1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

spam bots targeting XF-websites ?

Discussion in 'XenForo Questions and Support' started by erich37, Dec 6, 2012.

  1. erich37

    erich37 Well-Known Member

    I would imagine that "xenforo"-websites have been specifically targeted by bots ? For whatever reason..... :cautious:

    So I think bots can see the wording "xen" and "xenforo" in the source-code of our forum-scripts and then hitting all of our forums with spam ?

    A long long time ago I have purchased a "branding free" licence for XF and have asked why there is no version which is removing the wording "xenforo" from the source-code.

    The answer from Kier was:

    I am wondering now if the reference to "xenforo" in the source-code would be eliminated, would this then diminish the spam and bot-attacks ?
  2. MagnusB

    MagnusB Well-Known Member

    Xrumer comes with lists of the different websites running different packages. I doubt spammers are specifically targeting xF websites, it is just become so visible recently because xrumer added in xF support.

    Buying a branding free license might or might not alleviate the spam targeting your site, most likely not, cause there are more tells than the notice in the footer.
    tenants likes this.
  3. erich37

    erich37 Well-Known Member

    yeah, I know that "branding free" will definitely not reduce the spam, cause it is just the removal of the footer-link.

    I do not care about the footer-link or the "branding-free".
    I am rather thinking that the reference towards "xenforo" or "xen" in the source-code is a disadvantage and might attract bots.

    Well, I am not a bot... so I don`t know :cool:

    I have actually deleted one of my Forums, but the bots are still hitting my domain-name with 3000 hits per month. So I guess once the bots have "targeted" your domain, you lost the game to them anyway.
  4. MagnusB

    MagnusB Well-Known Member

    There are tells there as well, beyond the reference of the word xenforo. Things like filepaths, field names and URL structure are all tells that it is xenforo. Obfuscating this will probably not help that much, especially if you are already identified as a Xenforo site. I would say the work required to make your site unique in this aspect is not worth the yield.
    Digital Doctor and erich37 like this.
  5. tenants

    tenants Well-Known Member

    Ah yes, I did much the same for the same reason.
    Buying brand free will only hold of the bots for a small amount of time (it usually buys you a few months, depending on what you do).

    I'm afraid once you are listed, that's it, there is no getting you off of the linklists... this linklist are manually shared and also given away with the core

    The lists are harvested in various ways, there are actually sites just dedicated to these list... but don't forget these list are also manually edited
    (just do a quick google search for "linklist forum" or "linklist xrumer")

    The fasted way to find your self on one of these lists it to have a hight PR site with the standard Forum copywrite in the footer
    ... generally many of these lists are fist generated by a search engine crawl for certain phrases (for example "Forum software by XenForo" -xenforo.com), but this is not the by any means the only way
    ... list are also generated by crawling through sites like this (with a high number of related outbound links to XF forums, XenForo.com is a good source), or even directories of forums
    ... even having the word "forum" on you site can make your self a target for these lists
    ... they are also generated by manual users adding to the lists

    So, by removing "XenForo" in the source you get a a reduced % of chance that you will be added to a list (if you haven't already been added), but this really only ever buys you time

    These list often have a value (they are sold, or give users a certain amount of creditability). For instance, if I can generate a list with High PR sites that are easy to spam, that would be valuable to a link builder
    There is not really much value in taking out non spamable sites from the lists, since it looks more attractive that I have a list of 10000 sites that are easy to spam (since hey, they are XenForo sites which we are targeting), rather than a miserable list of 500 sites that actually work (after all, I am a black hat in this scenario , and the forums that can't be spammed now might be possible to spam later)

    Don't forget, that these linkList don't just target XenForo (although there are some lists that a pure XF) or even forums for that matter, they target places where it is possible to register and leave links, so even if you don't look like a XenForo site, if I can automatically register and leave links, you are a valuable resource.

    In short, unless you only want to buy time and you don't intend to be easily found by users (from search engines or manual mechanisms), removing all reference to XenForo will only reduce the chance of you being found by linklist creators (and forum users). If you are already on a link list, you're not likely to ever be removed from that list.
    erich37 likes this.
  6. Brandon Sheley

    Brandon Sheley Well-Known Member

    Other scripts have seen a rise in spam lately, there is a new spam thread (similar to here) at vb.com every other day with users getting hit with 100's of bots in a matter of a few hours.
    I'm sure you'll see the same threads at the phpbb, mybb and smf support sites as well.
    craigiri likes this.
  7. CyclingTribe

    CyclingTribe Well-Known Member

    I installed FoolBotHoneyPot on all of my XF sites and haven't had a problem since - worth every penny!! (y)

    (Disclaimer: Free alternatives are available ... :ROFLMAO: )

    Shaun :D
  8. craigiri

    craigiri Well-Known Member

    At this point, any forum without multiple schemes for catching spammers is easy prey.

    This probably could have been said a long time ago, but the programs on their ends (spammers) are getting better and better so the traps on our end must also be continually approved.

    The way I see it, the spammers have plenty of targets and will not spend a lot of time on any site. If they get a "success" registration (reg form timer, etc.) or are blocked continually, they move on. This especially pertains to human spammers who get paid per post.

    My own niece, from what I have heard, is getting paid for certain...possibly shady...postings on the net! She lives in Panama and says a lot of the ex-pats there do whatever they can to make a buck.
    Brandon Sheley likes this.
  9. mike os

    mike os Active Member

    fingers crossed but i have only had a few human spammers recntly....
  10. erich37

    erich37 Well-Known Member

    sometimes I wish to have a script (and also the know-how) in order to spam the bots which are spamming my forum.
    there needs to be a way to spam the bots themselves and hit back.... ? :cool:
  11. Brandon Sheley

    Brandon Sheley Well-Known Member

    two wrongs ≠ right
  12. tenants

    tenants Well-Known Member

    funny you should mention that...

    It's not really ethical... but foolboothoneypot does log the usernames and passwords of the bots (because they make assumptions and mistakenly fill out the username with passwords etc etc..)
    These bots often use the same username/passwords over and over...

    You could manually search for their posts and remove any links, but I've tinkered with the idea of reverse automation
    (logging in with each of these bot users and removing their links / deleting their accounts)

    Like I say, it's not ethical, and it's not hugely benifical to me, I've just tinkered with the idea
    erich37 likes this.
  13. erich37

    erich37 Well-Known Member

    so as one of my domains has been targeted by bots and most probably is on these linklists you have mentioned, I guess it does not make any sense to operate a forum on that domain anymore... ?
    so probably just have a WordPress-blog or something ?

    Anyway, I would suggest to these bots to rather attack Failbook than my small forum :D ;)
  14. Brandon Sheley

    Brandon Sheley Well-Known Member

    sorry, but that's a poor excuse to shut down your forum
  15. tenants

    tenants Well-Known Member

    Like I mentioned, linklists don't just target forums (blogs are a targeted too)

    ... first I would look at the patterns, if you find many are registering with certain user_agents / ip addresses, you can kill them off at the htaccess level (this will save a lot of resources)
    have a look at your server access logs, you might find out more information there

    I would also speak to your host, they might also have a solution (there are often options added to CPanel to prevent waves of bots taking up resources).
    Your host has a vested interest in keeping your business, so it's worth talking to them and mentioning that you are getting "attacked" by lots of ip addresses that you suspect are bots.
    erich37 likes this.
  16. craigiri

    craigiri Well-Known Member

    Your forum is on those lists along with mine and most everyones!

    My old forum was on such a list for 5+ years. It would be the rare CMS or forum which are NOT on a list being sold somewhere.

    Also, I do think that the ISP (hosts) matter quite a bit. I am fairly confident that mine keeps out the really really bad guys...although there is little that can be done on the run-of-the-mill spammers. That's what the add-ons are for. Try some...you'll like 'em.

    If you have a forum where the subject matter is fairly limited and same with the visitors, just go to manual activation. Between that and some basic checks (QA, etc), you should be able to keep out spammers.
  17. MagnusB

    MagnusB Well-Known Member

    It wouldn't make much sense to switch to another popular CMS. It's not like spam is an xF specific problem, every website, even custom ones, are being targeted, big or small.
  18. BGL

    BGL Well-Known Member

    Regulation is needed. Target the spammers and those who employ them with fines with portion of the fine paid to those who report the spammers, both email and in forums. They are using up to much of the community resources.
  19. HWS

    HWS Well-Known Member

    Spamming is just another way of PR for some people. And it seems to make money for them. So it won't stop, regardless what "regulations" are created.

    The solution is very simple: Install a good captcha or the very recommendable FoolBotHoneyPot and make your life easier.
  20. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

Share This Page