Spammers still getting through registration

Status
Not open for further replies.
Carlos

Carlos

Well-known member
Ever since I installed the xenForo 1.1.4 update on my biggest forum, I've not had seen a lot of spam...

However, there are still a few spammers that get through registration. The new trend is the weight loss spammers. Watch for them.

1. Profile Spam.
2. They pretend to be a real user by uploading an avatar with the examples below:

ProfileSpam.webp

3. Their usernames are pretty consistent. Numbers at the end are the same.

Keep in mind, I've got SolveMedia's CAPTCHA, and [Jaxel's] xenUtilies running in the background....

It's quite obvious that spam prevention tools on xenForo needs improving...

BROGAN! This does NOT belong here. This is about xenForo.

CARLOS! It's not a suggestion so it was moved.
 
Everyone has their own experiences but with QnA + Jaxels xenUtils with the API's enabled we have had zero spam. Have you tried to decent QnA's before?
 
Nothing is bot proof. Nothing. On the same note, nothing prevents human registration, either.
 
Russ said:
Everyone has their own experiences but with QnA + Jaxels xenUtils with the API's enabled we have had zero spam. Have you tried to decent QnA's before?
Click to expand...
I don't want to have to edit the Q&A's all the time. Which is why I opted for a CAPTCHA-style hack. I fell in love with SolveMedia's because not only will it combat spam, it's an ad on top of it; meaning I get monies. :D
 
These still look like XRumer (but can't confirm), iterating through usernames is bot like behaviour (and continuous user attempts is also bot like behaviour). XRumer does have the ability to upload avatars, pick out topic relevant conversations / forums

Try a few other plugins, one might pleasantly surprise you (hint.. fbhp currently stops 100% of bots, but if it is human spam, StopHumanSpam / StopCountrySpam might help)

There is more than just XenUtiles and Common CAPTCHA that bots have been trained to beat,
a few are listed here: Dealing with forum spam

The core will always be targeted. As methods are put in place globally, the reward for breaking these methods becomes higher

QA's have been beaten for a while (This is a game of Russian roulette, it's only time until your qa is added to textcaptcha.txt and then shared on a central db)
 
The only draw back about Questions and Answers (Q & A) is the language barrier. If your site accepts everyone (word-wide) and allows all languages... Q & A isn't going to be a solution.

And captcha sometimes also adds this limitation. Because the keyboard characters are not universal either. And to be honest, most of them make it impossible for a real human person to read what is actually on the screen. Or are dependent on media from outside sources.

Nothing is 100% full proof or bullet proof. But for what it is worth, we currently use the following

http://xenforo.com/community/resources/sonnb-stop-spam-here.1086/

With....
http://xenforo.com/community/resources/sonnb-stop-spam-here-stop-forum-spam-api.1092/
http://xenforo.com/community/resources/sonnb-stop-spam-here-spambusted-api.1107/
http://xenforo.com/community/resources/sonnb-stop-spam-here-fspamlist-api.1108/
http://xenforo.com/community/resources/sonnb-stop-spam-here-botscout-api.1106/

And.....

http://xenforo.com/community/resources/xf-qaptcha.1241/

But we also prevent new members from posting links, sending PM's, posting profile updates, or posting or commenting on profile walls, and editing signatures.

This typically keeps out all spammers. And those who still are able to register (usually v6 IP addresses), can't post spam anyways because of all the reasons stated above.
 
Sage Knight said:
Nothing beats good Q&As about your specific niche. I hardly get any spam at all because of this.
Click to expand...


Yeah, I just thought up some good Q&A questions, and it meant I could remove all spam add ons and just use the built in stuff.
 
1.1.4 was pretty good out of the box (I have three forums on it), but eventually the spammers found it.

In the forum where I allow unregistered guest posts, I had to delete as many as 24 in a 2-3 hour period. Spam registrations were popping up again with some frequency. Moderating registrations and unregistered posts didn't seem to discourage them, and I really hate wasting my time in that manner.

So I a week ago I reintroduced KeyCaptcha, which a few months ago applied the coup de grace to all the spammies in my 1.1.3 forums. I've had no spam issues since.

I know some criticize KeyCaptcha as theoretically driving users away, but i question that. I've never really noticed a difference before & after, and personally I find KeyCaptcha much easier than ReCaptcha (plus the spammers long ago broke ReCaptcha -- what's hard for us to read is easier with a computer & the right software).

So these are my successful combinations which block virtually all spam:

1.1.4: Out of the box (with registration time & DNS BL enabled) + KeyCaptcha

1.1.3: Deny County (blocks Russia, Ukraine, India, China) + all 3 blocklists in XenUtiles + KeyCaptcha
 
oman said:
Yeah, I just thought up some good Q&A questions, and it meant I could remove all spam add ons and just use the built in stuff.
Click to expand...

Clever you!

Clever them: Your questions and the correct answers will end up in Xrumer's database share by all their ilk.
 
MikeMpls said:
Clever you!

Clever them: Your questions and the correct answers will end up in Xrumer's database share by all their ilk.
Click to expand...


That's why you change them regularly. If the questions are good enough, the bots will take a while to work them out.
 
MikeMpls said:
If you have time to keep doing the same thing over & over, that's fine. I prefer more permanent solutions.
Click to expand...
Then you pretty much agree with what I said. :)
MikeMpls said:
Your questions and the correct answers will end up in Xrumer's database share by all their ilk.
Click to expand...
This is one issue that put me off from using Q&A. It poses a security hole. Because the xRumer database will eventually be hacked. Just like Anonymous hacked LucSec and vice versa. So once these hackers get your Q&A, it goes into bigger problems than just your forum.
 
Biker said:
Huh? That makes absolutely no sense at all. Especially since the answer to your Q&A has nothing to do with how secure your server is.
Click to expand...
Who said anything about servers? You ever consider the security of your e-mail address? Because the whole point of this xrumer database is to bypass these Q&A input boxes... Like I said: Bigger problems than your forum.

It's the same thing as having this index of popular passwords and/or popular PIN numbers.
 
Carlos said:
Who said anything about servers? You ever consider the security of your e-mail address? Because the whole point of this xrumer database is to bypass these Q&A input boxes... Like I said: Bigger problems than your forum.

It's the same thing as having this index of popular passwords and/or popular PIN numbers.
Click to expand...

You edited after I replied.

And no, it's NOT like an index of passwords. Let's get real here, shall we?
 
Wait, so if someone cracks my Q/A at my forum, there may be a security issue with my email? An I following this convo correctly?
 
Status
Not open for further replies.

Similar threads

4
"Manually approve registration if user shares IP used by a banned or rejected user in last" not always working
Replies
6
Views
1K
Xon
X
Baby Community
Baby Community Site Display Area
Replies
1
Views
866
Baby Community
Baby Community
Morrus
Batch update users to delete spammers
Replies
0
Views
408
Morrus
Morrus
Okiewan
  • Question Question
XF 2.0 Registration Fails
Replies
6
Views
513
Okiewan
Okiewan
keithgh
Spammers What are using to check the ones that slip through the System
Replies
2
Views
769
Alpha1
Alpha1
Top Bottom