• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.5 We've been spammed - help!

vij

Active member
#6
Read this:
Block spam COMPLETELY with no addons

Its very important to block posts from users who put in links within the first post. That alone will stop almost all spam messages. Once that happens and you fall out of the "success list" of xrumer users, you will be fine. Change questions in QA captcha.

I think a lot of the posts are from one person likely using different user accounts and handful of ips. You should disallow those ips.
 
Last edited:
#10
New forum as of last month, yes, and all these IPs were located in South Korea. All these IPs are now banned.

We'll see how the new protection measures work now. Hopefully we averted a disaster, they only polluted one thread that I know of.

Thank you ALL!!! :) This is awesome help, right here... :)

Regards and respect,

Andre
 
#12
Is this telling you anything about how to setup a better anti-spam defence?

Code:
array(4) {
  ["url"] => string(59) "http://vi-control.net/community/index.php?register/register"
  ["referrer"] => string(59) "http://vi-control.net/community/index.php?register/register"
  ["_GET"] => array(1) {
    ["register/register"] => string(0) ""
  }
  ["_POST"] => array(17) {
    ["username"] => string(0) ""
    ["e1b6b55a818d9d416c407e609a4acdbd"] => string(8) "RaeMarss"
    ["a94ffa68f163a3d4aabdae2623f9b392"] => string(0) ""
    ["0cc047169aee19cd686244756e66ff88"] => string(18) "RaeMarss@yahoo.com"
    ["c995552bd043bf9dd38dda796e874045"] => string(0) ""
    ["1e9355eba3fb0810bafd76b4ca902c09"] => string(4) "male"
    ["dob_month"] => string(1) "2"
    ["dob_day"] => string(2) "12"
    ["dob_year"] => string(4) "1992"
    ["6888f3a76d1ca17c6f0d8c99d5356d67"] => array(1) {
      ["zdjjngqyndu0mgvimwq"] => string(0) ""
    }
    ["custom_fields_shown"] => array(1) {
      [0] => string(19) "zdjjngqyndu0mgvimwq"
    }
    ["6a291124dfb9a79ab40b3a9b197fd289"] => string(14) "Asia/Hong_Kong"
    ["captcha_question_answer"] => string(5) "12:00"
    ["captcha_question_hash"] => string(40) "96ecda96bfd65198bb9ef3f4424cf3922f855712"
    ["agree"] => string(1) "1"
    ["_xfToken"] => string(8) "********"
    ["reg_key"] => string(32) "d2c4d24540eb1ddb67d4b25e616ca97a"
  }
}
 

Martok

Well-known member
#13
Post a screenshot of all the settings on the spam management page.

You should change your Q & A questions, they may be too easy.
 

Martok

Well-known member
#15
Questions relating to what my site is about (PlayStation gaming) - ones that gamers should be able to answer, of course.

Q&A questions should be changed every so often too to ensure they keep the spammers at bay.
 
#17
Questions relating to what my site is about (PlayStation gaming) - ones that gamers should be able to answer, of course.

Q&A questions should be changed every so often too to ensure they keep the spammers at bay.
OK, good, I have 3 questions. One maths, two with completing the lyrics of two songs. Not sure if they have to answer all 3 or if they come in rotation, though...

Question: what's the worst thing spammers can do to a Xenforo forum?
 

Martok

Well-known member
#20
I'd suggest you get Project Honeypot and Akismet keys (links in Spam Management).

OK, good, I have 3 questions. One maths, two with completing the lyrics of two songs.
The maths one is likely too easy, anyone can probably answer it. The same may go for the song lyrics. Remember that spammers aren't just bots these days, many are real people.

Not sure if they have to answer all 3 or if they come in rotation, though...
Questions are randomly picked from your list.

Question: what's the worst thing spammers can do to a Xenforo forum?
Post lots of spam. Make sure that you haven't given any user groups (except maybe moderators and trusted member groups) the bypass flood check permission (so leave it at Not Set (No)) and the flood check time in the ACP is set to no less than 30 seconds (the default). This will limit the amount of spam any spammers that get through can post.