• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Stuart's anti-spam tips

Stuart Wright

Well-known member
We've been getting slightly different spam patterns over the last few days, so I thought I'd share what we do to combat spam. Very little gets through. We have over 30,000 banned accounts with the vast majority being spammers and many brought over from vB3.
Xenforo's anti-spam measures stop all automated spam, so this is about stopping human spammers, who tend to be from the poorer countries - Bangladesh, Cambodia, Cameroon, Congo, Egypt, India, Indonesia, Iran, Iraq, Jordan, Kazakhstan, Kenya, Morroco, Nigeria, Pakistan, Philippines, Somalia, Sri Lanka and Vietnam. We also get cookie stuffers from Korea and slightly more sophisticated (but rarer) product promotion from China, Hong Kong, Russia and Ukraine.
Most spammers aren't particularly sophisticated, so they tend to have routines which mean there are common account attributes. Often female, sometimes with a sexy avatar, location is US. Easy to spot and decimate.
My top tips.
  1. I use https://xenforo.com/community/resources/slider-captcha.3756/ which is the most elegant and easy human verification captcha I've seen.
  2. Get a StopForumSpam key and enter that into your Spam Management options so that known IPs and email addresses get flagged. I have been putting them in the user moderation queue, but if they have just a few email and/or IP matches, I tend to deny registration, so I may start blocking them automatically. Also having a StopForumSpam key means you contribute to the spam database, which is particularly satisfying.
  3. Install this https://xenforo.com/community/resources/country-flags-by-ip-address.3080/ so you can instantly see what country the spammers are posting from.
  4. Force people to enter their location on registration, then if it doesn't match the country flag, you can investigate. There are also patterns in what the spammers enter. Recently a lot have been entering 'earth' or 'vic'.
  5. Install https://xenforo.com/community/resources/spam-rules-by-waindigo.2771/ and set it to put all posts by people from spammy countries into the moderation queue.
  6. If you have some countries which only have spammers, install this addon https://xenforo.com/community/resources/user-registration-spam-rules-by-waindigo.2890/ to stop people from those countries from registering altogether. We block Bangladesh, India, Republic of Korea and Pakistan
  7. If you get more than one spam attempt at a specific domain, block by adding it to the Spam Phrase box in the Spam Management tools page. I put posts in the moderation queue so that if we see a spammer, we can decimate them.
  8. I use https://xenforo.com/community/resources/mws-daily-statistics.2111/ which gives me a convenient link for today's registrations. I tend to scan down that list and quickly spot spammers.
Lastly it helps if you have a good community who report spam.

Recently we've been having more spammers with UK and US IP addresses, which is a concern because most of our membership is from those two countries.

What are your experiences?

Jim Boy

Well-known member
We use a few of the methods in the OP, but the main things are:
* Reasonably sophisticated captcha
* Making good use of the banned email functionality
* New registrations generally do not have the ability to create threads, there are rules based around time and posts made
* Most importantly a strong moderator team