XF 1.5 We've been spammed - help!

creativeforge

Active member
Hi,

I'm not sure which it is, spammed to death, or hacked to death. I need help from experienced users who can guide me what to do next.

I just disabled the board, so what should I do next?

Thanks!

Andre
 

Attachments

  • 30452c02d80b66b0c00f3f67b1bafc3e.png
    30452c02d80b66b0c00f3f67b1bafc3e.png
    217.9 KB · Views: 65

vij

Well-known member
Read this:
Block spam COMPLETELY with no addons

Its very important to block posts from users who put in links within the first post. That alone will stop almost all spam messages. Once that happens and you fall out of the "success list" of xrumer users, you will be fine. Change questions in QA captcha.

I think a lot of the posts are from one person likely using different user accounts and handful of ips. You should disallow those ips.
 
Last edited:

creativeforge

Active member
OK, done and done!

Now, how do you deal with new users you're uncertain of? They are all using GMail...

  1. Delete...Ban User...Permissions
    nietes956haze nietes956hazel@gmail.com
  2. Delete...Ban User...Permissions
    aalbers1168akihide aalbers1168akihide@gmail.com
  3. Delete...Ban User...Permissions
    crabajales654alleigna crabajales654alleigna@gmail.com
  4. Delete...Ban User...Permissions
  1. tolentino12kyliekisses tolentino12kyliekisses@gmail.com
  2. Delete...Ban User...Permissions
    celli565khiernell69 celli565khiernell69@gmail.com
  3. Delete...Ban User...Permissions
    anacino1162aiji anacino1162aiji@gmail.com
  4. Delete...Ban User...Permissions
    heatherian heatherian02@mail.com
  5. Delete...Ban User...Permissions
    marcelino99conrad marcelino99conrad@gmail.com
  6. Delete...Ban User...Permissions
    aguasapey aguasapey2009@gmail.com
  7. Delete...Ban User...Permissions
    maglaqui01arnold maglaqui01arnold@gmail.com
  8. Delete...Ban User...Permissions
    Marcia pastel_sunrise1@yahoo.com
  9. Delete...Ban User...Permissions
    D.Salzenberg davidsalzenberg@gmail.com
 

creativeforge

Active member
New forum as of last month, yes, and all these IPs were located in South Korea. All these IPs are now banned.

We'll see how the new protection measures work now. Hopefully we averted a disaster, they only polluted one thread that I know of.

Thank you ALL!!! :) This is awesome help, right here... :)

Regards and respect,

Andre
 

creativeforge

Active member
Is this telling you anything about how to setup a better anti-spam defence?

Code:
array(4) {
  ["url"] => string(59) "http://vi-control.net/community/index.php?register/register"
  ["referrer"] => string(59) "http://vi-control.net/community/index.php?register/register"
  ["_GET"] => array(1) {
    ["register/register"] => string(0) ""
  }
  ["_POST"] => array(17) {
    ["username"] => string(0) ""
    ["e1b6b55a818d9d416c407e609a4acdbd"] => string(8) "RaeMarss"
    ["a94ffa68f163a3d4aabdae2623f9b392"] => string(0) ""
    ["0cc047169aee19cd686244756e66ff88"] => string(18) "RaeMarss@yahoo.com"
    ["c995552bd043bf9dd38dda796e874045"] => string(0) ""
    ["1e9355eba3fb0810bafd76b4ca902c09"] => string(4) "male"
    ["dob_month"] => string(1) "2"
    ["dob_day"] => string(2) "12"
    ["dob_year"] => string(4) "1992"
    ["6888f3a76d1ca17c6f0d8c99d5356d67"] => array(1) {
      ["zdjjngqyndu0mgvimwq"] => string(0) ""
    }
    ["custom_fields_shown"] => array(1) {
      [0] => string(19) "zdjjngqyndu0mgvimwq"
    }
    ["6a291124dfb9a79ab40b3a9b197fd289"] => string(14) "Asia/Hong_Kong"
    ["captcha_question_answer"] => string(5) "12:00"
    ["captcha_question_hash"] => string(40) "96ecda96bfd65198bb9ef3f4424cf3922f855712"
    ["agree"] => string(1) "1"
    ["_xfToken"] => string(8) "********"
    ["reg_key"] => string(32) "d2c4d24540eb1ddb67d4b25e616ca97a"
  }
}
 

Martok

Well-known member
Questions relating to what my site is about (PlayStation gaming) - ones that gamers should be able to answer, of course.

Q&A questions should be changed every so often too to ensure they keep the spammers at bay.
 

creativeforge

Active member
Questions relating to what my site is about (PlayStation gaming) - ones that gamers should be able to answer, of course.

Q&A questions should be changed every so often too to ensure they keep the spammers at bay.

OK, good, I have 3 questions. One maths, two with completing the lyrics of two songs. Not sure if they have to answer all 3 or if they come in rotation, though...

Question: what's the worst thing spammers can do to a Xenforo forum?
 

Martok

Well-known member
I'd suggest you get Project Honeypot and Akismet keys (links in Spam Management).

OK, good, I have 3 questions. One maths, two with completing the lyrics of two songs.
The maths one is likely too easy, anyone can probably answer it. The same may go for the song lyrics. Remember that spammers aren't just bots these days, many are real people.

Not sure if they have to answer all 3 or if they come in rotation, though...
Questions are randomly picked from your list.

Question: what's the worst thing spammers can do to a Xenforo forum?
Post lots of spam. Make sure that you haven't given any user groups (except maybe moderators and trusted member groups) the bypass flood check permission (so leave it at Not Set (No)) and the flood check time in the ACP is set to no less than 30 seconds (the default). This will limit the amount of spam any spammers that get through can post.
 
Top