Spam accounts from .xyz email addresses

Alternadiv

Well-known member
Throughout the years my forum has been online I, like most others, have a lot of spam registrations. The only method I have found to counter this that works 100% of the time is manually approving new registrations, so that is what I do.

With that being said, I have recently had an influx of spammers using a .xyz email address. It would be nice if I could prevent these people/bots from accessing my site at all. Is it possible to either restrict my site to being viewed only by the US and Canada, or is it possible to block registrations from email addresses that are not legitimate?

Edit: For the email question, would adding *.xyz in banned emails do the trick?

1575321353480.webp
 
Last edited:
Adding *.xyz will help, definitely, but it may not be enough.

You can block high spam countries with this addon - very effective especially if you use the option to remove the Register button for blocked countries but you'll meed to watch for attempts to register via network sharing devices:


You'll also find that these paid addons are very effective at blocking persistent bots:



 
Adding *.xyz will help, definitely, but it may not be enough.

You can block high spam countries with this addon - very effective especially if you use the option to remove the Register button for blocked countries but you'll meed to watch for attempts to register via network sharing devices:


You'll also find that these paid addons are very effective at blocking persistent bots:



Awesome, thank you!
 
manually approving new registrations
If you want alternatives to that, to improve the legitimate new user experience, here's what I do instead.

Put a little regex in the spam phrases, that puts into moderation any of a new account's first X number of posts, which contain a link. It's in Options>Spam Management. And in the "Spam phrases" box put: /https?:|www\./i and no more spam gets posted.

Additionally, because I know it annoys me when my first post on a new forum is awaiting approval, and know it annoys most people - I remove that message entirely on my sites, with a line in extra.less:
CSS:
.messageNotice--moderated {
    display: none;
}
New users will see their first post(s) like normal, and won't just leave after waiting for their first post to be approved.

That's two pretty simple things you can do that don't degrade the new user experience, but also protect you from any spam getting posted on your forum.

Additionally, I was in on the development of the Spaminators, they were tested for years, and so far the score is Spaminators 2.064 million, Bots 0. So it's a little bit more than "very effective" and gets all the bots out of your life. It's what you use when finally you decide to get serious about stopping them.

Great board you have by the way, you have done a really nice job with it.
 
If you want alternatives to that, to improve the legitimate new user experience, here's what I do instead.

Put a little regex in the spam phrases, that puts into moderation any of a new account's first X number of posts, which contain a link. It's in Options>Spam Management. And in the "Spam phrases" box put: /https?:|www\./i and no more spam gets posted.

Additionally, because I know it annoys me when my first post on a new forum is awaiting approval, and know it annoys most people - I remove that message entirely on my sites, with a line in extra.less:
CSS:
.messageNotice--moderated {
    display: none;
}
New users will see their first post(s) like normal, and won't just leave after waiting for their first post to be approved.

That's two pretty simple things you can do that don't degrade the new user experience, but also protect you from any spam getting posted on your forum.

Additionally, I was in on the development of the Spaminators, they were tested for years, and so far the score is Spaminators 2.064 million, Bots 0. So it's a little bit more than "very effective" and gets all the bots out of your life. It's what you use when finally you decide to get serious about stopping them.

Great board you have by the way, you have done a really nice job with it.
This is good advice, thank you!

And thank you for the compliment on my forum.
 
This is good advice, thank you!
You're welcome. I have found it's less work approving/disapproving posts than it is approving/disapproving each and every new registration. Especially when I have the Spaminators blocking all automated registrations. The human spammer is quite rare, extremely rare, and I find that every successful registration I get is a legitimate person wanting to participate in the discussions.

By the way, in the Spam settings - set the amount of posts it checks for, the smallest number you think you can get away with. I use 1, because an account has 0 post count until you approve a post! So that they can make 1000 spam posts, and they will all still be caught by the spam system, because post count remains 0.
 
You're welcome. I have found it's less work approving/disapproving posts than it is approving/disapproving each and every new registration. Especially when I have the Spaminators blocking all automated registrations. The human spammer is quite rare, extremely rare, and I find that every successful registration I get is a legitimate person wanting to participate in the discussions.

By the way, in the Spam settings - set the amount of posts it checks for, the smallest number you think you can get away with. I use 1, because an account has 0 post count until you approve a post! So that they can make 1000 spam posts, and they will all still be caught by the spam system, because post count remains 0.
Do those spam posts definitely always have links in them? I can't remember if I've ever seen a spam post with a huge wall of text that makes no sense, but without any links.
 
Do those spam posts definitely always have links in them? I can't remember if I've ever seen a spam post with a huge wall of text that makes no sense, but without any links.
Yeah you might see those extremely rarely, I call them "placeholders" because more often than not, they come back later and edit the links in. The botnet admins can program xRumer to do that at times.

But, that's coming from automation too. If they can't get registered they can't post. Stop the automation.
 
Additionally, I was in on the development of the Spaminators, they were tested for years, and so far the score is Spaminators 2.064 million, Bots 0. So it's a little bit more than "very effective" and gets all the bots out of your life.
This (the highlighted part) simply isn't true! In fact it would be very easy for bots to bypass the Spaminators, this has been confirmed by the author.

So please stop spreading "fake news" :)
 
Last edited:
This simply isn't true! In fact it would be very easy for bots to bypass the Spaminators, this has been confirmed by the author.

So please stop spreading "fake news" :)
Really? Tell us more. :rolleyes:

I'm only using the Contact Form version so far and it's stopped all of them.
 
This simply isn't true! In fact it would be very easy for bots to bypass the Spaminators, this has been confirmed by the author.

So please stop spreading "fake news" :)

Yes I did confirm it could be easily bypassed, but so could any spam prevention techniques. But what he has said here:

Additionally, I was in on the development of the Spaminators, they were tested for years, and so far the score is Spaminators 2.064 million, Bots 0. So it's a little bit more than "very effective" and gets all the bots out of your life.

is not "fake news" it has stopped that many bots, and is still very effective. Once it is bypassed, then other techniques can be implemented. Sure they could be bypassed as well, then you adapt and overcome.
 
Last edited:
is not "fake news" it has stopped that many bots, and is still very effective.
I don't doubt that it is very effective and I've slightly edited my post to clarify what I was referring to :)
As of now, no method (no matter how sophisticated it might be) will be able to stop "all bots".
 
Last edited:
Why not block it via the webserver and GeoIP?
Code:
GeoIPEnable On
# https://dev.maxmind.com/geoip/legacy/codes/iso3166/
SetEnvIf GEOIP_COUNTRY_CODE CN DenyCountry
...
deny from env=DenyCountry
 
You're welcome. I have found it's less work approving/disapproving posts than it is approving/disapproving each and every new registration. Especially when I have the Spaminators blocking all automated registrations. The human spammer is quite rare, extremely rare, and I find that every successful registration I get is a legitimate person wanting to participate in the discussions.

By the way, in the Spam settings - set the amount of posts it checks for, the smallest number you think you can get away with. I use 1, because an account has 0 post count until you approve a post! So that they can make 1000 spam posts, and they will all still be caught by the spam system, because post count remains 0.
Implementing this now. Can you tell me if all my settings look good to you?

spamsettings.webp
 
@Manster54 upon testing the link posting, it works as you said. But if you post a URL that is not hyperlinked, such as amazon.com, it won't pick it up. Is it possible to add something like that in?
 
But if you post a URL that is not hyperlinked, such as amazon.com, it won't pick it up. Is it possible to add something like that in?
I suppose you could do a regex for all of the .com and such - .net, .us and so on. Spammers usually hotlink, seldom see it when they don't.
 
Top Bottom