still use INSERT IMAGE and hotlink it from offsite to bypass that.

As such I run 3 spam phrases (only for first 2 messages), and then registered users bypass all spam checks (as I have an addon to filter them anyway).

PHRASE 1: /^http(|s):\/\/\S+/si as per above to prevent urls leading with http/https being used in thread titles.
PHRASE 2: www to prevent people using www.example.com without the http/https leading it. That however doesn't stop people using INSERT IMAGE and having it dropped in a message body as http://example.com/hostedimageoffsite.jpg
PHRASE 3: *//* shuts the gate on the issue with people trying to hotlink images from offsite.

Technically you could just run using // and www and that will take out pretty much all attempts to drop URLS. It won't stop people dropping in email addresses, but that's not really a spam / phishing issue these days.