• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

spam bots targeting XF-websites ?

erich37

Well-known member
#1
I would imagine that "xenforo"-websites have been specifically targeted by bots ? For whatever reason..... :cautious:

So I think bots can see the wording "xen" and "xenforo" in the source-code of our forum-scripts and then hitting all of our forums with spam ?

A long long time ago I have purchased a "branding free" licence for XF and have asked why there is no version which is removing the wording "xenforo" from the source-code.

The answer from Kier was:
http://xenforo.com/community/threads/branding-free-split-from-version-number.1593/page-7#post-49626

I am wondering now if the reference to "xenforo" in the source-code would be eliminated, would this then diminish the spam and bot-attacks ?
 

MagnusB

Well-known member
#2
Xrumer comes with lists of the different websites running different packages. I doubt spammers are specifically targeting xF websites, it is just become so visible recently because xrumer added in xF support.

Buying a branding free license might or might not alleviate the spam targeting your site, most likely not, cause there are more tells than the notice in the footer.
 

erich37

Well-known member
#3
Buying a branding free license might or might not alleviate the spam targeting your site, most likely not, cause there are more tells than the notice in the footer.
yeah, I know that "branding free" will definitely not reduce the spam, cause it is just the removal of the footer-link.

I do not care about the footer-link or the "branding-free".
I am rather thinking that the reference towards "xenforo" or "xen" in the source-code is a disadvantage and might attract bots.

Well, I am not a bot... so I don`t know :cool:

I have actually deleted one of my Forums, but the bots are still hitting my domain-name with 3000 hits per month. So I guess once the bots have "targeted" your domain, you lost the game to them anyway.
 

MagnusB

Well-known member
#4
yeah, I know that "branding free" will definitely not reduce the spam, cause it is just the removal of the footer-link.

I do not care about the footer-link or the "branding-free".
I am rather thinking that the reference towards "xenforo" or "xen" in the source-code is a disadvantage and might attract bots.

Well, I am not a bot... so I don`t know :cool:
There are tells there as well, beyond the reference of the word xenforo. Things like filepaths, field names and URL structure are all tells that it is xenforo. Obfuscating this will probably not help that much, especially if you are already identified as a Xenforo site. I would say the work required to make your site unique in this aspect is not worth the yield.
 

tenants

Well-known member
#5
I would imagine that "xenforo"-websites have been specifically targeted by bots ? For whatever reason..... :cautious:

So I think bots can see the wording "xen" and "xenforo" in the source-code of our forum-scripts and then hitting all of our forums with spam ?

A long long time ago I have purchased a "branding free" licence for XF and have asked why there is no version which is removing the wording "xenforo" from the source-code.

The answer from Kier was:
http://xenforo.com/community/threads/branding-free-split-from-version-number.1593/page-7#post-49626

I am wondering now if the reference to "xenforo" in the source-code would be eliminated, would this then diminish the spam and bot-attacks ?

Ah yes, I did much the same for the same reason.
Buying brand free will only hold of the bots for a small amount of time (it usually buys you a few months, depending on what you do).

I'm afraid once you are listed, that's it, there is no getting you off of the linklists... this linklist are manually shared and also given away with the core

The lists are harvested in various ways, there are actually sites just dedicated to these list... but don't forget these list are also manually edited
(just do a quick google search for "linklist forum" or "linklist xrumer")

The fasted way to find your self on one of these lists it to have a hight PR site with the standard Forum copywrite in the footer
... generally many of these lists are fist generated by a search engine crawl for certain phrases (for example "Forum software by XenForo" -xenforo.com), but this is not the by any means the only way
... list are also generated by crawling through sites like this (with a high number of related outbound links to XF forums, XenForo.com is a good source), or even directories of forums
... even having the word "forum" on you site can make your self a target for these lists
... they are also generated by manual users adding to the lists

So, by removing "XenForo" in the source you get a a reduced % of chance that you will be added to a list (if you haven't already been added), but this really only ever buys you time

These list often have a value (they are sold, or give users a certain amount of creditability). For instance, if I can generate a list with High PR sites that are easy to spam, that would be valuable to a link builder
There is not really much value in taking out non spamable sites from the lists, since it looks more attractive that I have a list of 10000 sites that are easy to spam (since hey, they are XenForo sites which we are targeting), rather than a miserable list of 500 sites that actually work (after all, I am a black hat in this scenario , and the forums that can't be spammed now might be possible to spam later)

Don't forget, that these linkList don't just target XenForo (although there are some lists that a pure XF) or even forums for that matter, they target places where it is possible to register and leave links, so even if you don't look like a XenForo site, if I can automatically register and leave links, you are a valuable resource.

In short, unless you only want to buy time and you don't intend to be easily found by users (from search engines or manual mechanisms), removing all reference to XenForo will only reduce the chance of you being found by linklist creators (and forum users). If you are already on a link list, you're not likely to ever be removed from that list.
 

Brandon Sheley

Well-known member
#6
Other scripts have seen a rise in spam lately, there is a new spam thread (similar to here) at vb.com every other day with users getting hit with 100's of bots in a matter of a few hours.
I'm sure you'll see the same threads at the phpbb, mybb and smf support sites as well.
 

CTXMedia

Formerly CyclingTribe
#7
I installed FoolBotHoneyPot on all of my XF sites and haven't had a problem since - worth every penny!! (y)

(Disclaimer: Free alternatives are available ... :ROFLMAO: )

Cheers,
Shaun :D
 

craigiri

Well-known member
#8
At this point, any forum without multiple schemes for catching spammers is easy prey.

This probably could have been said a long time ago, but the programs on their ends (spammers) are getting better and better so the traps on our end must also be continually approved.

The way I see it, the spammers have plenty of targets and will not spend a lot of time on any site. If they get a "success" registration (reg form timer, etc.) or are blocked continually, they move on. This especially pertains to human spammers who get paid per post.

My own niece, from what I have heard, is getting paid for certain...possibly shady...postings on the net! She lives in Panama and says a lot of the ex-pats there do whatever they can to make a buck.
 

erich37

Well-known member
#10
sometimes I wish to have a script (and also the know-how) in order to spam the bots which are spamming my forum.
there needs to be a way to spam the bots themselves and hit back.... ? :cool:
 

tenants

Well-known member
#12
funny you should mention that...

It's not really ethical... but foolboothoneypot does log the usernames and passwords of the bots (because they make assumptions and mistakenly fill out the username with passwords etc etc..)
These bots often use the same username/passwords over and over...

You could manually search for their posts and remove any links, but I've tinkered with the idea of reverse automation
(logging in with each of these bot users and removing their links / deleting their accounts)

Like I say, it's not ethical, and it's not hugely benifical to me, I've just tinkered with the idea
 

erich37

Well-known member
#13
so as one of my domains has been targeted by bots and most probably is on these linklists you have mentioned, I guess it does not make any sense to operate a forum on that domain anymore... ?
so probably just have a WordPress-blog or something ?

Anyway, I would suggest to these bots to rather attack Failbook than my small forum :D ;)
 

tenants

Well-known member
#15
Like I mentioned, linklists don't just target forums (blogs are a targeted too)

... first I would look at the patterns, if you find many are registering with certain user_agents / ip addresses, you can kill them off at the htaccess level (this will save a lot of resources)
have a look at your server access logs, you might find out more information there

I would also speak to your host, they might also have a solution (there are often options added to CPanel to prevent waves of bots taking up resources).
Your host has a vested interest in keeping your business, so it's worth talking to them and mentioning that you are getting "attacked" by lots of ip addresses that you suspect are bots.
 

craigiri

Well-known member
#16
so as one of my domains has been targeted by bots and most probably is on these linklists you have mentioned, I guess it does not make any sense to operate a forum on that domain anymore... ?
so probably just have a WordPress-blog or something ?

Anyway, I would suggest to these bots to rather attack Failbook than my small forum :D ;)
Your forum is on those lists along with mine and most everyones!

My old forum was on such a list for 5+ years. It would be the rare CMS or forum which are NOT on a list being sold somewhere.

Also, I do think that the ISP (hosts) matter quite a bit. I am fairly confident that mine keeps out the really really bad guys...although there is little that can be done on the run-of-the-mill spammers. That's what the add-ons are for. Try some...you'll like 'em.

If you have a forum where the subject matter is fairly limited and same with the visitors, just go to manual activation. Between that and some basic checks (QA, etc), you should be able to keep out spammers.
 

MagnusB

Well-known member
#17
so as one of my domains has been targeted by bots and most probably is on these linklists you have mentioned, I guess it does not make any sense to operate a forum on that domain anymore... ?
so probably just have a WordPress-blog or something ?
It wouldn't make much sense to switch to another popular CMS. It's not like spam is an xF specific problem, every website, even custom ones, are being targeted, big or small.
 

BGL

Well-known member
#18
Regulation is needed. Target the spammers and those who employ them with fines with portion of the fine paid to those who report the spammers, both email and in forums. They are using up to much of the community resources.
 

HWS

Well-known member
#19
Spamming is just another way of PR for some people. And it seems to make money for them. So it won't stop, regardless what "regulations" are created.

The solution is very simple: Install a good captcha or the very recommendable FoolBotHoneyPot and make your life easier.