XF 1.5 We've been spammed - help!

[creativeforge]

Hi,

I'm not sure which it is, spammed to death, or hacked to death. I need help from experienced users who can guide me what to do next.

I just disabled the board, so what should I do next?

Thanks!

Andre

 

[creativeforge]

Hello,
I am using keycaptcha and haven't seen a single spam registration.
Kind regards,
George.

Hi, thank you for the tip.

Question: what about the "forgot password" page, is it necessary that it shows up there too?
Someone wrote: "Unfortunately I cannot use this product if it won't show up on the Lost Password form."

Also it's not been updated for 2 years. Are you running 1.5?

Thanks George!

 

[creativeforge]

I'd suggest you get Project Honeypot and Akismet keys (links in Spam Management).
Post lots of spam. Make sure that you haven't given any user groups (except maybe moderators and trusted member groups) the bypass flood check permission (so leave it at Not Set (No)) and the flood check time in the ACP is set to no less than 30 seconds (the default). This will limit the amount of spam any spammers that get through can post.

OK, I'm looking into this.

What about: Require two-step verification:?

 

[vij]

I have been using same settings but with recaptcha and see no automated spam.

Are you still seeing links in the spam post?
If yes, is it with the first spam post ? (then your spam phrases are not right)
Did you change the QA? Most popular questions AND math questions are automatically answered by spam softwares and 3rd party spam plugs. I was a spammer. I know this.

 

[creativeforge]

I didn't see any links in the posts. Just a bunch of Korean characters. So before they wake up and find entry again, I'd like to lock this tight so they go bother nobody else...

 

[PlayStage]

Question: what about the "forgot password" page, is it necessary that it shows up there too?

Of course it's vital to show up there too.
You wouldn't want to overload your mail server.

If it were up to me I'd implement a captcha verification for a number of posts made by a new member.

 

[vij]

I didn't see any links in the posts. Just a bunch of Korean characters. So before they wake up and find entry again, I'd like to lock this tight so they go bother nobody else...

Try putting some common korean characters in the spam phrases. I hope it supports those characters.
Change QA and report please.

You can even block countries
TPU: Detect and Block Spam Registrations

 

[creativeforge]

OK, Project HoneyPot is now asking me questions beyond my comprehension...

Language?
Share statistics?
Share?

 

[creativeforge]

Of course it's vital to show up there too.
You wouldn't want to overload your mail server.

If it were up to me I'd implement a captcha verification for a number of posts made by a new member.

Keycaptcha does not show on that page. At least it wasn't a year or so ago.

Also, how can I monitor ALL the security I have, I don't want it to lock the board. When is too much is too much?

 

[PlayStage]

If it were up to me I'd implement a captcha verification for a number of posts made by a new member.

Found an addon: Captcha on Posting

 

[creativeforge]

I chose Keycaptcha (not the addon, the real site). All setup, totally love the concept.

Captcha on Posting link is dead, George...

Thank you all, Martok you've been really helpful, thanks George, vij, Sheratan, Super 120,

Good night all, I'll let you know if we have more visitors tomorrow,

Regards,

Andre

 

[PlayStage]

Captcha on Posting link is dead, George...

It seems that xf 1.5 auto-link parsing is having some problems.
I actually downloaded and installed that addon but when I pasted the url the link has been automatically trashed.

Search for ******* Captcha on Posting.

 

[creativeforge]

Thanks for the tip, but I think I'll be fine for now. I think someone else was wondering, though...

Thanks!

 

[creativeforge]

I have another question: how come I don't see any Spam Cleaner boxes on profile cards?
-

 

[Paul B]

Hover over the avatar.

 

[creativeforge]

Should I not see something like this?

 

[Paul B]

Click the spam link which overlays the avatar.

If it doesn't appear, the criteria is incorrect.

 

[creativeforge]

Hmm.. I only see "Edit" when I hover over the avatar on the profile card. Where do I set the criterias?

 

[Paul B]

Spam Management | XenForo

 

[creativeforge]

Thanks Brogan!

For anyone reading this around year 2045, here is the answer to my question...

Spam Cleaner
To use the Spam Cleaner, the relevant permission must be enabled. This can be done by way of user group or user permissions, which are explained in detail in the Permissionssection.

The Spam Cleaner itself can be run from several locations:

• On a thread or profile post by clicking the Spam link to the right of the time and date.
• On a member card by clicking the Spam link which overlays the avatar.
• On a profile page by clicking the Spam Cleaner link below the member name.

Clicking any of those links will result in a Spam Cleaner overlay from where you can select the actions to be taken. This can range from a simple IP check, to a permanent ban and removal of all content.

Note that banned users do not automatically show as being banned nor do they have any specific markup applied to their user name or title. Refer to the Discouraging and Banning section for further information.

- - - - -

This is perfect for moderators!

Regards,

Andre