XF 1.5 We've been spammed - help!

creativeforge

Well-known member
Hi,

I'm not sure which it is, spammed to death, or hacked to death. I need help from experienced users who can guide me what to do next.

I just disabled the board, so what should I do next?

Thanks!

Andre
 

Attachments

  • 30452c02d80b66b0c00f3f67b1bafc3e.webp
    30452c02d80b66b0c00f3f67b1bafc3e.webp
    141 KB · Views: 65
Read this:
Block spam COMPLETELY with no addons

Its very important to block posts from users who put in links within the first post. That alone will stop almost all spam messages. Once that happens and you fall out of the "success list" of xrumer users, you will be fine. Change questions in QA captcha.

I think a lot of the posts are from one person likely using different user accounts and handful of ips. You should disallow those ips.
 
Last edited:
OK, done and done!

Now, how do you deal with new users you're uncertain of? They are all using GMail...

  1. Delete...Ban User...Permissions
    avatar_male_s.png
    nietes956haze nietes956hazel@gmail.com
  2. Delete...Ban User...Permissions
    avatar_s.png
    aalbers1168akihide aalbers1168akihide@gmail.com
  3. Delete...Ban User...Permissions
    avatar_male_s.png
    crabajales654alleigna crabajales654alleigna@gmail.com
  4. Delete...Ban User...Permissions
  1. tolentino12kyliekisses tolentino12kyliekisses@gmail.com
  2. Delete...Ban User...Permissions
    avatar_male_s.png
    celli565khiernell69 celli565khiernell69@gmail.com
  3. Delete...Ban User...Permissions
    avatar_s.png
    anacino1162aiji anacino1162aiji@gmail.com
  4. Delete...Ban User...Permissions
    avatar_s.png
    heatherian heatherian02@mail.com
  5. Delete...Ban User...Permissions
    avatar_male_s.png
    marcelino99conrad marcelino99conrad@gmail.com
  6. Delete...Ban User...Permissions
    avatar_male_s.png
    aguasapey aguasapey2009@gmail.com
  7. Delete...Ban User...Permissions
    avatar_male_s.png
    maglaqui01arnold maglaqui01arnold@gmail.com
  8. Delete...Ban User...Permissions
    avatar_female_s.png
    Marcia pastel_sunrise1@yahoo.com
  9. Delete...Ban User...Permissions
    avatar_male_s.png
    D.Salzenberg davidsalzenberg@gmail.com
 
New forum as of last month, yes, and all these IPs were located in South Korea. All these IPs are now banned.

We'll see how the new protection measures work now. Hopefully we averted a disaster, they only polluted one thread that I know of.

Thank you ALL!!! :) This is awesome help, right here... :)

Regards and respect,

Andre
 
Is this telling you anything about how to setup a better anti-spam defence?

Code:
array(4) {
  ["url"] => string(59) "http://vi-control.net/community/index.php?register/register"
  ["referrer"] => string(59) "http://vi-control.net/community/index.php?register/register"
  ["_GET"] => array(1) {
    ["register/register"] => string(0) ""
  }
  ["_POST"] => array(17) {
    ["username"] => string(0) ""
    ["e1b6b55a818d9d416c407e609a4acdbd"] => string(8) "RaeMarss"
    ["a94ffa68f163a3d4aabdae2623f9b392"] => string(0) ""
    ["0cc047169aee19cd686244756e66ff88"] => string(18) "RaeMarss@yahoo.com"
    ["c995552bd043bf9dd38dda796e874045"] => string(0) ""
    ["1e9355eba3fb0810bafd76b4ca902c09"] => string(4) "male"
    ["dob_month"] => string(1) "2"
    ["dob_day"] => string(2) "12"
    ["dob_year"] => string(4) "1992"
    ["6888f3a76d1ca17c6f0d8c99d5356d67"] => array(1) {
      ["zdjjngqyndu0mgvimwq"] => string(0) ""
    }
    ["custom_fields_shown"] => array(1) {
      [0] => string(19) "zdjjngqyndu0mgvimwq"
    }
    ["6a291124dfb9a79ab40b3a9b197fd289"] => string(14) "Asia/Hong_Kong"
    ["captcha_question_answer"] => string(5) "12:00"
    ["captcha_question_hash"] => string(40) "96ecda96bfd65198bb9ef3f4424cf3922f855712"
    ["agree"] => string(1) "1"
    ["_xfToken"] => string(8) "********"
    ["reg_key"] => string(32) "d2c4d24540eb1ddb67d4b25e616ca97a"
  }
}
 
Questions relating to what my site is about (PlayStation gaming) - ones that gamers should be able to answer, of course.

Q&A questions should be changed every so often too to ensure they keep the spammers at bay.
 
Questions relating to what my site is about (PlayStation gaming) - ones that gamers should be able to answer, of course.

Q&A questions should be changed every so often too to ensure they keep the spammers at bay.

OK, good, I have 3 questions. One maths, two with completing the lyrics of two songs. Not sure if they have to answer all 3 or if they come in rotation, though...

Question: what's the worst thing spammers can do to a Xenforo forum?
 
I'd suggest you get Project Honeypot and Akismet keys (links in Spam Management).

OK, good, I have 3 questions. One maths, two with completing the lyrics of two songs.
The maths one is likely too easy, anyone can probably answer it. The same may go for the song lyrics. Remember that spammers aren't just bots these days, many are real people.

Not sure if they have to answer all 3 or if they come in rotation, though...
Questions are randomly picked from your list.

Question: what's the worst thing spammers can do to a Xenforo forum?
Post lots of spam. Make sure that you haven't given any user groups (except maybe moderators and trusted member groups) the bypass flood check permission (so leave it at Not Set (No)) and the flood check time in the ACP is set to no less than 30 seconds (the default). This will limit the amount of spam any spammers that get through can post.
 
Top Bottom