XF 1.5 X4 Health10 spam problem

[HSP]

I have a very annoying spam problem on my forum. It signs up under X4 Health[NUMBER], confirm e-mail and writes a thread(spam). Each time I ban this user a new user signs up with the same username followed up with another number.

My forum:

• Use cloudflare
  I have put several countries under a challenge, under firewall
• Captcha during sign up
• Sign up e-mail confirmation
• 1st thread moderated

Please advice

 

[Martok]

Search the ACP for "User Name Validation" and put "health" in there to disallow any user names with that in them.

You said you use CAPTCHA but not which one. Switch to Question and Answer CAPTCHA if not using it already, if you are then change your questions.

Make sure you are using all of the settings in Options > Spam Management including a Project Honeypot key.

 

[HSP]

I've applied everything you said. Let's see what happen.

Bug:
I see when you enable Project Honeypot you have two radio buttons, I selected "Require the registration to be manually approved by an admin". I tested and I managed to sign up and use my account without approval. Back signing in with my admin account I see no notification of new user registration that needs to be moderated, or is this about when it detect an IP with bad reputation?

 

[Mike]

The context is explicitly when the IP is found using a DNSBL/project honey pot.

 

[HSP]

I have a new kind of spam, how do I stop it? I have about 2 fake registrations combined with threads such as this one.

 

[HSP]

?

 

[Mike]

Those aren't actually automated registrations believe it or not. They are very commonly humans, presumably getting paid to post this stuff. In some cases, if you look at logs, you can see them opening your site via a bulk "site opener" tool.

There's very little you can do to stop them registering (since it's driven by people) unless you can find specific, unique fingerprints for them vs your real users. Otherwise, you just need to deal with them in moderation via spam cleaning.

 

[HSP]

Thanks for the feedback Mike, however, the logs look empty to me. Is there a way I can block particular phrases in text and emails? Because it, he, or she improvised on the username blacklisted word x4health.

----edit---
I am going to try this out
https://xenforo.com/community/resources/block-spam-completely-with-no-addons.4065/

 

[Mike]

You can only block usernames the way mentioned earlier. You can block elements in the message using the "spam phrases" option.

 

[Alteran Ancient]

If the spam registrations are almost exclusively originating from a certain geographical location, e.g. Pakistan or China, and isn't a nation that would otherwise visit your website legitimately, you can enact a geographical block at the web server level. You can search the internets for how to do this, but here is one such example.

I was having similar problems, and managed to reduce my spam registrations down to just a trickle by doing this - the majority of my users are from the UK and Mainland Europe, so I wasn't inconveniencing any legitimate users. The remaining few were from Western IPs, but were easy enough for my team to use the Spam Clean tool on.

 

[HSP]

If the spam registrations are almost exclusively originating from a certain geographical location, e.g. Pakistan or China, and isn't a nation that would otherwise visit your website legitimately, you can enact a geographical block at the web server level. You can search the internets for how to do this, but here is one such example.

I was having similar problems, and managed to reduce my spam registrations down to just a trickle by doing this - the majority of my users are from the UK and Mainland Europe, so I wasn't inconveniencing any legitimate users. The remaining few were from Western IPs, but were easy enough for my team to use the Spam Clean tool on.

Thanks for the tip, unfortunately the IP geo varies. However, they are human registrations due the fact it improvise on my anti spam actions. For example I blacklisted particular phrases in username and suddenly the spam stopped using these usernames and use normal names instead.

 

[HSP]

So far so good!