Please stop this spammer

User banned, all posts reported to block-lists (via spam-o-matic), and I added a permanent ban to netblock of 4096 IP numbers where their posts were originating.
 
Another two big groups today from a spammer ... was nice on old setup when Sr+ could insta zap them ...

Of course not been as common since past days
 
Sorry for the delay. I was at the Teardown conference all day. Looking at this just now...

Sadly, it seems the spammers from India that plagued the old vbulletin server have returned. I had really hoped we would not need to block huge portions of the India IP address space (specifically Bharti Airtel Ltd, ASN 45609), but we just can't have this level of spam!

Because the old way really did impact many real people from India from even reading the forum, I'm going to try a softer approach first that ought to prevent registrations but should still allow people using Bharti Airtel to at least still read messages. But if this level of spam keep up Monday or Tuesday, we'll return to completely banning all access to all IP numbers from ASN 45609.

I'll be offline most of Sunday for Teardown. Please keep reporting the spam and reply here if there's anything I should know when I return Sunday evening or early Monday.

One way or another, we will block these notorious India-based spammers.
 
Always a bummer when good folks suffer for the actions of the spammers having big blocks Blocked :(

Found the REPORT on the USER account and used that.
1719198522097.png


Not sure if that can have a setting put an account on 'timeout'? If so, perhaps selectable by 'User account type' like SR+ could do on the old forum?
 
Is it possible to cap the number of new threads a user can make in 24 hours? I can't really imagine any situation here where anyone would need to create >3 threads in one day.
 
Either way - Lots of activity on threads or posts for a first time sign up - not sure of the granularity the BBS offers for startup control.

Some BBS's allowed required EMAIL confirm before posts and IIRC Paul didn't want to require such.

The bad guys just don't quit .... up until now pollution has been minimal ...
 
The forum's logging shows the new rules that block new user registrations from ASN 45609 are being triggered, one of them only 12 minutes ago and the other a few hours ago. Impossible to know if it's blocking legitimate new users or the same spammer trying over and over to get back in.

But at least so far we're not blocking all registered and unregistered people from simply viewing the forum. A complete block would shut out everyone in India connecting via this large telco. We had that with vbulletin. I regularly heard complaints by email and social media. Really hoping we don't have to return to completely blocking almost all access to India again.

Regarding all the questions about whether certain forum behaviors are possible, I don't know. Unless the problem returns and can't be blocked, I'm not looking to dive into the forum config again. But if anyone wants to read the xenforo documentation and point to specific features, that would be the path to make these sorts of suggestions. Now that Teardown is over, I'm getting back to a final sprint to wrap up my contribution to the Ornament and Crime project, and then I'm planning to spend a few weeks merging lots of contributions and try to fix a few a few more bugs for a first 1.60 beta. Every time I get into forum config it turns into quite a distraction and right now I really want to get O_C wrapped up and 1.60 started.
 
Looks like our relentless spammer from India returned last night. Thanks to everyone who reported so many messages.

This time the spam originated from internet provider Reliance Jio Infocomm Limited, ASN 55836. I've added 5 more large netblocks which cover nearly all the IP numbers allocated to that company.

The forum's log shows they are also still relentlessly attempting to access the forum by the IP numbers of ASN 45609, which I blocked 9 days ago.
 
Screenshot 2024-09-01 091208.png


These are practically all bots/spam accounts. Most of them aren't bothering to post messages, they're just filling their profile/'About" pages with links as a form of SEO.
If the About pages could be turned off, would anyone really miss them?
 
I don't see a way to turn off the profile About page. I came across a plugin that can do it, but it seems to be for an older version of XenForo and isn't updated anymore. If anyone can find info for how to disable the About page (in a way that's unlikely to cause compatibility issues down the road) please give a link or info.

I did try user group permissions to disallow editing profiles. Not sure if that will have the desired effect... or unintended consequences. Again, if anyone can find the right setting in the XenForo docs, please point it out. But please understand I'm reluctant to install plugins unless they appear to be actively maintained. Cost isn't a problem (within reason) but an old plugin that prevents upgrades to the forum is a non-starter.

On the plugins front, I do have my eye this one for the future. Main goal is blocking VPN services. Almost all the spam is coming from only a few bad countries (Russia being the worst - every week I block some new IP ranges) and shady VPNs probably being abused from those countries.
 
Please do report the spammer profiles when you see them. I do use the IP numbers from those reports, so the reports really do have value beyond just cleaning up junk.
 
Ok, it's installed and running with default settings. And wow, it has a lot of settings!

Looks like it's going to use free tier IP geolocation services. If we get good results but hit limits, will look into paid tiers.
 
Quick behind-the-screens update... the plugin generated its first automatic report. Indeed it's spammers (probably from Bangladesh) blatantly creating many accounts. The plugin seems to really improve the forum's logging and display of the IP numbers they're using. I'm going through banning about 100 of the dormant accounts recently created, and adding some of the worst IP ranges to the permanently blocked list.
 
Back
Top