XF Spam Mitigation

Discussion in 'XenForo' started by Mouth, Jul 26, 2018.

  1. Mouth

    Mouth Enthusiast

    181
    93
    +95
    XenForo.com/community seems to be regularly spammed these days, seems at least a couple of times a week it's been spam attacked before mod cleaning occurs.

    Are the core/in-built spam registration and posting counter measures falling behind? Or are Xenforo.com just being particularly targeted (or lax/allowing in deployment of their core counter measures)? What are other XF 2.0 sites using for their anti-spam measures? Are the core features working well, or are you having to utilise add-ons? If the latter, which one(s) are you using?

    Screen Shot 2018-07-26 at 14.15.54.png
     
    Last edited: Jul 26, 2018
    • Also Wondering! Also Wondering! x 1
    • List
  2. maszd

    maszd Aspirant

    12
    8
    +10
    working well here, iam use question answer feature ;)
     
    • Like Like x 1
    • Agree Agree x 1
    • List
  3. eva2000

    eva2000 Habitué

    1,664
    857
    +716
  4. Mouth

    Mouth Enthusiast

    181
    93
    +95
  5. eva2000

    eva2000 Habitué

    1,664
    857
    +716
    Yeah probably not until techpowerup forums move to xf2 i suspect. One of the many addons i am waiting on for my xf2 upgrade plans.
     
    • Agree Agree x 2
    • Informative! Informative! x 1
    • List
  6. Mouth

    Mouth Enthusiast

    181
    93
    +95
    So the only available XF2 add-on to to assist with spam mitigation is a paid subscription service?
     
  7. haqzore

    haqzore Habitué

    1,734
    322
    +925
    Ugh. You do not need an add-on to combat spam.
    I can only share my experience, but it spans over a decade of admining multiple sites with near perfect success in combating spam.


    Good Q&A captcha is all you need.

    Other captchas are garbage. It's not a matter of "if", only "when" the next crop of bots will bypass the latest captcha.
    Email validation does nothing for spam avoidance. Bots have been able to click email links for decades.
    At their best, neither of these work. At their worst, they inconvenience & deter users.

    Trying to be totally honest here... I average 2-3 spam registrations per year, total, across multiple sites running multiple platforms. Maybe less?

    I only use Q&A captcha.
    I never validate emails.
    I use no other captcha and have never once used a "spam add-on".

    I really recommend a site-relevant Q&A (NOT something a bot can decipher, like "What is 1 + 1?").

    Spam is simply a headache I don't have... And posts like this make me wonder if I'm missing something? Am I just crazy?
     
    • Agree Agree x 4
    • Like Like x 1
    • Informative! Informative! x 1
    • List
  8. Kevin

    Kevin Oooh, something shiny!

    3,286
    912
    +1,033
    No, you're not crazy, you just don't try to make a big deal out of something minor. It seems lately that on each of the seldom occasion that the XF.com forums do get hit with a spammer & nobody is around to immediately clean it up that somebody comes running over to TAZ.
     
  9. Joeychgo

    Joeychgo TAZ Administrator

    6,646
    1,532
    +3,334

    I agree completely. I also admin multiple big boards and spam isn't an issue for me. I don't use a bunch of add ons, I use the built in Q/A

    Exactly. I use questions that are easy if your familiar with the site topic.


    .
     
  10. Bionic Rooster

    Bionic Rooster Adherent

    251
    87
    +181
    I would say so, I don't have any problems like this with 1.5
     
  11. zappaDPJ

    zappaDPJ Administrator

    6,267
    1,212
    +4,662
    I agree, that's what I do and I rarely get hit by spam.
     
  12. eva2000

    eva2000 Habitué

    1,664
    857
    +716
    That's probably why you're not experiencing a problem - not much spam to begin with. TPU Spam detect addon for me has blocked 100s of spam registrations and logs them all for viewing even if they never made it past the registration stage.
     
  13. Mouth

    Mouth Enthusiast

    181
    93
    +95
    I've heard that the spambots flag sites they're unable to spam, then humans come along and spend a few mins retrieving all the questions and giving the bot the answers, which is then synchronised to all spambot owners. Maybe they only do it for large and/or valued sites? But of course an admin using Q&A would probably just change the questions if they were spammed.
    The latest release of the most popular spambot advertises; "Significantly increased success rate with XenForo (registration, creation of topics, reply to existing ones, etc.)". Maybe this has something to do with it?
     
  14. Joeychgo

    Joeychgo TAZ Administrator

    6,646
    1,532
    +3,334
    That's why you use site topic specific questions.

    For example.. If you run a NFL fan forum you might have as a question: What is the name of the Chicago Football Team?

    You also run several questions.

    If you do get a few spam registrations, you check in XF tools to see what question they answered, and just change that question.

    I do also use the built in Stop Forum Spam detection. Apparently, it either doesn't help much of XF.com isn't using it.
     
  15. haqzore

    haqzore Habitué

    1,734
    322
    +925
    Not sure what you mean.

    I don't think you have to have spam to get spam... It all starts somewhere? One phpBB/XF/IPS is the same as another phpBB/XF/IPS out of the box.

    I have installed scripts and left them for a few days before I got back to them. Sometimes the spam was nearly immediate before I got back to finish setup & established Q&A.

    Either way, I think never having a spam problem proves my point? Unless you're implying I'm somehow immune? :p

    Perhaps. That doesn't really change my (& JoeychgoJoeychgo's & zappaDPJzappaDPJ's) results though.

    In this case it takes longer, requires more + manual effort by them... And then you can just change questions.

    I will say I've never had to change questions though.
     
  16. Joeychgo

    Joeychgo TAZ Administrator

    6,646
    1,532
    +3,334
    Part of the key though is to make the questions difficult for the spammer. A simple math question they'll figure out easy. But asking a question that people in your forum niche will understand usually means someone from Singapore wont have a clue.

    For example.. If you run a NFL fan forum you might have as a question: When a football team scores what do they call it? (touchdown)
    Someone from Singapore will probably figure your talking about soccer and wont be able to answer the question.
     
  17. Mouth

    Mouth Enthusiast

    181
    93
    +95
    You only use Google (re)Captcha, or core default functionality? No spam mitigation add-ons or custom Q&A?
     
  18. Bionic Rooster

    Bionic Rooster Adherent

    251
    87
    +181
    This is all I have active, no add ons or google
     
  19. R0binHood

    R0binHood Fan

    571
    262
    +351
    I've noticed someChinese character spam on the official forums too, what's odd is that there's already a few older threads on the topic that the staff have chimed in on with suggested spam phrases to combat this very thing. So I don't think it's a feature issue, it just might be that the right phrases have been added to the phrase filter on the official site

    https://xenforo.com/community/threa...ed-as-spam-phrases-in-spam-management.124518/
    https://xenforo.com/community/threads/spam-phrases-and-blocking-chinese-spam.111721/

    It would perhaps be nice to have an option to filter all Chinese characters though, for sites that only want posts with characters from the latin alphabet.
     
  20. Pete

    Pete Flavours of Forums Forever

    1,773
    227
    +597
    Filtering characters like that is Hard. Do you stop at Chinese, what about Japanese, Korean? What about accented letters (Latin has *many*). What about emoji? Symbols? The list is enormous.
     
Verification:
Draft saved Draft deleted
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.