XF 2.2 Spam in Website, Occupation and About user fields - how do we combat it?

Stuart Wright

Well-known member
Are the Website, Occupation and About user fields scanned for spam? Feels like an obvious question. No, they are not.
People are registering with AVForums to put spam in the website field and then never visiting again.
These fields seem to be hard coded and don't have permissions.
At this point, I want to remove the website field completely from the forums. It's just inviting spam.
Have I completely missed any tools to manage these fields?
If not, I'll add a suggestion to manage them.
 
Are you sure these spam registrations are actually people and not bots? I installed @Ozzy47 's Registration Spaminator mod years ago and I can't recall the last time I saw a spam registration. How this mod isn't the highest rated mod in the resources section baffles me. It's awesome.

 
Agree with this. Not only are certain user-inputed fields inviting spam, but there's also just some general weirdness with profiles that don't make sense (to me anyway). I ended up making an internal add-on to sort the profile weirdness out, but would love to see it built into XenForo.

Like why is someone's join date or age so important that it appears in the user blurb (like click on my avatar on this post to see my age or the date I joined this forum). To me that info is probably better suited for the user's About tab if someone really wants to know.

1667498156489.webp

So for example if you take join date or age off the user blub, it's moved to the About tab automatically.

I use XenForo for non-forum sites, so a lot of the profile doesn't make sense in my case (I don't always want what become useless tabs on user profiles):

1667498242561.webp

Those fields are controlled by user group permissions.

1667498466643.webp

You can force profile updates (things like the user's about changing, which is a huge spam vector for us) to go into a review queue for moderators. In this case, someone editing their "about you" field sends that that change to a "Profile" review queue in the staff bar:

1667498935444.webp

1667498976558.webp

Errrr... okay, I got sidetracked with my XenForo wishlist related to profiles. 😬

Long story short is I took away the default fields that are used for spam through user group permissions. Which allows the permissions to be given to certain users via user group promotions (for example if they have been a member for awhile or have some posts)... or simply not at all, because some sites don't even need user profiles because it's not a social media or forum site.
 
Agree with this. Not only are certain user-inputed fields inviting spam, but there's also just some general weirdness with profiles that don't make sense (to me anyway). I ended up making an internal add-on to sort the profile weirdness out, but would love to see it built into XenForo.

Like why is someone's join date or age so important that it appears in the user blurb (like click on my avatar on this post to see my age or the date I joined this forum). To me that info is probably better suited for the user's About tab if someone really wants to know.

View attachment 275945

So for example if you take join date or age off the user blub, it's moved to the About tab automatically.

I use XenForo for non-forum sites, so a lot of the profile doesn't make sense in my case (I don't always want what become useless tabs on user profiles):

View attachment 275946

Those fields are controlled by user group permissions.

View attachment 275949

You can force profile updates (things like the user's about changing, which is a huge spam vector for us) to go into a review queue for moderators. In this case, someone editing their "about you" field sends that that change to a "Profile" review queue in the staff bar:

View attachment 275950

View attachment 275951

Errrr... okay, I got sidetracked with my XenForo wishlist related to profiles. 😬

Long story short is I took away the default fields that are used for spam through user group permissions. Which allows the permissions to be given to certain users via user group promotions (for example if they have been a member for awhile or have some posts)... or simply not at all, because some sites don't even need user profiles because it's not a social media or forum site.
This is great. How do you feel about adding a suggestion for this as you've already done the graphic and spec work ^? You'd do a better job of the suggestion than me. And, of course, you'll get your first upvote from me.
 
I too see a fair amount of spam in the Website and profile fields. Why these aren’t scanned is beyond me…..especially the website field. Rather than removing that field I’ve used this as a “honeypot” to trap spammers. I check the Spam Logs daily and repeatedly find accounts that are chip-shots to mark as Spam. Sucks that things have to be done manually, but at least they’re getting booted and reported.
 
Are you sure these spam registrations are actually people and not bots? I installed @Ozzy47 's Registration Spaminator mod years ago and I can't recall the last time I saw a spam registration. How this mod isn't the highest rated mod in the resources section baffles me. It's awesome.


+1 Great Add-On to stop spam
 
This is great. How do you feel about adding a suggestion for this as you've already done the graphic and spec work ^? You'd do a better job of the suggestion than me. And, of course, you'll get your first upvote from me.
Ya sure... will put it together later today.

My add-on does a few other things I'll throw in there too. It cleans up some minor cosmetic issues with user profiles (for example for location, I don't need the text "From" when we have FontAwesome icons), it adds a user Notes tab (for mods/admins... something I really miss from vBulletin), it adds the ability for users to to have a display name separate from username, adds the ability to bookmark users, etc.

Basically it's become my catch-all for user profiles improvements.

1667502424787.webp

1667502283461.webp
 
I embrace that the website and about fields are spam magnets. Its an awesome way to highlight spam registrations and immediately ban those.

@Xon has built triggers for this into his Signup Abuse addon for me. It works like a charm. Spammers cannot resist to put spam links and keywords in there. So the registrations go to moderation and then are spam cleaned.
So my staff doesnt have to go hunting for spammers. They will just announce themselves.
Members will never see the accounts. I hide the website field anyway. Only the member itself can see it on profile. :D
 
  • Like
Reactions: Xon
Top Bottom