Spam! Everyday

[ps23Rick]

It does require a little regex in XF's filter, but it works effectively. I recommended this to a fellow forum we are friends with and it drastically cut their spam postings as well.

We don't get tons of spam, thank God, but we do get 2-5 a week.. I know it's nothing in comparison to some of you guys but many get by the current spam settings leaving us admins to go trolling the forums to see what got thru. We're planning on turning on Akismet shortly (maybe later today), but was wondering if you could walk me (and perhaps others) thru what needs to be regex'd in XF to accomplish what you're referring to above...? I'm assuming you're referring to the "Spam Phrases" section of the Spam Management page? The more automatic the better -- we don't mind cleaning the moderator queue a few times per week, but its the ones that slip thru the validation checks that we have to manually find that are the pains in the rear... Sometimes even we don't notice a spammers message. I think the vast majority of ours have links to, of all things, printer "fix-it" sites... lol

Any direction/guidance would be GREATLY appreciated!!

 

[Suzanne O]

It sounds like you need to block their email addresses and ip addresses.
Also it might be a good idea to have your own question answer captcha as it prevents spam.

 

[ps23Rick]

The pattern I'm seeing, in our case, is disposable gmail accounts being used exactly one time. with links in their single message they post promoting their site for the search engine bots probably. I don't think blocking their IPs or email will have any effect as they never login more than once.. Not sure how well Captcha would work for this.. perhaps it might help...

 

[Suzanne O]

The pattern I'm seeing, in our case, is disposable gmail accounts being used exactly one time. with links in their single message they post promoting their site for the search engine bots probably. I don't think blocking their IPs or email will have any effect as they never login more than once.. Not sure how well Captcha would work for this.. perhaps it might help...

You can wildcard the email address in a ban. It will come up like this *@gmail.com if it was gmail.com.

Captcha works as well as it makes the spam bots have to answer a question that your mates actually know the answer to but the spam bots don't.

 

[whynot]

The pattern I'm seeing, in our case, is disposable gmail accounts being used exactly one time.

Ban all the disposable gmail accounts:
* . * @ gmail.com
Ban all disposable email accounts which have a dot in the name:
* . * @ *
(Remove the spaces)

Edit:

*.*@gmail.com
*.*@*

 

[ps23Rick]

Thanks guys.. Stupid question.. with the patterns above for gmail, what happens to people that are legit that are also gmail based addresses? Won't they also get banned? I'll have to see what the addresses are to see if there's a pattern to their creation (e.g. dots in the name, etc)

 

[whynot]

with the patterns above for gmail, what happens to people that are legit that are also gmail based addresses? Won't they also get banned?

With a dot in their name they will be banned.
abc.xyz@gmail.com will be banned.
xyz@gmail.com won't be banned.

 

[ps23Rick]

thanks.. I'll keep an eye out for the email accounts and see what patterns I can apply to our site. In doing a brief check, it doesn't appear that "our" spammers are using dotted email addresses.. Haven't found one yet.. gotta find a pattern I guess.

 

[billybatz9]

How can I ban posts with links in thread title? They don't post the links in the thread itself, but the title, so it's not really posting a link. Weird. The are finding a way to post their link but not linkable.

 

[Suzanne O]

How can I ban posts with links in thread title? They don't post the links in the thread itself, but the title, so it's not really posting a link. Weird. The are finding a way to post their link but not linkable.

Press the spam button

 

[Ozzy47]

Press the spam button

That does not stop it.

How can I ban posts with links in thread title? They don't post the links in the thread itself, but the title, so it's not really posting a link. Weird. The are finding a way to post their link but not linkable.

Match that via the spam phrases option. Add this to that:

/^https?:\/\/\S+\n/si

This should match those thread titles and you can send them to manual approval or reject them. (I'd recommend manual approval at least while you test the change.)

 

[Suzanne O]

That does not stop it.



Match that via the spam phrases option. Add this to that:

/^https?:\/\/\S+\n/si

This should match those thread titles and you can send them to manual approval or reject them. (I'd recommend manual approval at least while you test the change.)

It works for me.

 

[Ozzy47]

Pressing the spam button does not stop the spam, it gets rid of it.

 

[Suzanne O]

Pressing the spam button does not stop the spam, it gets rid of it.

It does for me, mate. Plus i use the question answer captcha.

Do whatever works for you.
You can change phrases and other things if you want to. But pressing the spam button prevents the ip address, host, and email from re-registering as well as clearing the spam.

 

[billybatz9]

That does not stop it.



Match that via the spam phrases option. Add this to that:

/^https?:\/\/\S+\n/si

This should match those thread titles and you can send them to manual approval or reject them. (I'd recommend manual approval at least while you test the change.)

I added this but it doesn't work. Check my website
www.nanoreefforum.com

They are still attacking

 

[Ozzy47]

Are the threads going into the approval queue?

 

[Ozzy47]

Also, try this instead,

/^http(|s):\/\/\S+/si

 

[billybatz9]

Is it okay if I use both?

Also, try this instead,

/^http(|s):\/\/\S+/si

 

[Paul B]

Use these:

/\[url=("|')?([^"'\]]+)("|')?\].*\[url\]\2\[/si
/\[url=("|')?([^"'\]]+)("|')?\].*\[url=("|')?\2("|')?\]/si

 

[Dark Lynch Nails]

My site is almost a year old and in the last month or so we have an increase in spammers.
However they don’t post anything they just fill there profile page with every possible link you can imagine.

The usernames they choose are a dead giveaway like

V64sfg
Hjxwz123
Fftty164