XF 2.0 Spammers, help!

[JoyFreak]

I woke up this morning and found a number of registrants on my forums spamming my forums. I have Q&A on my forums and you also have to validate your email address. These guys have used number of email addresses same as their registered username i.e oyifecuc@outlook.com etc.

How do I keep these guys away? Even though I have Q&A and validate email? I checked and none share same IP nor any other accounts.

https://www.legendofmir.org

 

[Đoàn Hoàng Nam]

I have banned them and deleted their profile. Of course I am going to delete the 100s of threads they made in chinese talking about some university lol.

Can i know your site so i can find solution to help you

 

[Mike]

I've responded to your ticket, though it is mostly just an expansion of what I said earlier. Generally, you need to attempt to identify what makes these registrations and their content unique from your real users and use that to try to take action against them specifically.

 

[JoyFreak]

Where do you go to make it manually approve content?

 

[Mike]

You'd generally do this via user group promotions. Set your registered group's "Submit content without approval" permission to "No". Create a new "trusted" user group and set that permission to "Yes".

Now create a user group promotion to give users the "trusted" group based on whatever criteria you want to use, commonly "User has posted at least X messages". (There is an example of this promotion in the XF1 manual: https://xenforo.com/help/user-group-promotions/)

 

[JoyFreak]

Can i know your site so i can find solution to help you

It is in my signature. Thank you!

You'd generally do this via user group promotions. Set your registered group's "Submit content without approval" permission to "No". Create a new "trusted" user group and set that permission to "Yes".

Now create a user group promotion to give users the "trusted" group based on whatever criteria you want to use, commonly "User has posted at least X messages". (There is an example of this promotion in the XF1 manual: https://xenforo.com/help/user-group-promotions/)

Okay, I decided to go with the user group promotion option. See how I get on. Thank you.

 

[Floyd R Turbo]

Also, don't delete any spammers, just ban them. Maybe things work differently in XF2, I don't know how you delete only a "profile". If you ban someone, their profile is not viewable publicly...correct?

Banning them keeps their info to help prevent anyone else from registering again with the same info.

 

[JoyFreak]

@Mike I have set registered usergroup permission "Submit content without approval" to "No" and created a new "trusted" user group and set that permission to "Yes".

I have created a user group promotion to give users the "trusted" group based on the "User has posted at least X messages" which I have set to 1. So when I approve their first post providing it isnt spam, they can continue to post without approval. However, it does not seem to work? As members who have already 1+ posts still post with the need of approving their post still.

I have checked the 'Add user to user groups' to 'Trusted' and checked 'User is a member of any of the selected user groups:' to 'Registered'.
So what am I doing wrong?

 

[Mike]

There are a couple notes:

1. Promotions aren't triggered instantly. Depending on exact circumstances, it could be 1-2 hours before a promotion is re-evaluated.
2. Promotions are only re-evaluated on users that are recently after. If you want to update the promotion status of all users, regardless of activity state, go to tools > rebuild caches >rebuild user group promotions. Afterwards, you should be able to look at the groups various users are in and they should be in the trusted group if they have a 1+ message count.

 

[Yugensoft]

I checked and none share same IP nor any other accounts.

Are there any patterns in the IPs? Are they Chinese IPs?

 

[JoyFreak]

No, they are in America lol. But they could be using a VPN or proxy.

 

[Yugensoft]

No, they are in America lol. But they could be using a VPN or proxy.

Hmm. You could try using my Post Guard add-on, as I ported it to a XF2 version (the rest of my addons are yet to be ported).
https://xenforo.com/community/resources/post-guard-basic.5814/

Then you could add a restriction against Chinese characters using the following post guard: /\p{Han}/si.
That should theoretically stop them posting their spam, given that it's in Chinese. So it might be a stopgap measure for now.

The problem with the rest of the suggestions (other than manual approval) is that this is a professional automated spam attack; they've successfully broken recaptcha so that they can sign up for outlook emails and bypass your forum's recaptcha, and they're using a database to record Q&As (using human assistance). One other user reported the same attack here (probably happening to hundreds or thousands of other sites). The only way to reliably beat it is to use non-standard anti-spam measures (only breaking through standard & uniform anti-spam measures is profitable to a spammer).

 

[JoyFreak]

How do you block an email address from registering as this person seems to be using a few sharklasers.com emails which when I visited the website is a temporary email company. Looks like this person is not a bot but a real person who is using a vpn/proxy. I have some idea who it might be because I banned this person on his normal account after being abusive to staff and this happened straight after. Doesn’t take a genius.

 

[Ozzy47]

Might still be this:

admin-cp --> users --> banning --> banned emails
then add *@sharklasers.com

 

[Nirjonadda]

temporary email

Use this XML files : https://xenforo.com/community/resources/ban-spam-emails-mailchecker.5939/

 

[JoyFreak]

You legends, thank you so much!

 

[Hemant Aggarwal]

I am going through the same thing. I receive at least 50 threads daily from spammers, and I delete them manually.