Why are there so many spams here?

If you have "Forum software by XenForo" in your footer, there is a good chance you are already on lots of their list

They've listed lots XenForo boards just by slurping forums out from a Google query, they have more than 30K XenForo boards in the core last I checked (don't quote me on that, I'm just going from memory...). I don't believe the core list is public, you'll need to p2p download buy the latest version of Xrumer.

Do go on these spammer SEO boards, they give a lot of useful information on how Xrumer works...

There's not a whole deal you can do if you are on the lists, the best thing I did when buying the XF is make sure I paid for the unbranded version, this at least gave me a head start while I created some anti-spam plug-ins... but once you are listed, you are listed... assume you are ( even though I am unbranded, I'm fairly certain I'm on a lot of lists now).

There is not much point in getting a hold of these lists, there are many of them, and if you are getting hit hard, there is a good reason for it...
 
Slavik said:
Mike made some changes today to hopefully stem the tide of spambots, but the ones that registered prior to this may still be posting for a few days... hopefully after that it will trickle off to nothing.
Click to expand...

What sort of changes were made?
 
It has been said before..... The staff and development is doing all they can, when they can, and as allowed at this time.

I believe they're doing a good job.
 
Dean said:
That is because I have been banning all accounts today that look like they might be spammers.

The situation is, what it is.
Click to expand...
How is that working for you?
Capture.webp
 
tenants said:
They've listed lots XenForo boards just by slurping forums out from a Google query, they have more than 30K XenForo boards in the core last I checked (don't quote me on that, I'm just going from memory...). I don't believe the core list is public, you'll need to p2p download buy the latest version of Xrumer.
Click to expand...

This is the Xrumer list someone here uploaded 3 months ago into a thread, which got deleted unfortunately.
 

Attachments

I think that might be a personal list, not the core (there are lots of these going around and getting shared, there is actual a forum dedicated to them: getlinklist)... I'm fairly certain the core list is a bit bigger, I might be wrong, I just remember 30K from somewhere, but 8k for XenForo alone is fairly sizeable, although I think sharing this list isn't doing any forum owners any favours. I wouldn't share any more of these lists, there's not much point, you generally know if you are on someone's list

But hey, I'm listed on this one...

I've just found that 7.5.28 and upwards has be trained against KeyCaptcha too, their current release is 7.5.31 (common CAPTCHA= bad, custom = good)..
As more people upgrade to the latest XRumer, I should imagine the effectiveness of people using KeyCaptcha will dwindled over the next few months, KeyCaptcha may need to update soon to stay on top of this (unless they already have).

I don't really want to post links to blackhat sites here, it's not the done thing, but it's good to know your enemy so you know how to beat them
 
I know my site has been on the spam lists for some time.

My Q+A has not let a single one through so far :)
 
tenants said:
I think that might be a personal list, not the core (there are lots of these going around and getting shared, there is actual a forum dedicated to them: getlinklist)... I'm fairly certain the core list is a bit bigger, I might be wrong, I just remember 30K from somewhere, but 8k for XenForo alone is fairly sizeable, although I think sharing this list isn't doing any forum owners any favours. I wouldn't share any more of these lists, there's not much point, you generally know if you are on someone's list

But hey, I'm listed on this one...

I've just found that 7.5.28 and upwards has be trained against KeyCaptcha too, their current release is 7.5.31 (common CAPTCHA= bad, custom = good)..
As more people upgrade to the latest XRumer, I should imagine the effectiveness of people using KeyCaptcha will dwindled over the next few months, KeyCaptcha may need to update soon to stay on top of this (unless they already have).

I don't really want to post links to blackhat sites here, it's not the done thing, but it's good to know your enemy so you know how to beat them
Click to expand...

For our site they have various subdomains that don't actually exist, like wwwwww., wwwn., mobile., etc. I assume they get their list from some kind of search engine dump.
 
Slavik said:
I know my site has been on the spam lists for some time.

My Q+A has not let a single one through so far :)
Click to expand...



Good QA's ;)

The problem is, QA's are starting to become common, particularly since common CAPTCHA are failing, people are turning to it as their only core resort. So QA's are becoming a target, and they are very easy to extract and learn from.

Some QA's aren't bad at stopping bots right now (against users that arent using the latest XRumer), but how a lot of people have used QA's is terrible
Common "baby" questions, and simple logic / maths questions are out of the window, don't even bother, bots can pass these

"What colour are ripe bananas" is very poor though! I can't imagine there is a modern bot that can not pass that QA

QA's are good (for now) as long as you use a very unique question where the answer can not be found using a search engine,
and then you also update them regularly to avoid people adding your QA to their personal textcaptcha.txt

I would also avoid using QA's where the answers contains any part of your URL (this is how I imagine most people are evolving their QA's and it's a very simple set of parameters for a bot to pull out and use ... expect it to be used in the near future).

The QA should also be easy to pass for your human target audience (that's very important to keep in mind)

For instance, if XenForo wasn't popular, you might think a good question would be something like
"what type of software does XenForo sell (begins with F)"
The hit list of objects stating with F is fairly large (so that's good).

However, unfortunately for XenForo, because it is popular, querying that with something like Google will result in a good small sample list for Xrumer to attempt (many of the results returned contain the target keyword) ... and XenForo also use this keyword quite a lot

But if you own a forum where that type of related query does not return the correct answer, then you have yourself a good QA to use

You've just got to be imaginative (which is the hard part of creating QAs)

Using lots of QA's you might think is a good idea... but that's not necessarily true. Think of it this way, how many times will a bot attempt a QA set and give up. There is no limit for a bot, they can keep trying until it finds the weak question in the set... So prune out any weak questions and have a small set of strong questions that you then update.

3 Strong questions is much better than 10 Strong questions + 1 weak one
 
Duce said:
But the good thing about Q/A, as opposed to reCaptcha. Bots can never really crack Q/A, not like they can reCaptcha. Simple because no two sites will use the same questions and answers like ReCaptcha uses same method across all sites (so can target them in mass numbers). Which is the spammers aim, target same XenForo sites all using reCaptcha cracked.

They can't do that with Q/A, because one site will use different Answers from another. That's why it's works well and causes a problem for spam bots. Plus, even if you get hit with spammers getting in, it's a simple case of changing your Q/A to something new asked.
Click to expand...


The latest versions of XRumer learns from QAs, queries QA's and has the abilty for users to put QA answer into a text file

For now, ReCaptcha is broken, it's easily solved.. (but Google does make frequent updates).
I would say neither of these mechanism are good long term bot avoidance strategies, they are only short term wins (as ReCaptcha has show, and QA's are starting to show)

The good thing about QA is that it is custom,
The bad thing about QA is that the text is incredibly easy to slurp out and then use as a parameter for querying / answering with a know set of QA answers

Bots do not per-se crack the QA's, they query the QAs, use simple logic, or the XRumer user updates a text file and enters that QA so it passes it next time (this can then be added to the core / shared with other XRumer users) ... the more QAs there are... the better XRumer eventially becomes, it is in it's learning phase

If however you use a question that is has different answers depending on the site you use it at, it becomes a little trickier to learn from (the QA list then also has to be relevant to each site). So custom QA's where the Answer to the question depends on the site you visit isn't bad.. but keep in mind a bot will attempt the answer more than once (so a list of potential answer from queries might get through this)

To re-quote, just in case you haven't seen this before:

The software is also able to gather and decipher artificial intelligence such as security questions (i.e. what is 2+2?) often used by forums upon registration. Since the latest version of XRumer, the software is capable of collecting such security questions from multiple sources and is much more effective in defeating them.
Helper program Hrefer is also included. This software is used to automatically parse results from search engines including Google, Yahoo, Bing and Yandex for forums and blogs that can then be used as a target list for the main XRumer application.[citation needed]
According to The Register, as of October 2008, XRumer can defeat CAPTCHAs of Hotmail and Gmail.
Click to expand...
http://en.wikipedia.org/wiki/XRumer

Those who read topic "How to teach Xrumer to new text captcha" – know that our software is able to pass such protection like “What is current year?”, “2+2=?” etc.
Who didn’t read this topic we recommend to read it:
In that topic is described how to train XRumer to new protections by editing textcapctha.txt. With release of version 7.07 this process becomes easiest. Also is created mechanism of collective teaching of text CAPTCHA. That means all results of training are stored on our server and after are distributed to all our customers. Due to this system success rate is increased.
Click to expand...
http://ixrumer.com/xrumer/

But, in good news... not everyone is using the latest version of Xrumer yet, and it's fairly costly
In bad news, they eventually will
 
Duce said:
You don't use Q/A that can searched out in Google.
Click to expand...
I do not use QA at all, not using answers that can be easily queried will work for a while, but this doesn't stop the textcapctha.txt building up overtime to eventually answer your QA

I use my own custom Image CAPTCHA CustomImgCaptcha .... these custom CAPTCHA are easy to manage, and I'm given stats of how many humans pass/fail them and how many bots pass/fail them (with the aid of FoolBotHoneyPot).. this makes it very easy to prune, if I ever need to.

Since bots (or Artificial Neural Networks/OCR) are not at the point of identify objects within an unknown image particularly well, this is a fairly long term technique (until public ANNs are more powerful). The images I use are often merged with a background, but still easy for a human to identify, the questions are within the image, making it hard for the bot to slurp out the Question / Answer. If a binary comparison is done, and this data is shared, then it is time to change the image set (this would be hard work for the Xrumer users to keep doing this, however, I can imagine a similar future mechanism to textcapctha.txt, but many images are fairly large to use on a central db in comparison to txt, and it's very easy to upload a new image ).. Since everyone can customise there own set, the job of identifying every image to match it to an answer becomes incredibly difficult... you do not need to use this plugin to do this, also see: http://xenforo.com/community/threads/how-i-stopped-spam-bot-registrations.39307/

FoolBotHoneyPot uses a custom registration page (every field name is changed to a unique uuid, so the fields "email/name/password" no longer exist as part of the fields a human would enter, but a bot would (since they are hidden)... this will not last forever, bots will learn to detect hidden fields, even if I have used various techniques, what is hard for the bot is identifying which field is a password and which is a username / email etc.. since the fields are all renamed

StopCountrySpam gets rid of its fair share of human spammers when picking the suspect countries (but not everyone can ban an entire country)

and then there is also the StopForumSpam technique which is comming in XenForo 1.2, this gets rid of many known bots, but does nothing for unknown bots, quite a few bots are know, XenUtiles makes use of the StopForumSpam technique as does sonb Stop Spam Here

See also: http://xenforo.com/community/resources/dealing-with-forum-spam.980/
 

Similar threads

Stuart Wright
  • Solved
XF 2.2 Lots (and lots) of bounces for the same user. Why?
2
Replies
32
Views
1K
Alpha1
Alpha1
KhanTastic
  • Question Question
XF 2.2 Does XF has a default robots.txt file?
Replies
4
Views
391
KhanTastic
KhanTastic
Mr Lucky
  • Solved
XF 2.2 Why can't I merge these two posts?
Replies
10
Views
800
Mr Lucky
Mr Lucky
Jakkal
  • Question Question
VBulletin 5.x to Xenforo Question
Replies
5
Views
399
Suzanne O
Suzanne O
KhanTastic
  • Question Question
XF 2.2 scheduled jobs outstanding Error in side admin panel
Replies
4
Views
248
KhanTastic
KhanTastic
Top Bottom