[TAC] Total XF1 Anti-Spam Collection Complete [Paid] 1.2.92

[tenants]

tenants updated TAC(Tenants Anti-Spam Collection) - Anti-Spam Complete Collection with a new update entry:

updates for the latest version of xf (XenForo 1.5.11)

re-introduces foolbothoneypot. This works with the latest version of xf, and logs everything as before, with a few alternative types of hidden fields.

I'm planning to move all of these plugins into xenforo 2.0

I've tested alll plugins with XenForo 1.5.11

that includes:

1) AnyApi:
2) FoolBotHoneyPot:
3) StopHumanSpam:
4) StopCountrySpam:
5) CustomImgCatpcha:
6) FaceBookRegCaptcha
7) Dedos

Read the rest of this update entry...

 

[tenants]

Okay... so this resource is back and I've re-included and updated version of foolbothoneypot

I'm planning to move the entire thing over to xf2.0 once we have a xenforo version to play with

 

[dehness]

Can any of these add-on's be used to monitor existing members for malicious activity? Or are people only analyzed during registration?

We are an invite-only forum so we don't have the problem of spam bots/humans, however, this creates its own set of problems, as people who are banned seek to come back by hacking accounts, fraudulently obtaining invites, or attempting to socially engineer their way into existing inactive member accounts by claiming they're the original owner.

If there is a way to perform the Proxy/VPN/TOR queries on existing members, say once a day, or once per new IP, and report the findings in a thread or the admincp, that would be very helpful to us.

 

[tenants]

Stop Human Spam, stops attempts to posts links / pretend links / bad words in title/post or just adding signatures / urls in their account profile
Dedos, if you mean stopping them from scrapping your site, or bot dossing your site
These two do not just act on registration, but act site wide

However FBHP, CustomImgCaptach & StopCountrySpam work on registration
Proxy detection works with FBHP registration, however once registered, I don't then go on and track them (once they are in, they are assumed non bots, and that's fairly true)

Dedos stops quite a lot of tors and VPNs (it does a host look up and a reverse ip look up), but it does this for non registered users site wide

 

[Mouth]

When's next version update due, to include latest FBHP and SHS, etc. ?

 

[tenants]

I've got some work to do on stop human spam, so don't I don't want to release the pack until then (possibly 3- 7 days), but if you own the pack, you can get the latest foolbothoneypot separate from :

http://www.surreyforum.co.uk/thread...stering-with-a-custom-registration-page.1621/

 

[tenants]

tenants updated TAC(Tenants Anti-Spam Collection) - Anti-Spam Complete Collection with a new update entry:

Updated all plugins to the latest version for this pack

includes:

1. TAC AnyApi 1.0.6
2. Tac AuthCaptha 1.0.1.
3. TAC CustomImgCaptcha - Customise your images for CAPTCHA 2.4.1
4. TAC De-Dos - Reduce the effect DOS attacks usually caused by spam bots 2.0.08
5. TAC FoolBotHoneyPot - Stop spam bots registering 3.0.07
6. TAC StopCountrySpam - black/white list country IPs from registering 3.0.01
7. TAC StopHumanSpam - signature/link/homepage conditions & banned word posts 1.3.5

Read the rest of this update entry...

 

[tenants]

When's next version update due, to include latest FBHP and SHS, etc. ?

I almost always over estimate my deadlines

 

[Alpha1]

Does this addon(s) have any callbacks to your server?

 

[tenants]

Which one, and probably not, no

There is an API (stopbotters) in foolbothoneypot that checks IP addresses on registration, which you can turn on / off

That's the only thing I can think of, all the other addons are completely independant

 

[Alpha1]

This resource has been removed and is no longer available for download.

I am interested in buying this if the above is unlikely to happen again.

 

[tenants]

Use the free version if you can't afford it (most people usually do):
https://xenforo.com/community/resou...-spam-collection-anti-spam-free-version.1474/

Things happen in life, making guarantees about the future is effectively a lie, I can't guarantee I'll even be alive tomorrow, but I'll damn sure try my hardest to make sure spam is killed off on xenforo forums if I am!

 

[Pierce]

Use the free version if you can't afford it (most people usually do):
https://xenforo.com/community/resou...-spam-collection-anti-spam-free-version.1474/

Things happen in life, making guarantees about the future is effectively a lie, I can't guarantee I'll even be alive tomorrow, but I'll damn sure try my hardest to make sure spam is killed off on xenforo forums if I am!

This looks like an interesting project.

Can I disable all captcha because even the Google ones seem to give issues to users.

Will I still be protected?

 

[tenants]

see the registration at xenzine.com (it's one of the places I've been testing it on a 1.5.x xf version)

I wouldn't recommend going so native, all mechanism (even/especially from the largest companies) get targeted at some point.

There will be people that say, yes you can go without captach, and go on to praise fbhp ... it is good, it's true
but honestly, I don't care that I'm the designer, I am not going to lie to you, I don't think it's wise going without a back up mechanism, and that it true for all anti-spam (an anti-spam dev that tells you different is being reckless)

You should always have 2ndry mechanisms for the day that one of your mechanism (or multiple) are targeted. Just make sure they are human friendly
That said, I use multiple API's with anyAPI so I can get away with no catpcha to some degree, but it leaves me a bit open to attack from clean IP's when they one day do target some of these mechanisms (I believe the mechanisms should last a few years)

 

[tenants]

Does this addon(s) have any callbacks to your server?

I think I know why you might have asked this now

If the sever is down, the default behaviour from API no response is to treat the person as a human (no errors)
StopCountrySpam is the place where this is most likely to occur, in which case it assumes all users that it can't tell where they are from are non blocked countries (and throws no errors)

 

[Alpha1]

I have bought this and wonder about SFS: is there any way to set SFS to ignore usernames?
Where do I find options for:

1. botscout
2. fspamlist
3. spambusted
4. dedos

 

[tenants]

absolutely, turn of sfs usernames, it pulls so many false positives (thats a core option, if you would rather use the core way... or turn off sfs in the core and use it via anyapi)

For 1,2,3, they are all apis that can be set up with AnyApi (as can sfs), it's very flexible to configuration: admin.php?anyapi/logic

Bare in mind, you don't need that many API's, disposable email and sfs is probably enough

Here you can see that I have set up stop forum spam to not even consider usernames (this is the default settting, you only really need to tick it on or off, but it's very flexible if you want to modify it):





4) is a separate plugin, not an API (but part of this pack), options are in the xenforo options: admin.php?options/list/dedos

 

[Alpha1]

Thanks. http://www.spambusted.com/ is down btw.
We whitelist email domains ourselves, so we don't need the disposable email service.

I don't see how to ignore SFS usernames in the core BTW. I only see the option to use a number of flags, which simply doesn't work well. We need to block any user that has IP or email listed in SFS, even if there is 1 flag.

We can definitely see that spammers are getting trough XF core settings BTW.

 

[tenants]

I know, core honeypots are dead, reg timer is dead, API's a re bypassed by holding back until a reg threshold is reached. This will become more and more noticeable over the next couple of months

That's why are brought foolbothoneypot back to life (this is the new wave of spam bots I noticed a little while back)
(both xrumer and gsa https://xenforo.com/community/threa...hidden-fields-honeypots-core-antispam.125685/)

I haven't used the core sfs since it existed, anyApi gives me much more flexibility and detailed logging
I can't believe they wouldn't allow you to turn off usenames, that will be riddled with false positives

... try turning off sfs in the core and using it with the default setting in AnyApi, I don't block on username (they content spin these anyway, so the core will only really moderate real humans and not bots)

See profiles names at 2:15

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.

Accept third party cookies

 

[tenants]

tenants updated TAC(Tenants Anti-Spam Collection) - Anti-Spam Complete Collection with a new update entry:

updates to the latest versions

1. TAC AnyApi 1.0.6
2. TAC AuthCaptha
3. TAC CustomImgCaptcha - Customise your images for CAPTCHA 2.4.1..
4. TAC De-Dos - Reduce the effect DOS attacks usually caused by spam bots 2.0.08
5. TAC FoolBotHoneyPot - Stop spam bots registering 3.0.16
6. TAC StopCountrySpam - black/white list country IPs from registering 3.0.03
7. TAC StopHumanSpam - signature/link/homepage conditions &...

Read the rest of this update entry...