LawsHosting
Verified User
I think something needs to be changed to eliminate these periodic spam accounts here..... Just a hunch I have.
Spam brah!
- Thread starter LawsHosting
- Start date
pmjcreations
Verified User
- Joined
- Jul 3, 2019
- Messages
- 119
The mods are going to have a headache; the sp@m here is countless
- Joined
- Aug 30, 2021
- Messages
- 1,084
Yes there was a new wave of spammers registering, thanks for reporting. Previously most of the spam was in user profile page. We have updated forum settings do not show user profiles for search crawlers. Seems they have switched tactics to mass posting now.
We will see how it goes. It could be once off problem, o a new loophole for xenforo software
. Right now we:
We will see how it goes. It could be once off problem, o a new loophole for xenforo software
. Right now we:- use hCaptcha for user registration
- check registering accounts against stopforumspam.com (and report back any spammers we block)
- use CleanTalk plugin, so far seems to perform poorly (allowed all the messages in this wave)
Richard G
Verified User
Problem is that all the captcha's can be easily bypassed unfortunately. I use hcaptcha on my forums too.
I asked for questions, but Xen is only asking 1 question random, while 3 would be more appropriate, less chance a robot will get it right. But they didn't see the benefit of it.
Using Stopforumspam too is a very good choice.
Other tip: Set the minimum registration period by setting the registration timer for example to minimal 15 seconds or something like that so automatic bots can't fast register.
Als use the Check DNSBL on registration option and enable the "project honeypot Key".
Also I would set the "Moderate registrations when this many warning flags are detected:" at 1 and not higher. You will be glad you done this afterwards.
Bit of more checking to do but that is easily done and fast to do.
- Joined
- Aug 30, 2021
- Messages
- 1,084
Thanks @Richard G. We already have registration moderation flag threshold at 1 and DNSBL checks. However we were not using Project honeypot. I assumed it is mostly concerned with email spam. Enabled project honeypot integration now, will see how it works.
Richard G
Verified User
I presume you use invisible captcha? Hmmz.. still seems to come through or they are manually logging in.
We operate xenforo forums too
And go recently issues with ai spam we switched from cloudflare captcha to recaptcha to hcatpcha before we manage to significantly reduce spam
Version 2.3 is up now I hope it handles it better
also add stop forum spam plugin or just blocked the ips from csf
And go recently issues with ai spam we switched from cloudflare captcha to recaptcha to hcatpcha before we manage to significantly reduce spam
Version 2.3 is up now I hope it handles it better
also add stop forum spam plugin or just blocked the ips from csf
Last edited:
LawsHosting
Verified User
Damn, does this mean there would be a paywall behind the forum introduced if this can't be sorted?!
<Yes, tongue-in-cheek - couldn't help myself, sorry>
<Yes, tongue-in-cheek - couldn't help myself, sorry>
EthernetServers
Verified User
- Joined
- Dec 5, 2020
- Messages
- 141
Yes there was a new wave of spammers registering, thanks for reporting. Previously most of the spam was in user profile page. We have updated forum settings do not show user profiles for search crawlers. Seems they have switched tactics to mass posting now.
We will see how it goes. It could be once off problem, o a new loophole for xenforo software
If the trend continues maybe a forced approval of registrations or approval of first messages is a way to go. Ideas or suggestions are welcome.
- use hCaptcha for user registration
- check registering accounts against stopforumspam.com (and report back any spammers we block)
- use CleanTalk plugin, so far seems to perform poorly (allowed all the messages in this wave)
However, I do notice that a spam bot registered 55 minutes ago: https://forum.directadmin.com/members/leididonna.90688/#about
In my experience, a lot of these bots register, set up a profile and then wait a few weeks before posting spam.
EDIT: Nevermind, I spoke too soon.
@fln one thing I notice is that the phone number 27836216186 and 27 64 828 8054 was mentioned in yesterday's spam, as well as today's.
So I'd suggest creating a filter with those keywords to block those posts: https://xenforo.com/docs/xf2/spam/#content
Last edited:
EthernetServers
Verified User
- Joined
- Dec 5, 2020
- Messages
- 141
Until they are cleaned, you can go to https://forum.directadmin.com/members/babajuma02.90699/ and https://forum.directadmin.com/members/howtoget.90694/ and hit the "Ignore" button which will hide all their posts.
Richard G
Verified User
If ip's are similar, one could also consider netblocks. Often this is from dedi's of VPN's so shouldn't be an issue blocking those.
there is stopforumspam where other forums when joined - when banning / using clean up with Spam button are reporting IPs emails, user name...
and it works on user registrations like rbl all got there is put on hold
Xenforo supports that and it is free to join and get api key https://www.stopforumspam.com/
We use that on a forum that is larger than directadmin one (which is niche forum for the panel only that is why it is smaller) - we get a lot more spam atemts
there is also lazy way to use it in csf in the bottom where block list are just enable stop forum spam ip blocklistm, but with enabled API moderators will contribute to making all forums environment more spam free
and i think we used also somthing to block posts with links if user is new - but go to ask my business partner what is
About question we tried simple math 4 x 3 etc but instead of x letter we used Cyrillic letter х that look the same to confuse the bots but spam continues - which leads me to the conclusion it is some poor human involved in the spam operation (solving captchas) or they use visual recognition
and it works on user registrations like rbl all got there is put on hold
Xenforo supports that and it is free to join and get api key https://www.stopforumspam.com/
We use that on a forum that is larger than directadmin one (which is niche forum for the panel only that is why it is smaller) - we get a lot more spam atemts
there is also lazy way to use it in csf in the bottom where block list are just enable stop forum spam ip blocklistm, but with enabled API moderators will contribute to making all forums environment more spam free
and i think we used also somthing to block posts with links if user is new - but go to ask my business partner what is
About question we tried simple math 4 x 3 etc but instead of x letter we used Cyrillic letter х that look the same to confuse the bots but spam continues - which leads me to the conclusion it is some poor human involved in the spam operation (solving captchas) or they use visual recognition
Last edited:
Richard G
Verified User
DA has this active already (second point in post #5). It's one of the best to use against spam indeed.
Might be the option below. Because as far as I know there is no addon for this yet, only option is to disallow links in signatures. Not sure if this is improved in 2.3.
@fln you might want to also check this one, very easy to do:
Restricting member links by post count
I notice I am getting some members who are getting a bit link happy. For example, new members dropping links in their profile. Can I restrict profile links by post count? Also, in the signature, some have 3 links. Can I also restrict that by post count?
xenforo.com
You can set this for the newly registered usergroup, if they post links then the posts need to be approved if the user has less than x amount of posts.
This could also prevent most of the post to become visible at least.
And then set the x amount to the level in which they will get the registered/regular status anyway for example.