Spam accounts from .xyz email addresses

alternadiv

alternadiv

Well-known member
Throughout the years my forum has been online I, like most others, have a lot of spam registrations. The only method I have found to counter this that works 100% of the time is manually approving new registrations, so that is what I do.

With that being said, I have recently had an influx of spammers using a .xyz email address. It would be nice if I could prevent these people/bots from accessing my site at all. Is it possible to either restrict my site to being viewed only by the US and Canada, or is it possible to block registrations from email addresses that are not legitimate?

Edit: For the email question, would adding *.xyz in banned emails do the trick?

1575321353480.webp
 
Last edited:
Adding *.xyz will help, definitely, but it may not be enough.

You can block high spam countries with this addon - very effective especially if you use the option to remove the Register button for blocked countries but you'll meed to watch for attempts to register via network sharing devices:

xenforo.com

[OzzModz] Country Registration Ban

Snog submitted a new resource: Country Registration Ban - Ban countries from registering on your site Ban countries from registering on your site and optionally remove the register tab when someone is from a country that is banned. This add-on uses MaxMind's GeoLite2-Country database and...
xenforo.com xenforo.com

You'll also find that these paid addons are very effective at blocking persistent bots:

xenforo.com

[OzzModz] Registration Spaminator Stop Spam Bot Registrations [Paid]

ozzy47 submitted a new resource: [OzzModz] Registration Spaminator - Registration Spam Bot Fighting Tool This addon is another tool in fighting spam bot registrations at your forum. How it works Read more about this resource...
xenforo.com xenforo.com

xenforo.com

[OzzModz] Login Spaminator [Paid]

ozzy47 submitted a new resource: [OzzModz] Login Spaminator - This addon is a weapon in fighting spam bot logins at your forum. Do you have lots of spammer accounts existing at your forum? Just little time bombs waiting to go off any time? Stop automated login attempts with the [OzzModz] Login...
xenforo.com xenforo.com

xenforo.com

[OzzModz] Contact Us Spaminator

Sick and tired of your inbox getting flooded with spam coming from the "Contact Us" system on your xenforo install(s)? You've tried everything and still it persists? You even shut off the "Contact Us" form to guest visitors? You need the...
xenforo.com xenforo.com
 
djbaxter said:
Adding *.xyz will help, definitely, but it may not be enough.

You can block high spam countries with this addon - very effective especially if you use the option to remove the Register button for blocked countries but you'll meed to watch for attempts to register via network sharing devices:

xenforo.com

[OzzModz] Country Registration Ban

Snog submitted a new resource: Country Registration Ban - Ban countries from registering on your site Ban countries from registering on your site and optionally remove the register tab when someone is from a country that is banned. This add-on uses MaxMind's GeoLite2-Country database and...
xenforo.com xenforo.com

You'll also find that these paid addons are very effective at blocking persistent bots:

xenforo.com

[OzzModz] Registration Spaminator Stop Spam Bot Registrations [Paid]

ozzy47 submitted a new resource: [OzzModz] Registration Spaminator - Registration Spam Bot Fighting Tool This addon is another tool in fighting spam bot registrations at your forum. How it works Read more about this resource...
xenforo.com xenforo.com

xenforo.com

[OzzModz] Login Spaminator [Paid]

ozzy47 submitted a new resource: [OzzModz] Login Spaminator - This addon is a weapon in fighting spam bot logins at your forum. Do you have lots of spammer accounts existing at your forum? Just little time bombs waiting to go off any time? Stop automated login attempts with the [OzzModz] Login...
xenforo.com xenforo.com

xenforo.com

[OzzModz] Contact Us Spaminator

Sick and tired of your inbox getting flooded with spam coming from the "Contact Us" system on your xenforo install(s)? You've tried everything and still it persists? You even shut off the "Contact Us" form to guest visitors? You need the...
xenforo.com xenforo.com
Click to expand...
Awesome, thank you!
 
sixlxvi said:
manually approving new registrations
Click to expand...
If you want alternatives to that, to improve the legitimate new user experience, here's what I do instead.

Put a little regex in the spam phrases, that puts into moderation any of a new account's first X number of posts, which contain a link. It's in Options>Spam Management. And in the "Spam phrases" box put: /https?:|www\./i and no more spam gets posted.

Additionally, because I know it annoys me when my first post on a new forum is awaiting approval, and know it annoys most people - I remove that message entirely on my sites, with a line in extra.less:
CSS: 
.messageNotice--moderated {
    display: none;
}
New users will see their first post(s) like normal, and won't just leave after waiting for their first post to be approved.

That's two pretty simple things you can do that don't degrade the new user experience, but also protect you from any spam getting posted on your forum.

Additionally, I was in on the development of the Spaminators, they were tested for years, and so far the score is Spaminators 2.064 million, Bots 0. So it's a little bit more than "very effective" and gets all the bots out of your life. It's what you use when finally you decide to get serious about stopping them.

Great board you have by the way, you have done a really nice job with it.
 
Manster54 said:
If you want alternatives to that, to improve the legitimate new user experience, here's what I do instead.

Put a little regex in the spam phrases, that puts into moderation any of a new account's first X number of posts, which contain a link. It's in Options>Spam Management. And in the "Spam phrases" box put: /https?:|www\./i and no more spam gets posted.

Additionally, because I know it annoys me when my first post on a new forum is awaiting approval, and know it annoys most people - I remove that message entirely on my sites, with a line in extra.less:
CSS: 
.messageNotice--moderated {
    display: none;
}
New users will see their first post(s) like normal, and won't just leave after waiting for their first post to be approved.

That's two pretty simple things you can do that don't degrade the new user experience, but also protect you from any spam getting posted on your forum.

Additionally, I was in on the development of the Spaminators, they were tested for years, and so far the score is Spaminators 2.064 million, Bots 0. So it's a little bit more than "very effective" and gets all the bots out of your life. It's what you use when finally you decide to get serious about stopping them.

Great board you have by the way, you have done a really nice job with it.
Click to expand...
This is good advice, thank you!

And thank you for the compliment on my forum.
 
sixlxvi said:
This is good advice, thank you!
Click to expand...
You're welcome. I have found it's less work approving/disapproving posts than it is approving/disapproving each and every new registration. Especially when I have the Spaminators blocking all automated registrations. The human spammer is quite rare, extremely rare, and I find that every successful registration I get is a legitimate person wanting to participate in the discussions.

By the way, in the Spam settings - set the amount of posts it checks for, the smallest number you think you can get away with. I use 1, because an account has 0 post count until you approve a post! So that they can make 1000 spam posts, and they will all still be caught by the spam system, because post count remains 0.
 
Manster54 said:
You're welcome. I have found it's less work approving/disapproving posts than it is approving/disapproving each and every new registration. Especially when I have the Spaminators blocking all automated registrations. The human spammer is quite rare, extremely rare, and I find that every successful registration I get is a legitimate person wanting to participate in the discussions.

By the way, in the Spam settings - set the amount of posts it checks for, the smallest number you think you can get away with. I use 1, because an account has 0 post count until you approve a post! So that they can make 1000 spam posts, and they will all still be caught by the spam system, because post count remains 0.
Click to expand...
Do those spam posts definitely always have links in them? I can't remember if I've ever seen a spam post with a huge wall of text that makes no sense, but without any links.
 
sixlxvi said:
Do those spam posts definitely always have links in them? I can't remember if I've ever seen a spam post with a huge wall of text that makes no sense, but without any links.
Click to expand...
Yeah you might see those extremely rarely, I call them "placeholders" because more often than not, they come back later and edit the links in. The botnet admins can program xRumer to do that at times.

But, that's coming from automation too. If they can't get registered they can't post. Stop the automation.
 
Manster54 said:
Additionally, I was in on the development of the Spaminators, they were tested for years, and so far the score is Spaminators 2.064 million, Bots 0. So it's a little bit more than "very effective" and gets all the bots out of your life.
Click to expand...
This (the highlighted part) simply isn't true! In fact it would be very easy for bots to bypass the Spaminators, this has been confirmed by the author.

So please stop spreading "fake news" :)
 
Last edited:
Kirby said:
This simply isn't true! In fact it would be very easy for bots to bypass the Spaminators, this has been confirmed by the author.

So please stop spreading "fake news" :)
Click to expand...
Really? Tell us more. :rolleyes:

I'm only using the Contact Form version so far and it's stopped all of them.
 
Kirby said:
This simply isn't true! In fact it would be very easy for bots to bypass the Spaminators, this has been confirmed by the author.

So please stop spreading "fake news" :)
Click to expand...

Yes I did confirm it could be easily bypassed, but so could any spam prevention techniques. But what he has said here:

Manster54 said:
Additionally, I was in on the development of the Spaminators, they were tested for years, and so far the score is Spaminators 2.064 million, Bots 0. So it's a little bit more than "very effective" and gets all the bots out of your life.
Click to expand...

is not "fake news" it has stopped that many bots, and is still very effective. Once it is bypassed, then other techniques can be implemented. Sure they could be bypassed as well, then you adapt and overcome.
 
Last edited:
ozzy47 said:
is not "fake news" it has stopped that many bots, and is still very effective.
Click to expand...
I don't doubt that it is very effective and I've slightly edited my post to clarify what I was referring to :)
As of now, no method (no matter how sophisticated it might be) will be able to stop "all bots".
 
Last edited:
Why not block it via the webserver and GeoIP?
Code: 
GeoIPEnable On
# https://dev.maxmind.com/geoip/legacy/codes/iso3166/
SetEnvIf GEOIP_COUNTRY_CODE CN DenyCountry
...
deny from env=DenyCountry
 
Manster54 said:
You're welcome. I have found it's less work approving/disapproving posts than it is approving/disapproving each and every new registration. Especially when I have the Spaminators blocking all automated registrations. The human spammer is quite rare, extremely rare, and I find that every successful registration I get is a legitimate person wanting to participate in the discussions.

By the way, in the Spam settings - set the amount of posts it checks for, the smallest number you think you can get away with. I use 1, because an account has 0 post count until you approve a post! So that they can make 1000 spam posts, and they will all still be caught by the spam system, because post count remains 0.
Click to expand...
Implementing this now. Can you tell me if all my settings look good to you?

spamsettings.webp
 
@Manster54 upon testing the link posting, it works as you said. But if you post a URL that is not hyperlinked, such as amazon.com, it won't pick it up. Is it possible to add something like that in?
 
sixlxvi said:
But if you post a URL that is not hyperlinked, such as amazon.com, it won't pick it up. Is it possible to add something like that in?
Click to expand...
I suppose you could do a regex for all of the .com and such - .net, .us and so on. Spammers usually hotlink, seldom see it when they don't.
 
You must log in or register to reply here.

Similar threads

polle
  • Question Question
XF 2.2 Rule to block spam accounts using gmail
Replies
3
Views
190
Ozzy47
Ozzy47
JamesBrown
  • Question Question
XF 2.2 Spam Phrases to catch email addresses.
Replies
3
Views
43
Old Nick
O
Wutime
Prevent Unconfirmed Email Addresses from Browsing Community [Paid]
Replies
10
Views
620
Wutime
Wutime
P
  • Question Question
Best Practice - Past Members & email addresses
Replies
1
Views
650
woody
woody
Y
  • Question Question
XF 2.2 Moderating Spam Accounts
Replies
2
Views
395
ForumFlex
F
Back
Top Bottom