Announcement

Collapse
No announcement yet.

Help! Spam bots in spite of visual confirmation

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Help! Spam bots in spite of visual confirmation

    I don't know whether spambots have conquered the vB 3.5 anti-spam captcha but of late I've been having a few registrations which clearly smack of spambots. I cannot be 100% sure, but going by the pattern it looks like the bridge has been berached.

    Yeah, I don't have email confirmation because I need new members to post actively on my forum and having a email confirmation does seem a bit overkill for a small community.

    Is the visual confirmation really breached? I hope the developers will look into it for the next version.

  • #2
    Nope they've found a better way.

    They get someone to register the account and then give the spam bot the account to play with.

    We've seen this numerous times in the past, there is however a better system in place for the next release.
    Scott MacVicar

    My Blog | Twitter

    Comment


    • #3
      Ah, ok, anyway, I'll delete such accounts. Banning is not really necessary.

      Comment


      • #4
        Is there a way to ban all users that use a particular e-mail domain such as mail.ru?

        I keep getting these spam bots inspite the image verification and its difficult to always humanly ban them and they all have the same e-mail domain.

        Comment


        • #5
          Admin CP -> vBulletin Options -> User Banning Options -> Banned Email Addresses -> mail.ru
          Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
          Change CKEditor Colors to Match Style (for 4.1.4 and above)

          Steve Machol Photography


          Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


          Comment


          • #6
            Originally posted by Scott MacVicar View Post
            Nope they've found a better way.

            They get someone to register the account and then give the spam bot the account to play with.
            Are you sure? Because I've had this same problem crop up within the last month only and all the registrations look like bots filled it out (full of gobblegook in the name fields, about you field etc.), not humans who've registered and then turned the account over to a bot to post.

            Comment


            • #7
              Originally posted by Emmy View Post
              Are you sure? Because I've had this same problem crop up within the last month only and all the registrations look like bots filled it out (full of gobblegook in the name fields, about you field etc.), not humans who've registered and then turned the account over to a bot to post.
              that would be the only "logical" reason since only humans can read randomly generated images .... i bet those spammers are crazy enough to offer people money to register at large boards and then the account information is given away for the spammer spambots to play with mail.ru is a common source good point Steve

              Comment


              • #8
                Maybe you are wrong?

                I too am getting half a dozen new (failed) spam accounts created on my instance of vBulletin, daily. I've seen captcha systems broken. An aquiantance of mine had his thwarted, quite trivially actually.

                http://www.duo-creative.com/chrisb/authimage/

                I also had a look at my web server logs and the user(s) who create the accounts are throwing imagehash $_GET parameters in what should otherwise be a $_POST action, accomplishing full registration in less than 15 seconds? Always the same birthdate...

                Code:
                85.140.52.32 - - [18/Jun/2006:16:45:50 -0700] "GET /forums/index.php HTTP/1.0" 200 32893 "http://www.nullwhore.com/forums/index.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
                85.140.52.32 - - [18/Jun/2006:16:45:56 -0700] "GET /forums/register.php? HTTP/1.0" 200 12650 "http://www.nullwhore.com/register.php?" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
                85.140.52.32 - - [18/Jun/2006:16:45:59 -0700] "POST /forums/register.php HTTP/1.0" 200 22639 "http://www.nullwhore.com/forums/register.php?" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
                85.140.52.32 - - [18/Jun/2006:16:46:02 -0700] "GET /forums/image.php?type=regcheck&imagehash=0d806c08dbd04682551a0dba05e364dc HTTP/1.0" 200 8773 "http://www.nullwhore.com/image.php?type=regcheck&imagehash=0d806c08dbd04682551a0dba05e364dc" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
                85.140.52.32 - - [18/Jun/2006:16:46:05 -0700] "POST /forums/register.php HTTP/1.0" 200 12988 "http://www.nullwhore.com/forums/register.php?" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
                I'm a bit suspicious here...

                Comment


                • #9
                  im getting like 5 or so spam messages a day now...

                  my mods are going nuts

                  Comment


                  • #10
                    I am not sure if they are spam bots but every morning I am getting tons of spam from users in india. Is there a way to block an entire country?

                    Comment


                    • #11
                      This spam problem started on my boards as well. It began maybe a couple weeks ago where a user signs up and then posts spam about selling electronics. So far I'm banning the account and IP (which is never the same unfortunately). There has got to be a better way, such as blocking a whole country like eSology mentions since they are all from Africa and Europe so far.

                      Comment


                      • #12
                        Our spam problem started at exactly the same time we upgraded from v3.08 to v3.54. We are currently getting around 2-5 spam replies to threads each day. These are being only made to the only forum that doesn't require a user to be signed in (this forum is to report technical difficulties which I have to leave open to unregistered users because most often than not its a "can't log in question".

                        Thanks

                        Comment


                        • #13
                          Originally posted by shawno View Post
                          Our spam problem started at exactly the same time we upgraded from v3.08 to v3.54.
                          That's just a coincidence. I have a forum that is running 3.0.14 and the spam started increasing there at the same time.
                          Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                          Change CKEditor Colors to Match Style (for 4.1.4 and above)

                          Steve Machol Photography


                          Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                          Comment


                          • #14
                            I'm also getting many bots registering every day, looks like the captcha does not work.

                            Perhaps the best way to prevent bots from registering is to ask a simple question and if the answer is incorrect the registration process is aborted. The simple question would be unique for each forum and should be easily be changed in the Admin CP.

                            Comment


                            • #15
                              I have never seen any proof that the captcha doesn't work. These are instances of someone manually registering then turning over the posting to a bot.
                              Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                              Change CKEditor Colors to Match Style (for 4.1.4 and above)

                              Steve Machol Photography


                              Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X