XenForo includes a suite of tools designed to prevent, combat, and manage spam.
There are several tools that can be used to prevent spammers from registering. These can all be found in the User Registration options.
- The StopForumSpam database can be checked. This is a collaborative databased used by thousands of forums to prevent known spammers from registering. The integration behavior is tunable based on the confidence of the database result. If you register and request a StopForumSpam API key, you can submit spam information back to StopForumSpam whenever you ban a spammer using the spam cleaner.
- Check one of several DNS block lists, such as the Tornevall DNSBL. These simply check the IP of the user registering against known spam IPs and takes an action against them.
- Setting a Registration timer. This is a weak defense against spam, but it can catch out some automated scripts and prevents them from submitting the forms too quickly. Setting this value too high may affect human users.
A spammer may manage to bypass the automated registration checks and successfully register. A second line of defense can be added to prevent them from submitting their spam content. These options are found in the Spam Management option group.
- Spam phrases can be defined. If any of a user's first few messages matches theses phrases, an action can be taken. For example, some spammers submit messages with "watch film name online". We can match that with "watch * online" and simply block the message.
- For more dynamic content matching, Akismet can be checked. This is a service that uses heuristics to determine if the submitted content is spam. If Akismet thinks the content is spam, the content will be placed into your forum's moderation queue and you will need to manually approve (or delete) the message before it is displayed to normal visitors.
There are two CAPTCHA systems available, only one of which can be used at any one time. They work by requiring visitors to carry out tasks that are difficult for machines to perform in the case of ReCAPTCHA, or answering specific questions for the Question & Answer CAPTCHA.
If you decide to use the XenForo question and answer CATCHA system, you will need to define a set of questions and answers which visitors will have to answer correctly when registering or posting messages, if guest posting is allowed. This can be done by clicking on Question and Answer CAPTCHAs in the Tools section of the Admin control panel.
The spam cleaner
XenForo includes a tool for use directly on user-generated content, called the spam cleaner. Its purpose is to quickly and efficiently deal with any spam that has been posted to your forum with just a few clicks.
Content that is eligible for spam cleaning will have a Spam link near its normal Edit and Delete controls.
Configuring the spam cleaner
- Log in to the Admin control panel.
- Click on Options from the Options / Setup section of the navigation panel.
- Select the Spam Management group from the list.
There are several sections on the resulting page which work in conjunction to help keep your site free of unwanted visitors and content.
- The spam cleaner can be made available for use on members, based on message count, elapsed days since registering, and the number of Likes that member has received. This is configured via the Spam Cleaner User Criteria option.
- For any members who do not meet the criteria, by having a higher message or like count or having been registered for more days than the set limit, the spam cleaner will not be available. It will be necessary to increase the values to make it available for those members.
- The default options control which checkboxes are already selected when running the spam cleaner. The checkboxes can be selected or deselected each time it is run, regardless of the settings here.
- The actions to be taken with affected threads and messages include being able to permanently delete them, remove them from public view, and in the case of threads, move them to a specific forum.
- The default email text entered here can also be edited each time the spam cleaner is run.
- The IP check will return any matches from other members, for the past number of days specified.
To make the spam cleaner available at all times for all content regardless of its author or age, set all three Spam Cleaner User Criteria options to 0.
Using the spam cleaner
To use the spam cleaner, a user must have the appropriate spam cleaner permission enabled. This can be done by way of user group or user permissions, as explained in detail in the Permissions section of this manual.
The spam cleaner itself can be run from several locations:
- On a thread or profile post by clicking the Spam link near the Edit and Delete controls.
- On a member card by clicking the Spam link which overlays the avatar.
- On a profile page by clicking the Spam link in the Moderator Tools menu.
Clicking any of those links will result in a Spam Cleaner overlay from where you can select the actions to be taken. This can range from a simple IP check, to a permanent ban and removal of all content.
Restoring deleted content
If you wish to restore any deleted content as a result of using the spam cleaner, you can do so using the Restore option.
- Open the Tools section of the admin control panel.
- Click on Spam Cleaner Log.
From here, you can review all content that has been deleted by the spam cleaner, and restore it selectively if you so choose, by clicking on the Restore link for the member in question and then the Restore Data and User Status button.
It is not possible to restore content which has been permanently deleted.
This video shows the spam cleaner in action.