XF 1.4 Spam Phrases and Blocking Chinese Spam

okhello

Member
We've been getting hit by these awful chinese spammers:

英华国际教育,QQ/微信:274848895 专业为留学生办理毕业证、成绩单、使馆留学回国人员证明、教育部学历学位认证、网上存档永久可查!

Q/微信274848895毕业证 成绩单 回国证明 学历认证 留信认证 网上可查永久存档


★办理留信网认证。(国家专业人才认证中心颁发入库证书,将在网内查询个人身份证信息后,同步读取人才网入 库信息。)

--------------------------------留学信息咨询 留学服务中心 联系人Davie----------------------------------

◆办理真实使馆公证(即留学回国人员证明,不成功不收费!!!) 

◆办理教育部国外学历学位认证。(网上可查、永久存档、快速稳妥,回国发展,考公务员,落户,进国企,外企 ,创业,无忧愁) 

◆办理各国各大学文凭(世界名校一对一专业服务,可全程监控跟踪进度)  

◆全套服务:毕业证、成绩单、真实使馆公证、真实教育部认证。让您回国发展信心十足!

◆可以提供钢印、水印、烫金、激光防伪、凹凸版、最新版的毕业证、百分之百让您绝对满意、设计,印刷,DH L快递;毕业证、成绩单,真实大使馆教育部认证,速度快。

我们真诚的提醒广大留学生朋友:  
一. 本行业市场混乱,不要只贪图便宜,无论是真实版还是顶级1:1复制版,都会有相应的成本在里面,我们绝对保 证一分钱一分货!  
二. 真实的使馆认证及教育部认证,公司完全按照正规的流程手续办理。可自行前往北京教育部窗口递交与拿结果!! !目前有一些同行所办理出来的认证只能在虚假网站查询1-3个月左右的时间,并不是教育部官网,也不可能永久存档。那样是对学生的不负责任,在办理的时候一定要慎重 !  
三. 随时可以监视进度,我们会让您清楚看到,你所投入的每一分钱都能够确实得到回报,若您认为不值得,完全可以 中止付款。

通知-------本公司城招各地代理商,一切事宜价格最低,保证信誉效率质量,客户个人信息保密。

-------------------------以上联系方式敬请保留,以备急用,诚心合作,真诚制作!!欢迎新老客户咨询办理!!
怎么办理美国UW毕业证书Q/微信〖274848895〗办理华盛顿大学毕业证书/成绩单UW学历认证办理国外毕业证怎么办理美国UW毕业证书Q/微信〖274848895〗办理华盛顿大学毕业证书/成绩单UW学历认证办理国外毕业证怎么办理美国UW毕业证书Q/微信〖274848895〗办理华盛顿大学毕业证书/成绩单UW学历认证办理国外毕业证

I've put some of the characters in the Spam Phrases tool, but that doesn't seem to help. Is there a way to get the system to flag any post that contains 大, regardless of the other characters surrounding it? Like, *大*? Or is that not how wildcards work?

Any other ideas are appreciated.
 
They're using canadian IPs, hotmail and other legit email providers. Nothing fishy.
I don't want to add a Q/A just to block chinese spammers. These are literally the only spammers that are getting past TPU: Detect Spam Registrations and Xenforo's built in spam blocker.

If there's a way to get Spam Phrases to detect an individual chinese character, the problem will be solved.
 
"*大*" should work without issue. How are you testing whether it is blocked? Users with more than a few posts likely won't be spam checked.
 
They're using canadian IPs, hotmail and other legit email providers. Nothing fishy.
I don't want to add a Q/A just to block chinese spammers. These are literally the only spammers that are getting past TPU: Detect Spam Registrations and Xenforo's built in spam blocker.

If there's a way to get Spam Phrases to detect an individual chinese character, the problem will be solved.

What kind of settings are you running in TPU? You seem to focus on the whole canadian IP aspect rather than what host names. The majority of IP's probably belong to datacenters running VPN's on rented servers. Blocking the dozen or so hostnames which will block any traffic from those hosts will often take a dent out of it. Mind you your blocking traffic from servers. The only users coming from servers are either there at the data center or using proxies/vpn's through those hosts which often are not normal vpn providers. Blocking them will have little consequence versus blocking regular ISP's, common VPN providers.

Every situation is different. If you are an english site yeah the spam phrase will probably do more than not.
 
"*大*" should work without issue. How are you testing whether it is blocked? Users with more than a few posts likely won't be spam checked.
The staff member who added 大 to Spam Phrases didn't put the wildcards around it. Glad to hear that it should work, I've added a few chinese characters with those wildcards now and hopefully they'll be caught next time.
 
What kind of settings are you running in TPU? You seem to focus on the whole canadian IP aspect rather than what host names. The majority of IP's probably belong to datacenters running VPN's on rented servers. Blocking the dozen or so hostnames which will block any traffic from those hosts will often take a dent out of it. Mind you your blocking traffic from servers. The only users coming from servers are either there at the data center or using proxies/vpn's through those hosts which often are not normal vpn providers. Blocking them will have little consequence versus blocking regular ISP's, common VPN providers.

Every situation is different. If you are an english site yeah the spam phrase will probably do more than not.

Tips about our TPU configuration would be great!

Here is the registration data from the two spammers that hit us yesterday:

TPUDetectSpamReg checking: qaewyu01, qaewyu01@outlook.com, 71.19.245.8
AS detected: ASN11831, ESECUREDATA - eSecureData,CA
+1. Email matched: *@outlook.com
Hostname detected: automotivedeals.info
Country detected: CA
Total score: +1

TPUDetectSpamReg checking: liqijia01, liqijia01@hotmail.com, 184.170.137.145
AS detected: ASN10929, NETELLIGENT - Netelligent Hosting Services Inc.,CA
Hostname detected: 184.170.137.145
Country detected: CA
Total score: +0

These are the hostnames we have in TPU:
+1|*vpn*
+1|*vps*
+1|*dedi*
-1|*.gov
-1|*.mil
+1|*.rdns.ubiquity.io
+1|*.rdns.ubiquityservers.com
+1|*.hostwindsdns.com
+1|*.dedibox.fr
+1|*.linode.com

AS Name:
+2|VERSAWEB-ASN
+2|SINGLEHOP-INC
+2|OVH
+2|STEEPHOST*
+2|AS-COLOCROSSING
+2|SERVERHUB*
+2|BANKINFORM-AS
+2|AFNCA-ASN
+1|CDC-LMB?
+1|QUERY-FOUNDRY
+1|CANTV
+1|INCERO
+1|BLCC*
+1|EMPIRE
+1|PLI-AS
+1|AS-CHOOPA
+1|WII-KC
+1|UKSERVERS-AS
+1|ECATEL-AS
+1|STEADFAST
+1|SWIFTWAY-AS
+1|ASEVERHOST
+1|RAMNODE
+1|BESTHOSTING-AS
+1|ENZUINC-*
+1|40676
+1|SERVERYOU
+1|DIMENOC
+1|DATASHACK
+1|IOFLOOD
+1|FDCSERVERS
+1|RICAWEBSERVICES
+1|PEGTECHINC
+1|WOWRACK
+1|VOXILITY-AS
+1|SERVER-MANIA
+1|COLO-AT-55-LLC
+1|SERVERIUS-AS
+1|ABSTATION
+1|IPTELLIGENT
+1|PEER1
+1|GORILLASERVERS
+1|WEBEXXPURTS
+1|REDSTATION
+1|VIRPUS
+1|SSASN?
+1|AS-QUADRANET
+1|QUADRANET
+1|VPLSNET
+1|57858
+1|VOLUMEDRIVE
+1|OPPOBOX

I'd appreciate any changes you can recommend. Thanks!
 
Top Bottom