• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Spammers still getting through registration

Status
Not open for further replies.

Carlos

Well-known member
#1
Ever since I installed the xenForo 1.1.4 update on my biggest forum, I've not had seen a lot of spam...

However, there are still a few spammers that get through registration. The new trend is the weight loss spammers. Watch for them.

1. Profile Spam.
2. They pretend to be a real user by uploading an avatar with the examples below:

ProfileSpam.png

3. Their usernames are pretty consistent. Numbers at the end are the same.

Keep in mind, I've got SolveMedia's CAPTCHA, and [Jaxel's] xenUtilies running in the background....

It's quite obvious that spam prevention tools on xenForo needs improving...

BROGAN! This does NOT belong here. This is about xenForo.

CARLOS! It's not a suggestion so it was moved.
 

Russ

Well-known member
#2
Everyone has their own experiences but with QnA + Jaxels xenUtils with the API's enabled we have had zero spam. Have you tried to decent QnA's before?
 

Carlos

Well-known member
#4
Everyone has their own experiences but with QnA + Jaxels xenUtils with the API's enabled we have had zero spam. Have you tried to decent QnA's before?
I don't want to have to edit the Q&A's all the time. Which is why I opted for a CAPTCHA-style hack. I fell in love with SolveMedia's because not only will it combat spam, it's an ad on top of it; meaning I get monies. :D
 

tenants

Well-known member
#5
These still look like XRumer (but can't confirm), iterating through usernames is bot like behaviour (and continuous user attempts is also bot like behaviour). XRumer does have the ability to upload avatars, pick out topic relevant conversations / forums

Try a few other plugins, one might pleasantly surprise you (hint.. fbhp currently stops 100% of bots, but if it is human spam, StopHumanSpam / StopCountrySpam might help)

There is more than just XenUtiles and Common CAPTCHA that bots have been trained to beat,
a few are listed here: Dealing with forum spam

The core will always be targeted. As methods are put in place globally, the reward for breaking these methods becomes higher

QA's have been beaten for a while (This is a game of Russian roulette, it's only time until your qa is added to textcaptcha.txt and then shared on a central db)
 

Adam Howard

Well-known member
#6
The only draw back about Questions and Answers (Q & A) is the language barrier. If your site accepts everyone (word-wide) and allows all languages... Q & A isn't going to be a solution.

And captcha sometimes also adds this limitation. Because the keyboard characters are not universal either. And to be honest, most of them make it impossible for a real human person to read what is actually on the screen. Or are dependent on media from outside sources.

Nothing is 100% full proof or bullet proof. But for what it is worth, we currently use the following

http://xenforo.com/community/resources/sonnb-stop-spam-here.1086/

With....
http://xenforo.com/community/resources/sonnb-stop-spam-here-stop-forum-spam-api.1092/
http://xenforo.com/community/resources/sonnb-stop-spam-here-spambusted-api.1107/
http://xenforo.com/community/resources/sonnb-stop-spam-here-fspamlist-api.1108/
http://xenforo.com/community/resources/sonnb-stop-spam-here-botscout-api.1106/

And.....

http://xenforo.com/community/resources/xf-qaptcha.1241/

But we also prevent new members from posting links, sending PM's, posting profile updates, or posting or commenting on profile walls, and editing signatures.

This typically keeps out all spammers. And those who still are able to register (usually v6 IP addresses), can't post spam anyways because of all the reasons stated above.
 

MikeMpls

Well-known member
#10
1.1.4 was pretty good out of the box (I have three forums on it), but eventually the spammers found it.

In the forum where I allow unregistered guest posts, I had to delete as many as 24 in a 2-3 hour period. Spam registrations were popping up again with some frequency. Moderating registrations and unregistered posts didn't seem to discourage them, and I really hate wasting my time in that manner.

So I a week ago I reintroduced KeyCaptcha, which a few months ago applied the coup de grace to all the spammies in my 1.1.3 forums. I've had no spam issues since.

I know some criticize KeyCaptcha as theoretically driving users away, but i question that. I've never really noticed a difference before & after, and personally I find KeyCaptcha much easier than ReCaptcha (plus the spammers long ago broke ReCaptcha -- what's hard for us to read is easier with a computer & the right software).

So these are my successful combinations which block virtually all spam:

1.1.4: Out of the box (with registration time & DNS BL enabled) + KeyCaptcha

1.1.3: Deny County (blocks Russia, Ukraine, India, China) + all 3 blocklists in XenUtiles + KeyCaptcha
 

Carlos

Well-known member
#14
If you have time to keep doing the same thing over & over, that's fine. I prefer more permanent solutions.
Then you pretty much agree with what I said. :)
Your questions and the correct answers will end up in Xrumer's database share by all their ilk.
This is one issue that put me off from using Q&A. It poses a security hole. Because the xRumer database will eventually be hacked. Just like Anonymous hacked LucSec and vice versa. So once these hackers get your Q&A, it goes into bigger problems than just your forum.
 

Carlos

Well-known member
#16
Huh? That makes absolutely no sense at all. Especially since the answer to your Q&A has nothing to do with how secure your server is.
Who said anything about servers? You ever consider the security of your e-mail address? Because the whole point of this xrumer database is to bypass these Q&A input boxes... Like I said: Bigger problems than your forum.

It's the same thing as having this index of popular passwords and/or popular PIN numbers.
 

Biker

Well-known member
#19
Who said anything about servers? You ever consider the security of your e-mail address? Because the whole point of this xrumer database is to bypass these Q&A input boxes... Like I said: Bigger problems than your forum.

It's the same thing as having this index of popular passwords and/or popular PIN numbers.
You edited after I replied.

And no, it's NOT like an index of passwords. Let's get real here, shall we?
 

Sheldon

Well-known member
#20
Wait, so if someone cracks my Q/A at my forum, there may be a security issue with my email? An I following this convo correctly?
 
Status
Not open for further replies.