XF 1.5 We've been spammed - help!

creativeforge · Jul 29, 2015

Hi,

I'm not sure which it is, spammed to death, or hacked to death. I need help from experienced users who can guide me what to do next.

I just disabled the board, so what should I do next?

Thanks!

Andre

Sheratan · Jul 29, 2015

That's spam. Do you have any antispam system in register?

creativeforge · Jul 29, 2015

Yes, that's what's strange... I have also Captcha enabled.

creativeforge · Jul 29, 2015

How can I delete the "users" AND delete their content?

creativeforge · Jul 29, 2015

How come they could register under the radar?

vij · Jul 29, 2015

Read this:
Block spam COMPLETELY with no addons

Its very important to block posts from users who put in links within the first post. That alone will stop almost all spam messages. Once that happens and you fall out of the "success list" of xrumer users, you will be fine. Change questions in QA captcha.

I think a lot of the posts are from one person likely using different user accounts and handful of ips. You should disallow those ips.

imthebest · Jul 29, 2015

creativeforge said:
How can I delete the "users" AND delete their content?

You should use the Spam Cleaner tool.
Spam Management | XenForo

Change your questions and answers.

creativeforge · Jul 29, 2015

OK, done and done!

Now, how do you deal with new users you're uncertain of? They are all using GMail...

vij · Jul 29, 2015

Check ips. Is this a new forum?

creativeforge · Jul 29, 2015

New forum as of last month, yes, and all these IPs were located in South Korea. All these IPs are now banned.

We'll see how the new protection measures work now. Hopefully we averted a disaster, they only polluted one thread that I know of.

Thank you ALL!!!

This is awesome help, right here...

Regards and respect,

Andre

creativeforge · Jul 29, 2015

Well, they came in again 10 minutes ago. Is there a stronger spam-proof option?

creativeforge · Jul 29, 2015

Is this telling you anything about how to setup a better anti-spam defence?

Code:

array(4) {
  ["url"] => string(59) "http://vi-control.net/community/index.php?register/register"
  ["referrer"] => string(59) "http://vi-control.net/community/index.php?register/register"
  ["_GET"] => array(1) {
    ["register/register"] => string(0) ""
  }
  ["_POST"] => array(17) {
    ["username"] => string(0) ""
    ["e1b6b55a818d9d416c407e609a4acdbd"] => string(8) "RaeMarss"
    ["a94ffa68f163a3d4aabdae2623f9b392"] => string(0) ""
    ["0cc047169aee19cd686244756e66ff88"] => string(18) "RaeMarss@yahoo.com"
    ["c995552bd043bf9dd38dda796e874045"] => string(0) ""
    ["1e9355eba3fb0810bafd76b4ca902c09"] => string(4) "male"
    ["dob_month"] => string(1) "2"
    ["dob_day"] => string(2) "12"
    ["dob_year"] => string(4) "1992"
    ["6888f3a76d1ca17c6f0d8c99d5356d67"] => array(1) {
      ["zdjjngqyndu0mgvimwq"] => string(0) ""
    }
    ["custom_fields_shown"] => array(1) {
      [0] => string(19) "zdjjngqyndu0mgvimwq"
    }
    ["6a291124dfb9a79ab40b3a9b197fd289"] => string(14) "Asia/Hong_Kong"
    ["captcha_question_answer"] => string(5) "12:00"
    ["captcha_question_hash"] => string(40) "96ecda96bfd65198bb9ef3f4424cf3922f855712"
    ["agree"] => string(1) "1"
    ["_xfToken"] => string(8) "********"
    ["reg_key"] => string(32) "d2c4d24540eb1ddb67d4b25e616ca97a"
  }
}

Martok · Jul 29, 2015

Post a screenshot of all the settings on the spam management page.

You should change your Q & A questions, they may be too easy.

creativeforge · Jul 29, 2015

What kind of Q&A do you use?

Martok · Jul 29, 2015

Questions relating to what my site is about (PlayStation gaming) - ones that gamers should be able to answer, of course.

Q&A questions should be changed every so often too to ensure they keep the spammers at bay.

creativeforge · Jul 29, 2015

creativeforge · Jul 29, 2015

Martok said:
Questions relating to what my site is about (PlayStation gaming) - ones that gamers should be able to answer, of course.

Q&A questions should be changed every so often too to ensure they keep the spammers at bay.

OK, good, I have 3 questions. One maths, two with completing the lyrics of two songs. Not sure if they have to answer all 3 or if they come in rotation, though...

Question: what's the worst thing spammers can do to a Xenforo forum?

PlayStage · Jul 29, 2015

Hello,

I am using keycaptcha and haven't seen a single spam registration.

Kind regards,
George.

creativeforge · Jul 29, 2015

Martok · Jul 29, 2015

I'd suggest you get Project Honeypot and Akismet keys (links in Spam Management).

creativeforge said:
OK, good, I have 3 questions. One maths, two with completing the lyrics of two songs.

The maths one is likely too easy, anyone can probably answer it. The same may go for the song lyrics. Remember that spammers aren't just bots these days, many are real people.

creativeforge said:
Not sure if they have to answer all 3 or if they come in rotation, though...

Questions are randomly picked from your list.

creativeforge said:
Question: what's the worst thing spammers can do to a Xenforo forum?

Post lots of spam. Make sure that you haven't given any user groups (except maybe moderators and trusted member groups) the bypass flood check permission (so leave it at Not Set (No)) and the flood check time in the ACP is set to no less than 30 seconds (the default). This will limit the amount of spam any spammers that get through can post.

XF 1.5 We've been spammed - help!

Well-known member

Attachments

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Active member

Well-known member

Well-known member

Similar threads

We value your privacy