Help! Spam bots in spite of visual confirmation

Hi Steve,

This is not a case of spam being posted on my forum, these bots are trying to register and because I have moderation for new registers they never get in, I just delete the account.

The bots get past the captcha but get messed up on the optional profile fields. One of my fields is 'Name' and they always answer http://something where something is always some unique url address.

That does not means these are bots. To date no one has shown that any bot is able to get past the vB captcha. I'm not saying this is impossible, I'm just saying people shouldn't automatically jump to conclusions.

And even if they are doing this, then there's not much that can be done about it I'm afraid.

P.S. The captcha in 3.6 is greatly improved. You should upgrade.

Russian Spam

Is there a list of spam addresses, so everyone can block them with one cut and paste? I recently had a big attack from @GAWAB.COM. I encourage others to post their major spam addresses here and start a list, if one does not already exist. Thanks a bunch.

Ive upgraded in sole anticipation that the captcha would curb this problem, however it hasnt, seems worse.
I wanna believe the image verification hasnt been compromised but I find it hard to believe that its not.
Many corporate sites are now using colored & complicated patterns, that leads me to believe its possible for a bot to read a basic image, like an OCR engine.

I hate manually moderating each post before its published, but we (my mods) might be forced to do it until a better solution is available.

I removed the captcha and put in a simple question instead, if the question is answered incorrectly the registration process is terminated. No more bots have registered since I did this and I was getting as many as 12 a day.

It appears the captcha was the problem and the solution is rather simple. I suggest vBulletin implement this question/answer technique.

Mines more like 12 an hour, we setup an insta-ban infraction card & been nuking them all day long in an attempt to prevent them from making a post.

I've been good not to use any mods, but would be very interested looking at your code implementation.

The custom profile fields i understand, but would like to see how you do the error checking against the question/s.

~sigh~ spammers, gotta love em.

Yepz...I would love to see the code for the question, I'm a newbie board owner, and I have absolutely no idea other than email banning on how to stop these guys.

I'm getting my spammers from gawab.com and mail.ru as well.

Seems as if this is a problem on alotta VB sites in the past few weeks. I have friends that are having the same problem. A fix would be worth it.

The custom profile field must be the last one and it should be a required field, then create a plugin like this.



The correct answer to my question is '2' so the plugin looks for this number at the end of the variable, if it is not a '2' then the registration process is aborted.

My answer

Hi Andy

In your image it shows '2' in 2 places. No matter what my answer is, does it have to be amended in both those two places ? So if my answer is *Jolly Good*, I then amend *Jolly Good* in both places ?

Sorry to sound a bit **** but I am no programmer.

I plan to upgrade this weekend.

Spammers have been around on the internet since the since the late 70s (actually they existed since the 19th century when Western Union's telegraphs were abused by sending investment offers to multiple destinations ) and will be around for the foreseeable future, but I think what the people here trying to say is that something has changed, and that there has been major shift in the spam war and the effects of the most recent shift have been very pronounced.

Obviously, there is no "magic bullet" but I do like some of the ideas I have read in this thread. I'm looking forward to upgrading to 3.6 and deploying some of the suggestions posted here.

Yeah I'm getting a shed load of these registrations now too - and they're mostly coming from the following domains:

gawab.com
formails.com
mail.ru
f**kshemale.net
pisem.net
ukr.net

I've added these domains to the banned list but they just come up with other ones. All the birthdays are set to 28 March 1983. Can we prevent users with this birthday from registering?

Just for the record I also have image and email verification enabled - looks like I'm going to manually moderate new members now, joy of joys.

So what is the best solution?

I am not accepting registrations at this time. I would like for people to call and get a password. They want to come into my home. Perhaps they should introduce themselves!

How do I change the message that is given when no more registrations are accepted in the register.php file?

How can I apply a password to the hmmm dang ! A lot of people are international. ANd they cant just call me.

They can get the password by submitting a request for it and it can automatically deliver it. Hmmm I dont know. What is the smartest way?

The question and asnwer things sounds awesome! How do I do that?

I got the script posted to work (although I am still waiting for someone to explain the arguments in this script, as the only answer to the script as written is 2). And 2 is logical since that is the answer that Andy set up for it, my problem is that I can follow the arguments as to why 2 is the answer, and all my attempts to rewrite it with my own predetermined answer have ended in complete failure. I'll admit that I am not the brightest bulb when it comes to PHP programming, but I can't follow what that script is doing. Maybe my ability to reason has gone flying out the window as I can't follow how that script works at all.

I will post exactly how I made it work, but if someone will walk me through it and explain to me the arguments that are being made and why they work as I can't seem to be able to rationalize it.

First log into your AdminCP and go to Plugins & Products and choose Plugin Manager.

At the very bottom, click on [Add New Plugin]

Follow Andy's uploaded image to set the fields.



Since transfering code off an image is a little bit tedious, you can copy and paste from...

I still think it shouldn't work even when the answer is two.

Anyway make your new plugin "active" and save it.

Next, open your User Profile Fields menu and choose Add New User Profile Field.

Choose the first option of Single-Line Text Option

Choose your title (I chose to called the New User Profile Field the same as the plugin I created which for me was Spam Prevention Field).

I entered my own description. You can choose your own, but for convenience purposes.

Attached is an image of the settings I used to get it too work, which is the part that baffles me as because it doesn't make sense to me, but as I said...hopefully someone can straighten me out on the who, what, why, how & where on it.

Banned email addresses

Here's my selection of email addresses banned over the past few days:

@cashette.com
@yandex.ru
@mail.ru
@ukr.net
@gawab.com
@sriaus.com
@email.ua
@portsaid.cc
@pisem.net
@f**kshemale.net

And all using the same birthday of 28 March 1983 (for the time being!)

Here are the IP addresses I've also banned:

12.215.212.252
85.139.73.84
87.119.168.66

To any new users who don't know how to ban users, here's the path:

From vBulletin Admin Control Panel > vBulletin Options > User Banning Options


You can copy and paste these email address straight into the Banned Email Addresses as below:

@cashette.com @yandex.ru @mail.ru @ukr.net @gawab.com @sriaus.com @email.ua @portsaid.cc @pisem.net @f**kshemale.net

NOTE: remember to replace the ** with the remaining letters!!!

After installing 3.6.0 and enabling the captcha for registration I have yet to get single bot to register. Previously with 3.5.3 I was getting about 10 bots a day registering.

Has anyone had a bot registering using version 3.6.0 with the captcha enabled?