• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.4 Use reCAPTCHA (No CAPTCHA) - Setup

ineedhelp

Well-known member
#1
I setup the new captcha yesterday by adding in the google key and secret key.

But I've noticed NO improvement in preventing bots and spamming from signing up.

I didn't complete setup 1 and 2 where it tells you to enter code into the Header and on the server.

Anyone know where I go to enter the codes?

Also why hasn't it blocked spammers/bots from joining so far?
 

Mike

XenForo developer
Staff member
#2
You just need to enter your site and secret keys into the option.

The NoCAPTCHA option is really more about providing a better experience for real users; it's still ReCAPTCHA under the hood.

That said, I would suggest that the spam registrations you're getting are not bots but humans.
 

ineedhelp

Well-known member
#3
You just need to enter your site and secret keys into the option.

The NoCAPTCHA option is really more about providing a better experience for real users; it's still ReCAPTCHA under the hood.

That said, I would suggest that the spam registrations you're getting are not bots but humans.
They probably are human, because 98% of them upload a display pic. Unless bots can do this as well ? :confused:

I'm getting like 30ish every day signing up.
 

Mike

XenForo developer
Staff member
#4
Well bots can do profile pictures, but there is a huge amount of human spam out there. You could consider add-ons that do blocks based on country/ISP, as you may find most of your spam comes from different countries than where your members are.
 

ineedhelp

Well-known member
#5
Well bots can do profile pictures, but there is a huge amount of human spam out there. You could consider add-ons that do blocks based on country/ISP, as you may find most of your spam comes from different countries than where your members are.
Can you suggest a good add-on which blocks countries?
 

rainmotorsports

Well-known member
#6
Can you suggest a good add-on which blocks countries?
I tried TACs stop country spam recently and it failed to block Pakistani traffic from hostnames ending in pk and using some of their oldest IPs in service so I personally had no luck with that one. But he has his entire lineup branded for free so you can always try it out first.
 

ineedhelp

Well-known member
#7
I tried TACs stop country spam recently and it failed to block Pakistani traffic from hostnames ending in pk and using some of their oldest IPs in service so I personally had no luck with that one. But he has his entire lineup branded for free so you can always try it out first.
My forum is also being hit by spammers with Pakistani IP addresses. We must be facing a similar situation.

If you do come across a working blocker, let me know thanks.
 

rainmotorsports

Well-known member
#8
My forum is also being hit by spammers with Pakistani IP addresses. We must be facing a similar situation.

If you do come across a working blocker, let me know thanks.

I've got my settings to auto reject on 2 flags which takes care of 80% of the spam and I'm moderating on 1 which catches a few false positives from people who wish to sign up with names like Sean and Paul. Turning the days to check against helps because they might not have used an IP for awhile.

I got a couple days of near quiet after I did that and then they changed up. Almost all were registering as female but no longer. The ones not getting caught based on email or IP and getting through are mostly male.

TechPowerUp (TPU) has a plugin I was going to try. It has many features but the one I'm interested in is blocking by hostname. The spam not coming from Pakistan or Airtel in India is coming from data centers. So blocking leaseweb, rackspace, hivelocity, ipvanish and others will reduce a lot of my spam.
 

gfc

Active member
#9
My forum is also being hit by spammers with Pakistani IP addresses. We must be facing a similar situation.

If you do come across a working blocker, let me know thanks.
I block pakistani, chinese etc directly on the server with iptables and ipset. Works great.
 

rainmotorsports

Well-known member
#10
@ineedhelp https://xenforo.com/community/resources/tpu-detect-and-block-spam-registrations.2973/

The one I mentioned earlier. Installed it today and it is beautiful. It works on a weighted system one score for sending to moderation and another score for automatic rejection. I have set some of the more obvious ones to +6 for auto rejection for example. I don't want to block too many countries so I left India at +1, but I changed Pakistan, PK to +6.

Here are some of my settings for you, the majority of my spam coming directly from Pakistan or India come from these 2 AS names:
+6|AIRTELBROADBAND-AS-AP
+6|PKTELECOM-AS-PK

While the pakistan spam has no hostname the Indian airtel does so for extra measure under hostnames:
+6|*.airtelbroadband.in

Now the remained of my spam is funneled through VPN's via datacenters. I don't wish to block VPN access but I don't mind rejecting VPN registration at all.

Leaseweb is very common here are the AS names:
+6|LEASEWEB-US
+6|LEASEWEB-NETWORK

Some others so far I have run into (still waiting on Hivelocity and rackspace ones to hit me):
+6|HWNG
+6|ASGHOSTNET
+6|PREMIANET

The leaseweb VPN's are all hosted by a company called zenmate and I am blocking them via hostname:
+6|*.zenmate.com

There are several stock countries but as an example to auto reject all Pakistan registrations:
+1|CN
+1|IN
+6|PK
 

rainmotorsports

Well-known member
#11
HA, just as I wrote the above I caught one I have never run into before, france lol. Dedicated server host:
upload_2015-1-24_4-26-8.png

Because I have my SFS email and IP set to ad +3 each it auto rejected. However AS-CHOOPA was in the stock settings as a +1 as well.

This one based on my above settings was caught:
upload_2015-1-24_4-33-2.png

They tried again and again with the same username, different email and kept getting rejected until they gave up.
 
Last edited:

jauburn

Well-known member
#14
Well bots can do profile pictures, but there is a huge amount of human spam out there. You could consider add-ons that do blocks based on country/ISP, as you may find most of your spam comes from different countries than where your members are.
Where does this human spam come from? How are they paid? What are they paid? Does anyone know?