Hello everyone,
I am running a Flarum forum and recently I’ve been hit by a massive wave of spam registrations. I need some advice on how to deal with this specific type of attack.
The Attack Pattern:
New users register and immediately post "Temu" affiliate coupon codes (e.g., ALH19938*) in bulk.
- No Hyperlinks: They do not use hyperlinks (likely not for SEO), just plain text to push the coupon codes.
- Obfuscation: I added "Temu" to the FoF Linguist/Filter, but they immediately adapted by using Unicode characters like
TℰℳU (Script Capital E/M) to bypass the keyword blocking.
- Example Content:
> New users at TℰℳU receive a $100 Off... use code [ALH19938*]...
What I have tried (and failed):
- FoF Filters: As mentioned, simple keyword blocking failed because they substitute characters (e.g., changing
Temu to TℰℳU).
- Cloudflare Turnstile: I have enabled Turnstile for registration, but it is ineffective. The accounts are still getting through.
- Registration Barrier: Currently, we allow registration via email.
My Analysis:
Since they can bypass Turnstile and adapt their spelling to avoid filters, I suspect this is a manual attack (human-operated) or highly sophisticated scripting, rather than simple bots.
My Question:
Has anyone else experienced this? Aside from manually blocking IPs, are there any recommended strategies or plugins to:
- Block these specific Unicode characters (
TℰℳU) effectively?
- Add a stronger validation step (e.g., Q&A) during registration to stop manual spammers?
Any help would be appreciated!
