1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam - what is Xenforo.com doing itself ? [Hallowe'en 2012]

Discussion in 'General XenForo Discussion and Feedback' started by Digital Doctor, Oct 30, 2012.

Thread Status:
Not open for further replies.
  1. Digital Doctor

    Digital Doctor Well-Known Member

    Seems that Xenforo.com is the only site still getting bombarded by spam.
    Sure the mods are getting tired of it.
    Seems like something else needs to be done.

    What is Xenforo.com currently using ? Seems like Xenforo.com needs some Spam Addons installed :)

    xenforo.com.spam.jpg

    I think a large amount of precious moderator time is being wasted cleaning up all the spam.
     
    Shyuan, erich37 and Adam Howard like this.
  2. Russ

    Russ Well-Known Member

    We have 868 pages of registrations that have been blocked since August 21st :),

    That's 17,360 and we're not even a busy site yet.
     
  3. Adam Howard

    Adam Howard Well-Known Member

  4. RobParker

    RobParker Well-Known Member

    This is getting a bit ridiculous. It hardly gives a good impression of the forums to find it full of spam every morning.

    Wouldn't setting a few good Q&A captchas make a big difference as they seem to have done elsewhere. At the minute it looks like no one really cares.
     
  5. RobParker

    RobParker Well-Known Member

    By setting a few Q&A questions we've never had any problems with spammers. There are also multiple spam protection addons which work really well. While understandably they don't want to use 3rd party addons on here, I don't know why they refuse to setup some better captchas.
     
    Kings Hat likes this.
  6. tenants

    tenants Well-Known Member

    This is the core functionality, I think it should be left as core, with no plug-ins to show new users that are interested in buying the software what the core has to offer

    Simple QAs will not stop bots registering here (the PR is too high for it not to "look" valuable for gaining links, and QAs are easy to extract the question list, since it is unlikely someone will sit down and type 1 Million unique questions that are not easy to solve with simple logic or extract the answers easily from Google... bots can do both)

    Having said that, they have installed their own plug-ins to show case them: Resource Manager.
    If you start adding plug-ins, new users will complain that they thought they were getting X/Y/Z, but now realise they have to pay for it

    There are many anti-spam plug-ins available, see the list here: http://xenforo.com/community/resources/dealing-with-forum-spam.980/

    I use my own CAPTCHA and anti-spam techniques which I have found to be 100% effective so far (I really love my Custom Img Captcha, but then I am blowing my own... so to speak):

    CustomImgCaptcha (free): http://xenforo.com/community/resources/customimgcaptcha.1161/
    FoolBotHoneyPot (paid): http://xenforo.com/community/resources/foolbothoneypot.1085/
    StopCountrySpam (paid): http://xenforo.com/community/resources/stopcountryspam.1016/

    You can also use alternative CAPTCHA mechanisms:

    KeyCaptcha: http://xenforo.com/community/resources/keycaptcha-interactive-captcha.987/

    The core for 1.3 will include the use of the StopForumSpam database (to look up a username/ip/email list of already known spammers), see here: 1.2 to include spam prevention
    A plug-in named StopSpamHere already implements this (paid): http://xenforo.com/community/resources/sonnb-stop-spam-here.1086/
    As does XenUtiles: http://xenforo.com/community/resources/8wayrun-com-xenutiles-tools.104/
     
    HWS and Kings Hat like this.
  7. Shyuan

    Shyuan Well-Known Member

    Agreed. Used to be not so frequent. But now, everyday I see spam threads when I read my Google Reader. :/
     
    James likes this.
  8. high1976

    high1976 Active Member

    345.669 blocked registrations since August 10st with XenUtiles ;)
    need the spam-cleaner maybe 3 times a week
     
  9. ShadyX

    ShadyX Well-Known Member

    I use q&a with 20 posts to be able to post links. I get like 3 spam posts per month.
     
  10. RobParker

    RobParker Well-Known Member

    We have around 5 questions and that's prevented any bots from registering. I appreciate we're obviously not as high profile but I'd suggest Q&As would still help a lot.
     
  11. tenants

    tenants Well-Known Member

    If you make sure you don't use simple logic questions and questions that cant easily be queried with a search engine, I'm not saying it wont help (for a while)

    http://en.wikipedia.org/wiki/XRumer

    One of Xrumers "show-offs" is that it contains a list of high PR XenForo sites, this being one of them

    If those sites started to no longer work for Xrumer, it wouldn't take much to learn the QA answers (Xrumer already learns many QAs)
    a quick link to the latest version of XRumer: http://ixrumer.com/xrumer/

    You'll notice they talk about

    QAs are not the way forward, neither are common CAPTCHAs... they will learn from these / train against them

    Custom CAPTCHA (your own CAPTHCA method or the free resource CustomImgCaptcha ), the stop forum spam method (coming in 1.3) to prevent known bots, hidden honey pot fields (such as FoolBotHoneyPot) and customisations of your registration pages that you can do your self (or also available with FoolBotHoneyPot), and validating the first few posts will all help and last a lot longer as methods

    With QAs, you might find you will need to update them every few months to keep beating back the bots

    There is another very big problem with QA's, but unfortunately I can't really talk about it until a fix is made
     
    Sadik B and RobParker like this.
  12. CyclingTribe

    CyclingTribe Well-Known Member

    Presumably then, a person visits your site and grabs your questions (and answers) and adds then to the list within this software tool, then users of the software download the latest update (including your now-beaten Q&As) and get their spam through the front door?

    So would it be good practice to rotate your Q&A's weekly/monthly to defeat such attempts?
     
    tenants likes this.
  13. tenants

    tenants Well-Known Member

    Not just the individual, the Xrumer application contains an extensive list of QAs, the Xrumer application can query common QAs using search engines, the Xrumer application can beat simple logic.. on top of that, the individual can edit their own textcapctha.txt (edit: oh, yes... I'm not sure if this text file then gets sent on, presumably it would make sense to do that)

    Yes, it is a good idea to keep changing QAs (especially once you know they have failed), this is also true for image CAPTCHA .... prune out your weak CAPTCHA methods regularly

    ... text QAs is a fail for many reasons (not just for the reason I can not talk about), bots will make this more obvious in the months to come, right now, since text QAs are becoming widely used, we are entering the learning phase for Xrumer

    It will always be an arms race if you use common methods to stop bots, even Google with extensive funds, continuously updating ReCAPTCHA are battling hard (as you can see by the amount of spam from ReCAPTCHA being beaten recently)

    ReCAPTCHA will work again soon, but it will then be broken again too.. this will come and go in waves as the battle continues
     
    CyclingTribe likes this.
  14. steven s

    steven s Well-Known Member

    Certainly looks that way. If I visited a forum for the first time and saw several spams I'd think the admin abandoned the site.
    Out of the box it is very weak. I don't know how anyone could deny that at this point.
     
  15. HWS

    HWS Well-Known Member

    tenants, just want to thank you for your work at those addons. Each of them more than recommendable. It is heartwarming to eperience the expertise and the dedication of some XenForo forum members here.

    Whereas the real owners and developers of XenForo sadly do not care any more since a long time.
     
  16. Pereira

    Pereira Well-Known Member

    We had spam at the same time most XenForo forums were being spammed at the very start. We used reCaptcha at the time (which is useless nowadays).

    We started using the Q&A system which has worked brilliantly. We ask basic questions that only people visiting our site would know if they were going to sign up and we've never had any spam accounts register since. Plus we don't have any third party addon installed.
     
    Shyuan likes this.
  17. dutchbb

    dutchbb Well-Known Member

    I've recently installed the Solve Media plugin and don't think I've seen much if any spam since. But just an intelligent question/answer filters out most of the spam too.
     
  18. steven s

    steven s Well-Known Member

    These are all wonderful preventative solutions.
    The question is really why haven't any been installed?
    I am giving up reporting of the spam.
     
    SchmitzIT likes this.
  19. HWS

    HWS Well-Known Member

    I asume that this forum is used as a presentation tool for XenForo to show it's core product in action. It would be simply not acceptable to install any foreign addon.

    Since no one develops XenForo currently, there is also no future version with a better anti-spam feature to be installed.
     
    Taxi, Sparkiller and SchmitzIT like this.
  20. Edrondol

    Edrondol Well-Known Member

    Using XenUtils my small site has blocked 24,928 since putting it in place August 23 after the Great Spam Migration of 2012. 243 since midnight.

    You just can't buy any better piece of mind than that. It's a fracking great product.
     
Thread Status:
Not open for further replies.

Share This Page