Why are there so many spams here?

signal500 said:
whatever has been done hasn't helped. spam is still every where, it just seems to be getting cleaned slightly faster unless browsing between like 4am till 7am EST.
Click to expand...
I don't believe anything has been changed to xenforo other than banning suspected spammers early.
Tell you the truth, it doesn't even phase me anymore. I see it in the new threads. I no longer bother reporting it. Mods will remove them when they can,
I still don't know what ugg boots are. :)
 
I dont think they had the QA questions before, I could be wrong...

Anyway, the QA questions that are there are not very good, many of them need pruning

Ugg boots are clearly very popular with spamers :)

UK-Home-5991-05.jpg


Now I bet you want a pair... the power of advertising spamming :LOL:
 
Why can't we talk about the lawsuit? Is there anything else more important to Xenforo and its license holders?
 
tenants said:
I've just found that 7.5.28 and upwards has be trained against KeyCaptcha too, their current release is 7.5.31 (common CAPTCHA= bad, custom = good)..
As more people upgrade to the latest XRumer, I should imagine the effectiveness of people using KeyCaptcha will dwindled over the next few months, KeyCaptcha may need to update soon to stay on top of this (unless they already have).
Click to expand...
You have wrong information: XRumer can't go through KeyCAPTCHA. We are detecting it's attempts.
7.5.28 it's august's version, so KeyCAPTCHA users had enough time to say that it doesn't protect)
 
KeyCAPTCHA Team said:
You have wrong information: XRumer can't go through KeyCAPTCHA. We are detecting it's attempts.
7.5.28 it's august's version, so KeyCAPTCHA users had enough time to say that it doesn't protect)
Click to expand...

I've been using KeyCAPATCHA, and no spam bots have passed it. It's great! :)
 
KeyCAPTCHA Team said:
You have wrong information: XRumer can't go through KeyCAPTCHA. We are detecting it's attempts.
7.5.28 it's august's version, so KeyCAPTCHA users had enough time to say that it doesn't protect)
Click to expand...

The information is from XRumer, but they of course can lie..
Are you saying with 7.5.28 there was a phase where KeyCAPTCHA didn't work, but you updated to prevent this, or are you saying KeyCATPCHA never failed (since users never reported that it didn't protect them) so you never had to update?

From 7.5.28 they have started to target KeyCAPTCHA and they have been updating XRumer to target KeyCAPTCHA :
Their update in 7.5.30 (but not 7.5.31) also mentions KeyCAPTCHA :
Updated recognition algorithm of simple form KeyCaptcha
Click to expand...
http://ixrumer.com/general/38-xrumer-7.5.30-elite.html

Thankfully not everyone uses the newest versions yet, but now KeyCAPTCHA are being tagerted, this will mean KeyCAPTCHA and Xrumer have a fight ahead of them
as mentioned, I expect KeyCAPTCHA will need to keep updating to stay on top of this (I'm not saying you can't, I'm saying from 7.5.28 you've just entered the war where you are targeted).

I was surprised to see that, since I didn't think KeyCAPTCHA had become that common in use (compared to something like ReCaptcha)

XRumer is expensive, and not many have the latest version (this is possibly one of the main factors of not seeing many negative results), but as time goes by... this wont be so true...
Since KeyCAPTCHA has popped up on XRumers radar, I think KeyCAPTCHA will carry on being targeted in the future... Sadly I see the same war (continuous updates) for KeyCAPTCHA than I do for ReCaptcha... (Googles ReCaptcha also continuously updates, making it a hard target to break)

Once again, I'm not saying you can't stop XRumer, but I am saying KeyCAPTCHA are now being targeted and will need to keep updating to stay on top of this
 
A method I always use on my forums is to actually customise the registration form. On some boards I've done away with the default one all together and created a custom one - it's really not hard to do. This way, it's a non standard form with different field names.

The only true way to protect it would be to have a session key or something generated before the form loads, then each field is given a unique encoded name based on that key, this would prevent a bot picking up the form field names all together. The same could be done on all forms once logged in - you wouldnt even know it exists.

If you get creative, there are some very effective ways to stop the spammers.
 
RickM said:
customise the registration form
Click to expand...
!!!!

Got it.. you have become untargetable, if you can do this, do it!
No one is going to create a spam bot to target just one forum (it would be easier to manually register)

You will however, paint a big red spot on your site if you use common bot prevention mechanisms (they break and get fixed in waves, even with Googles vast amount of funding backing ReCaptcha updates, you will have phases where bots get through... like now)
 
tenants said:
Are you saying with 7.5.28 there was a phase where KeyCAPTCHA didn't work, but you updated to prevent this, or are you saying KeyCATPCHA never failed, so you never had to update?
Click to expand...
Our system can detect attempts and change algorithms, so no one version of xrumer was able to go through KeyCAPTCHA.
tenants said:
Their update in 7.5.30 and 7.5.31 mention KeyCAPTCHA :
Updated recognition algorithm of simple form KeyCaptcha
Click to expand...
You are right, he said this in 7.5.30, but in 7.5.31 there are no one word about KeyCAPTCHA. May be he gave up this idea?

tenants said:
Since KeyCAPTCHA has popped up on XRumers radar, I think KeyCAPTCHA will carry on being targeted in the future.
Click to expand...
We are developing protection system, and we know that not all like it and someone will try to break our captcha.
And we are not going to sit back.
 
RickM said:
The only true way to protect it would be to have a session key or something generated before the form loads, then each field is given a unique encoded name based on that key, this would prevent a bot picking up the form field names all together. The same could be done on all forms once logged in - you wouldnt even know it exists.
Click to expand...

There is one thing I would mention, I'm not disagreeing with you... It's just something I've noticed that this alone might not be strong in the long run

One of my bot prevent mechanism changes all of the fields names to UUIDs (it also hides lots of fields and detects bots that way). But simply changing the fields names might not always be enough, I've noticed there are a fair amount of bots (not a large %) that simply fill out all fields they detect.. they often fill it with garbage (so emails might not get validated... or other fields might not always get validated) ... but needless to say, changing the fields names alone might not work

a snippet from wiki:
XRumer by default fills in every password field on a page, including those that are hidden
Click to expand...
I have a feeling that some are simply filling every thing they run into
 
RickM said:
A method I always use on my forums is to actually customise the registration form. On some boards I've done away with the default one all together and created a custom one - it's really not hard to do. This way, it's a non standard form with different field names.

The only true way to protect it would be to have a session key or something generated before the form loads, then each field is given a unique encoded name based on that key, this would prevent a bot picking up the form field names all together. The same could be done on all forms once logged in - you wouldnt even know it exists.

If you get creative, there are some very effective ways to stop the spammers.
Click to expand...

I HIGHLY recommend the addons created by tenants. FoolBotHoneyPot does exactly what you describe. :)

Since he has released them there is no need to do all that stuff yourself. ;)
 
Would anyone be interested in testing a new Xenforo spam service?

It basically comes as an addon which checks all new registrations against our internal database and a selection of other sources (including StopForumSpam and CloudFlare) and advises whether or not the registration should be allowed. When you use the spam cleaner and ban a member, it reports it back to us as a spammer. For every forum using the service, it becomes stronger. :)

If you are interested, drop me an email: dan@block8.co.uk
 
Dan Cryer said:
Would anyone be interested in testing a new Xenforo spam service?

It basically comes as an addon which checks all new registrations against our internal database and a selection of other sources (including StopForumSpam and CloudFlare) and advises whether or not the registration should be allowed. When you use the spam cleaner and ban a member, it reports it back to us as a spammer. For every forum using the service, it becomes stronger. :)

If you are interested, drop me an email: dan@block8.co.uk
Click to expand...

Your the same Dan Cryer that works for IPB Right?
 

Similar threads

Stuart Wright
  • Solved
XF 2.2 Lots (and lots) of bounces for the same user. Why?
2
Replies
32
Views
1K
Alpha1
Alpha1
KhanTastic
  • Question Question
XF 2.2 Does XF has a default robots.txt file?
Replies
4
Views
387
KhanTastic
KhanTastic
Mr Lucky
  • Solved
XF 2.2 Why can't I merge these two posts?
Replies
10
Views
798
Mr Lucky
Mr Lucky
Jakkal
  • Question Question
VBulletin 5.x to Xenforo Question
Replies
4
Views
339
MySiteGuy
MySiteGuy
KhanTastic
  • Question Question
XF 2.2 scheduled jobs outstanding Error in side admin panel
Replies
4
Views
246
KhanTastic
KhanTastic
Top Bottom