- Joined
- Mar 6, 2011
- Messages
- 8,649
When we switched to Xenforo we ran a plugin that actually blocked 99% of our spam without any stupid Captcha's. But recently forum's have been over run by spam, including ours.
These aren't bots... They're HUMAN!
Seriously, antispam has gotten so good they have resorted to paying people in Pakistan and India to spam websites. While the majority of automatic spam still seems to come out of China, we haven't seen a single Chinese spam registration in the last 6 months. The issue with human spammers is captcha's, Puzzles, physical interaction devices are all useless.
While I have no problem blocking Pakistan for example, the rest of the spam comes through US IP's via VPN services. I don't mind blocking VPN's for registration but I don't wish to block those VPN services altogether because we have soldiers, privacy minded individuals and hell I use a VPN at work to bypass restrictions or the tethering block on my cell service.
So we have a new plugin.
https://xenforo.com/community/resources/tpu-detect-and-block-spam-registrations.2973/
It's score based. This is on top of checking a database for reported usernames, ip's and email's for spam. Additional checks available include ISP's AS name, hostname, country and checking what ports the computer has open.
40% of our spam came from Pakistan Telecom Company Limited or PKTELECOM-AS-PK as it is now blocked.
40% of the rest came from Bharti Airtel Ltd or AIRTELBROADBAND-AS-AP
The rest of it came from VPN's from places like zenmate.com via LEASEWEB-US or LEASEWEB-NET all of which will over time be added to the list and blocked entirely.
One of our usual Pakistani spammers:
Tried a second time using a different email which was clean on the spam database however the country and ISP are now blocked.
Good example of a person that would get through if they didn't match the spam database:
Already rejected due to email and IP, the AS Name was already in our plugin thanks to the author, the 2 ports open look like a web server. +3 would have moderated the guy, I changed the As to +6 and now all traffice from Choopa is rejected straight up.
Another new one but still auto rejected:
You can actually see in the first one (lower) his score got him rejected. However I added the AS Name before he tried again and the score went up.
One of our usual VPN spammers... blocked:
These aren't bots... They're HUMAN!
Seriously, antispam has gotten so good they have resorted to paying people in Pakistan and India to spam websites. While the majority of automatic spam still seems to come out of China, we haven't seen a single Chinese spam registration in the last 6 months. The issue with human spammers is captcha's, Puzzles, physical interaction devices are all useless.
While I have no problem blocking Pakistan for example, the rest of the spam comes through US IP's via VPN services. I don't mind blocking VPN's for registration but I don't wish to block those VPN services altogether because we have soldiers, privacy minded individuals and hell I use a VPN at work to bypass restrictions or the tethering block on my cell service.
So we have a new plugin.
https://xenforo.com/community/resources/tpu-detect-and-block-spam-registrations.2973/
It's score based. This is on top of checking a database for reported usernames, ip's and email's for spam. Additional checks available include ISP's AS name, hostname, country and checking what ports the computer has open.
40% of our spam came from Pakistan Telecom Company Limited or PKTELECOM-AS-PK as it is now blocked.
40% of the rest came from Bharti Airtel Ltd or AIRTELBROADBAND-AS-AP
The rest of it came from VPN's from places like zenmate.com via LEASEWEB-US or LEASEWEB-NET all of which will over time be added to the list and blocked entirely.
One of our usual Pakistani spammers:
Tried a second time using a different email which was clean on the spam database however the country and ISP are now blocked.
Good example of a person that would get through if they didn't match the spam database:
Already rejected due to email and IP, the AS Name was already in our plugin thanks to the author, the 2 ports open look like a web server. +3 would have moderated the guy, I changed the As to +6 and now all traffice from Choopa is rejected straight up.
Another new one but still auto rejected:
You can actually see in the first one (lower) his score got him rejected. However I added the AS Name before he tried again and the score went up.
One of our usual VPN spammers... blocked:
