1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What's The Best Spam Protection Measures?

Discussion in 'Forum Management' started by DRE, Jul 31, 2013.

  1. DRE

    DRE Well-Known Member

    What's the best spam protection measures that you have taken for your Xenforo forum? As I mentioned in my Paid Request thread I need bot protection, of which I had been looking at Incapsula's free plan and am wondering if that would be a good idea to use especially since there already is a Xenforo Resource about it. I'm moving my site over to a new host because my site has been getting aggressively indexed by Baidu search engine spiders. This indexing by the Chinese search engine is using up the site's resources and bandwidth of which I do not have much of since I am on shared hosting. I've looked at the various addons and am wondering if I should get either sonnb Stop Spam Here, which is advertised as a total spam protection tool or Tenants Anti Spam Complete Collection. Do you use any kind of cdn service for bot protection and have you used those spam protection addons? How do they compare? They seem to be about the same.
  2. Bram

    Bram Well-Known Member

    Why not block the baidu spiders via a robots.txt file?

    We suffered a lot from bots that registered last year but since having a human verification questions havent seen a single post :) (fingers crossed)
    Last edited: Jul 31, 2013
  3. DRE

    DRE Well-Known Member

    These bots are ignoring my robots.txt file.
  4. Bram

    Bram Well-Known Member

    Try adding this to robots.txt. Should help!

  5. Alfa1

    Alfa1 Well-Known Member

  6. Bram

    Bram Well-Known Member

    Jikes i am with you @DRE. Now i have upgraded my forums and this nice little Spider thingy is visible in the whois online box I see that Baidu seems to love our forums as well. Not sure if that love is mutual as we hardly receive any traffic from China.
    DRE likes this.
  7. xIsabel38

    xIsabel38 Well-Known Member

    I always thought Spiders (not those yucky kinds) were a good thing for your website.
  8. DRE

    DRE Well-Known Member

  9. Alfa1

    Alfa1 Well-Known Member

    Not if they scrape/ download your website, suck up your bandwidth & server resources, scan for security vulnerabilities, automatically register thousands of spam accounts, use your content to copy it to other sites and compete with you over it, etc. etc.
    The use of bad behavior anti spam has saved me a lot of headaches and money.
  10. MattW

    MattW Well-Known Member

    Tracy Perry likes this.
  11. dvsDave

    dvsDave Well-Known Member

    I use a well-maintained ip block list, it has cut down the number of spammers knocking on my door by quite a bit. I have a month subscription to a service that keeps an updated list of IP addresses by country and consolidates the IP's into the smallest list possible. If you are interested in this list, please send me a PM. I would be happy to share if you are willing to help me defray my monthly costs on this. I used to get a lot of login attempts on my WHM/cpanel from greece, of all places. I used this service to block the whole of greece (I have no legit users from greece) and most of the login attempts have stopped. I still get some, but the vast majority of attempts have stopped.
    msolano likes this.
  12. RoldanLT

    RoldanLT Well-Known Member

    Built in feature should do.
  13. Anthony Parsons

    Anthony Parsons Well-Known Member

    I have used both, and Tenants is the winner by far.

    Spam is easy to combat now. You only need three things installed to wipe out 99.99% from your Xenforo site:
    1. KeyCaptcha correctly installed to cover all elements of contact, login and password recovery.
    2. Tenants foolbothoneypot. Turn off all the default XF stuff... just use FBHP and nothing else.
    3. Tenants human spam prevention. It stops all manual spammers in their tracks across your forum elements. You will need to adjust to your board, though it wipes it all out when done right.
    Everything else is a waste of time and space now. You can use Jaxels xenutiles spam for an after thought, and run that once a month to see if anything got through by the 0.01% the above would miss.

    As for Baidu, there are some inventive htaccess and other solutions to block them. As you don't run your own server, IP blocking via firewall is out, so htaccess it is. You can block them by IP or.... try something along the lines of:

    SetEnvIfNoCase User-agent “Baidu” spammer=yes
    SetEnvIfNoCase User-agent “Yandex” spammer=yes
    SetEnvIfNoCase User-agent “Sosospider” spammer=yes
    <Limit GET PUT POST>
    order deny,allow
    deny from env=spammer
    Within the top of your htaccess...

    As spammers often cloak their behaviour as baidu, which is why it gets such a bad rap, you can use something like:

    RewriteEngine On
    RewriteCond %{HTTP_USER_AGENT} ^Baiduspider.* [NC]
    RewriteRule .* - [F]
    dvsDave and DRE like this.
  14. DRE

    DRE Well-Known Member

    Thank you Anthony Parsons. Your posts reads like a paid consultant wrote it so I'm really honored. I have a managed VPS with root access so I basically run my server now. Thank you for the htaccess rewrites.
    Last edited: Aug 27, 2013
  15. DRE

    DRE Well-Known Member

    Alright I was really unsure about buying @tenants TAC addon but @MattW and @Anthony Parsons gave it rave reviews. Just waiting for my account to be upgraded so that I can install it. I also want to buy StopBotResources due to the following posts.

    MattW likes this.
  16. MattW

    MattW Well-Known Member

    I'm using the full TAC collection, and it's very well done, and a credit to @tenants coding ability.
    Tracy Perry likes this.
  17. tenants

    tenants Well-Known Member

    Waiting where?

    There should be no waiting on SurreyForum. As soon as you upgrade (this is automated), you have access to download it (and the latest individual updates)
    DRE likes this.
  18. John L.

    John L. Well-Known Member

    It's really interesting, but we have an unintended security measure. We created a plugin called "Simple Rules" which displays the rules for our forum. What this does is give users who have not agreed to our rules a usergroup we specified which does not have the ability to do anything unless they read the rules and click "I agree". I have it on both of my personal forums and even though we get spammers who sign up, they can't do anything at all since they don't have the ability to.

    So every few days I do a mass user update by finding all users who have the usergroup we set up and delete them :).

    Hopefully that gives some other people some ideas.
    DRE likes this.
  19. RoldanLT

    RoldanLT Well-Known Member

    unless they read the rules and click "I agree"
    Is there any addon available for this kind of feature?
  20. John L.

    John L. Well-Known Member

    None to my knowledge. I'm surprised it hasn't been requested. It was a pretty popular vB plugin called Cyb Advanced Rules which worked similar (but with many more features that I didn't need). We just created a little sloppy plugin to do this. Nothing release quality since our focus is Simple Forms and our new project.

Share This Page