XF 2.0 Spammers, help!

JoyFreak

Well-known member
I woke up this morning and found a number of registrants on my forums spamming my forums. I have Q&A on my forums and you also have to validate your email address. These guys have used number of email addresses same as their registered username i.e oyifecuc@outlook.com etc.

How do I keep these guys away? Even though I have Q&A and validate email? I checked and none share same IP nor any other accounts.

https://www.legendofmir.org
 

Mike

XenForo developer
Staff member
I've responded to your ticket, though it is mostly just an expansion of what I said earlier. Generally, you need to attempt to identify what makes these registrations and their content unique from your real users and use that to try to take action against them specifically.
 

Mike

XenForo developer
Staff member
You'd generally do this via user group promotions. Set your registered group's "Submit content without approval" permission to "No". Create a new "trusted" user group and set that permission to "Yes".

Now create a user group promotion to give users the "trusted" group based on whatever criteria you want to use, commonly "User has posted at least X messages". (There is an example of this promotion in the XF1 manual: https://xenforo.com/help/user-group-promotions/)
 

JoyFreak

Well-known member
Can i know your site so i can find solution to help you
It is in my signature. Thank you!

You'd generally do this via user group promotions. Set your registered group's "Submit content without approval" permission to "No". Create a new "trusted" user group and set that permission to "Yes".

Now create a user group promotion to give users the "trusted" group based on whatever criteria you want to use, commonly "User has posted at least X messages". (There is an example of this promotion in the XF1 manual: https://xenforo.com/help/user-group-promotions/)

Okay, I decided to go with the user group promotion option. See how I get on. Thank you.
 

Floyd R Turbo

Well-known member
Also, don't delete any spammers, just ban them. Maybe things work differently in XF2, I don't know how you delete only a "profile". If you ban someone, their profile is not viewable publicly...correct?

Banning them keeps their info to help prevent anyone else from registering again with the same info.
 

JoyFreak

Well-known member
@Mike I have set registered usergroup permission "Submit content without approval" to "No" and created a new "trusted" user group and set that permission to "Yes".

I have created a user group promotion to give users the "trusted" group based on the "User has posted at least X messages" which I have set to 1. So when I approve their first post providing it isnt spam, they can continue to post without approval. However, it does not seem to work? As members who have already 1+ posts still post with the need of approving their post still.

I have checked the 'Add user to user groups' to 'Trusted' and checked 'User is a member of any of the selected user groups:' to 'Registered'.
So what am I doing wrong?
 

Mike

XenForo developer
Staff member
There are a couple notes:
  1. Promotions aren't triggered instantly. Depending on exact circumstances, it could be 1-2 hours before a promotion is re-evaluated.
  2. Promotions are only re-evaluated on users that are recently after. If you want to update the promotion status of all users, regardless of activity state, go to tools > rebuild caches >rebuild user group promotions. Afterwards, you should be able to look at the groups various users are in and they should be in the trusted group if they have a 1+ message count.
 

Yugensoft

Well-known member
No, they are in America lol. But they could be using a VPN or proxy.
Hmm. You could try using my Post Guard add-on, as I ported it to a XF2 version (the rest of my addons are yet to be ported).
https://xenforo.com/community/resources/post-guard-basic.5814/

Then you could add a restriction against Chinese characters using the following post guard: /\p{Han}/si.
That should theoretically stop them posting their spam, given that it's in Chinese. So it might be a stopgap measure for now.

The problem with the rest of the suggestions (other than manual approval) is that this is a professional automated spam attack; they've successfully broken recaptcha so that they can sign up for outlook emails and bypass your forum's recaptcha, and they're using a database to record Q&As (using human assistance). One other user reported the same attack here (probably happening to hundreds or thousands of other sites). The only way to reliably beat it is to use non-standard anti-spam measures (only breaking through standard & uniform anti-spam measures is profitable to a spammer).
 

JoyFreak

Well-known member
How do you block an email address from registering as this person seems to be using a few sharklasers.com emails which when I visited the website is a temporary email company. Looks like this person is not a bot but a real person who is using a vpn/proxy. I have some idea who it might be because I banned this person on his normal account after being abusive to staff and this happened straight after. Doesn’t take a genius.
 
Top