XF 2.2 Spam user Accounts

usm116

Member
I just setup my forum and I am already getting dozen for spam account requests. I have reCAPTCHA enabled for new uses and have also installed cloudflare WAF and security. Is there something else I can do?

Screen Shot 2021-12-24 at 12.47.10 PM.webp
 
Every site gets spam accounts.

Use the built in tools to automate the handling and processing of them - admin.php?options/groups/spam/ .
 
I have reCAPTCHA enabled for new uses and have also installed cloudflare WAF and security. Is there something else I can do?
I use Q & A instead. I also have some custom registration fields which of course you need to manually check ( I
use a registration email addon so easy to check if cusom fiels look wrong as they happen, won't work on large forums though I suspose)

I also have Stopforumspam and akismet API key.

Any links in new registrations activate manual approval by having this in spam phrases:

Code:
/^\[url.*\[\/url\]$/si
/^http\S+$/si
/\[url=("|')?([^"'\]]+)("|')?\].*\[url\]\2\[/si
/\[url=("|')?([^"'\]]+)("|')?\].*\[url=("|')?\2("|')?\]/si
/^https?:\/\/\S+\n/si
 
Last edited:
I switched to Q&A CAPTCHA, with questions made my me, spam user registration has actually completely stopped. Seems like spam bots are able to easily get around the default CAPTCHA
 
I find that with fairly tight settings, I get most of the spammer crowd being rejected automatically using StopForumSpam. Basically, if they get 1 blacklist hit, they go to approval, any more they get summarily rejected. Haven't had any issues with false positives but I get very few legit signups anyhow.
 
You shouldn't use name as criteria, in some cases they are too regular names, and thus they trigger spam listings, which is totally wrong. IPs too aren't most reliable. Mail should be the most important spam trigger.

If we could setup weight of trigger, it would be much better.
 
Back
Top Bottom