XF 2.2 Xenforo 2.2.15 spam problem?

Sort by date Sort by votes
Gosh... it has been 6 years ago that I posted my last proper posting on this (still) fantastic platform 😊.

I can confirm that this week I have seen not only my own forum flooded with extraordinary amounts of spam, but also other forums. My forum (OMG... dare I say it? :X3:) is still powered by vBulletin 3.8. <hides self in the cellar>. Flooded. A company forum I am a member of runs on Circle, also flooded. It has by the looks of it nothing to do with a specific XF version, as people already pointed out.

But I was thinking exactly that what @beerForo was thinking, before I read his comment:

beerForo said:
It does seem to have been an unfortunate coincidence, but I think this is AI/ChatGPT bots cracking the Q&A in real-time. Something changed with the amount of spam as well as the amount of time a new Q&A is cracked, and the only thing I can think of is the days of human verification/list building is more a thing of the past, and the inevitable tipping point was this new wave.
Click to expand...
 
Upvote 0 Downvote
Chris D said:
Changing your Q&A questions may help.
Click to expand...
Making it possible to ask multiple questions (like was possible in VB) also improves a lot, unfortunately this is not seen here. But if you can create for example 15 different questions and can let randomly ask 3 for example, that would make a huge difference. And ofcourse change the questions after some time, or make the way they asked differently.
1 question like it's now, it's just too little.
 
Upvote 0 Downvote
As @Paul B points out, then you don't know which is compromised so you have to redo 15. I agree with Paul that one is best. And keep on top of it. If AI is answering these, you can try your best to tailor it to your audience/niche.
 
Upvote 0 Downvote
Two isn't a bad idea though. Then it's 50/50 they hit the correct one and it's easy to change two when compromised. But if it's AI answering then that doesn't even matter.
 
Upvote 0 Downvote
I never see spam. Here are three add-ons I have installed to control spam:

Snog's Mods & Ad-ons:
-Registraton spaminator (31 registrations prevented in the past 24 hours)
-Contact us log (47 contacts prevented in the past 24 hours)

Geoblock registrations 1.1.2: Uses Maxmind's Geolite2 Database
I have Geoblock configured with 10 countries denied registration, 6 countries approved for registration, all others are placed in moderation. With this configuration I rarely see any registration show up in the moderation queue. So the workload is nothing for our moderators.

I do not use any form of Captcha or Q & A.
 
Upvote 0 Downvote
GW2 said:
I never see spam. Here are three add-ons I have installed to control spam:

Snog's Mods & Ad-ons:
-Registraton spaminator (31 registrations prevented in the past 24 hours)
-Contact us log (47 contacts prevented in the past 24 hours)

Geoblock registrations 1.1.2: Uses Maxmind's Geolite2 Database
I have Geoblock configured with 10 countries denied registration, 6 countries approved for registration, all others are placed in moderation. With this configuration I rarely see any registration show up in the moderation queue. So the workload is nothing for our moderators.

I do not use any form of Captcha or Q & A.
Click to expand...

Yeah, I don’t have any registration addons or captchas/questions bs on any of my sites, and I’m spam bot free.
 
Upvote 0 Downvote
It is 100% is most likely unrelated however, I haven't had this many spammers attempt to sign up in several years, stop forum spam identified over 50 this week. All of it after this last update 🤷‍♂️
 
Upvote 0 Downvote
Mark87 said:
It is 100% is most likely unrelated however, I haven't had this many spammers attempt to sign up in several years, stop forum spam identified over 50 this week. All of it after this last update 🤷‍♂️
Click to expand...
Because I never see "spammers", the data I input to the StopForumSpam database is 99% related to "scammers"(an user attempting to defraud another user). The forum I administer provides a means for financial transactions to be conducted between forum users for the purpose of exchanging timeshare vacation opportunities. It is a magnet for scammers.
 
Upvote 0 Downvote
beerForo said:
then you don't know which is compromised
Click to expand...
It doesn't matter, if 1 is compromised when they are asked randomly, they must get lucky. So make it 3 out of 10. It's very easy to change 10 questions, but for the spammer makes the randomizing harder.
2 questions where 2 are asked is just of no or little use. It's much harder for them when questions are not the same every time or only 2, but if 2 (or 3) questions are asked which are always different because they are choosen randomized.
I've been with many forum software but random questions like we had in vB was the most effective ever. Very easy to replace if 1 is compromised and costs 0.
 
Upvote 0 Downvote
The best anti-spam solution is to use Cloudflare. The free option gives you free https and firewall at your DNS, so you can block all the bad stuff. Cloudflare WAF will stop 100% automated spam. To mitigate human spammers, use the XF systems to automatically moderate X. I have guest posting enabled, with average 25k uniques daily, and I get human spam maybe once or twice a week, and those still fall into moderation so nobody views them.

Spam is honestly not an issue nowadays when you use Cloudflare or such DNS firewall. Its free, and your DNS has to go through someone, so why not Cloudflare!

Set specific high countries, even every country if you want, to managed challenge which Cloudflare will automatically do in every browser session, and all known bots to skip all firewall rules. If a person is legit, there will be no captcha or such, just automatic checks and straight to your site. ASN blocking with Cloudflare is super easy, to wipe out private server entities hitting your site (scraping) that are not ISP users, ie. Amazon, pretending to be browser sessions.

My WAF as per below. Countries I have China, Russia and Hong Kong on managed challenge, others don't pose much issue as they're caught in regular Cloudflare settings, but you could certainly add them if you wanted. I have country specific sites where I block everything outside that country with one rule, known bots skip still... easiest controls around to manage sites at the DNS. When I first implemented ASN challenge, the first 24hrs was near 50k it blocked of rubbish traffic eating resources and pretending to be users.

Screenshot 2024-02-12 105726.webp
 
Last edited:
Upvote 0 Downvote
Anthony Parsons said:
The best anti-spam solution is to use Cloudflare. The free option gives you free https and firewall at your DNS, so you can block all the bad stuff. Cloudflare WAF will stop 100% automated spam. To mitigate human spammers, use the XF systems to automatically moderate X. I have guest posting enabled, with average 25k uniques daily, and I get human spam maybe once or twice a week, and those still fall into moderation so nobody views them.

Spam is honestly not an issue nowadays when you use Cloudflare or such DNS firewall. Its free, and your DNS has to go through someone, so why not Cloudflare!

Set specific high countries, even every country if you want, to managed challenge which Cloudflare will automatically do in every browser session, and all known bots to skip all firewall rules. If a person is legit, there will be no captcha or such, just automatic checks and straight to your site. ASN blocking with Cloudflare is super easy, to wipe out private server entities hitting your site (scraping) that are not ISP users, ie. Amazon, pretending to be browser sessions.

My WAF as per below. Countries I have China, Russia and Hong Kong on managed challenge, others don't pose much issue as they're caught in regular Cloudflare settings, but you could certainly add them if you wanted. I have country specific sites where I block everything outside that country with one rule, known bots skip still... easiest controls around to manage sites at the DNS. When I first implemented ASN challenge, the first 24hrs was near 50k it blocked of rubbish traffic eating resources and pretending to be users.

View attachment 298042
Click to expand...
Would you mind sharing with us (noobs) the Cloudflare ASN rule settings please?
 
Last edited:
Upvote 0 Downvote
If you take out Amazon, for example, then you will also remove a bunch of customers using those IP ranges: https://ipinfo.io/AS16509

So be careful what you're doing, depending on your site, location in the world, etc, and who you want at your site.

Adding an ASN in Cloudflare is the same as adding any line item:

Screenshot 2024-02-12 140849.webp

I break my stuff into how I want to manage things, but you can have one created instruction set and just keep adding OR rules to it providing the ACTION is the same, ie. I could break down my above into two used rules, instead of four, adding both into OR lines. THIS OR THAT, then SKIP. I have 5 rules, so I use them. Order matters, obviously. Just google how to do this in Cloudflare and there is numerous documentation and the CF community to ask for questions.
 
Upvote 0 Downvote
Anthony Parsons said:
If you take out Amazon, for example, then you will also remove a bunch of customers using those IP ranges: https://ipinfo.io/AS16509

So be careful what you're doing, depending on your site, location in the world, etc, and who you want at your site.

Adding an ASN in Cloudflare is the same as adding any line item:

View attachment 298047

I break my stuff into how I want to manage things, but you can have one created instruction set and just keep adding OR rules to it providing the ACTION is the same, ie. I could break down my above into two used rules, instead of four, adding both into OR lines. THIS OR THAT, then SKIP. I have 5 rules, so I use them. Order matters, obviously. Just google how to do this in Cloudflare and there is numerous documentation and the CF community to ask for questions.
Click to expand...
What I needed to know thank you very much
 
Upvote 0 Downvote
Anthony Parsons said:
If you take out Amazon, for example, then you will also remove a bunch of customers using those IP ranges: https://ipinfo.io/AS16509

So be careful what you're doing, depending on your site, location in the world, etc, and who you want at your site.

Adding an ASN in Cloudflare is the same as adding any line item:

View attachment 298047

I break my stuff into how I want to manage things, but you can have one created instruction set and just keep adding OR rules to it providing the ACTION is the same, ie. I could break down my above into two used rules, instead of four, adding both into OR lines. THIS OR THAT, then SKIP. I have 5 rules, so I use them. Order matters, obviously. Just google how to do this in Cloudflare and there is numerous documentation and the CF community to ask for questions.
Click to expand...
This is actually a core part of my signup abuse blocking add-on to block/moderate registrations by ASN. It is ridiculously effective at blocking a lot of spam.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

m0nty
  • Question Question
XF 2.2 Xenforo 2.2.15 on WPEngine
Replies
5
Views
150
m0nty
m0nty
Dzgsm
  • Question Question
XF 2.2 Spam problem
2
Replies
29
Views
1K
htsumer
htsumer
MichaelCS
Not a bug Paypal Payment Profile "Donation" type not working in Xenforo 2.2.15 (Feb 1st, 2024)
Replies
3
Views
298
mattrogowski
mattrogowski
T
  • Question Question
XF 2.2 Xenforo 2.2.15 & PHP 8.3
Replies
3
Views
182
briansol
B
unmöglichefirmen
Fixed Importing from xenforo 2.2.15 to 2.3.Beta 2 error
Replies
9
Views
610
Jeremy P
Jeremy P
Back
Top Bottom