Help! Spam bots in spite of visual confirmation

**Scott MacVicar** · Sat 13 May '06, 8:28pm

Nope they've found a better way.

They get someone to register the account and then give the spam bot the account to play with.

We've seen this numerous times in the past, there is however a better system in place for the next release.

**harishankar** · Sat 13 May '06, 9:11pm

Ah, ok, anyway, I'll delete such accounts. Banning is not really necessary

.

**rsgreenhorn** · Fri 2 Jun '06, 7:20pm

Is there a way to ban all users that use a particular e-mail domain such as mail.ru?

I keep getting these spam bots inspite the image verification and its difficult to always humanly ban them and they all have the same e-mail domain.

**Steve Machol** · Fri 2 Jun '06, 7:49pm

Admin CP -> vBulletin Options -> User Banning Options -> Banned Email Addresses -> mail.ru

**Emmy** · Fri 9 Jun '06, 8:11am

Originally posted by Scott MacVicar

Nope they've found a better way.

They get someone to register the account and then give the spam bot the account to play with.

Are you sure? Because I've had this same problem crop up within the last month only and all the registrations look like bots filled it out (full of gobblegook in the name fields, about you field etc.), not humans who've registered and then turned the account over to a bot to post.

**DelphiVillage** · Fri 9 Jun '06, 8:16am

Originally posted by Emmy

Are you sure? Because I've had this same problem crop up within the last month only and all the registrations look like bots filled it out (full of gobblegook in the name fields, about you field etc.), not humans who've registered and then turned the account over to a bot to post.

that would be the only "logical" reason since only humans can read randomly generated images .... i bet those spammers are crazy enough to offer people money to register at large boards and then the account information is given away for the spammer spambots to play with mail.ru is a common source good point Steve

**conner_bw** · Sun 18 Jun '06, 5:32pm

Maybe you are wrong?

I too am getting half a dozen new (failed) spam accounts created on my instance of vBulletin, daily. I've seen captcha systems broken. An aquiantance of mine had his thwarted, quite trivially actually.

duo-creative.com - duo creative Resources and Information.

http://www.duo-creative.com/chrisb/authimage/

duo-creative.com is your first and best source for all of the information you’re looking for. From general topics to more of what you would expect to find here, duo-creative.com has it all. We hope you find what you are searching for!

I also had a look at my web server logs and the user(s) who create the accounts are throwing imagehash $_GET parameters in what should otherwise be a $_POST action, accomplishing full registration in less than 15 seconds? Always the same birthdate...

Code:

85.140.52.32 - - [18/Jun/2006:16:45:50 -0700] "GET /forums/index.php HTTP/1.0" 200 32893 "http://www.nullwhore.com/forums/index.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
85.140.52.32 - - [18/Jun/2006:16:45:56 -0700] "GET /forums/register.php? HTTP/1.0" 200 12650 "http://www.nullwhore.com/register.php?" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
85.140.52.32 - - [18/Jun/2006:16:45:59 -0700] "POST /forums/register.php HTTP/1.0" 200 22639 "http://www.nullwhore.com/forums/register.php?" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
85.140.52.32 - - [18/Jun/2006:16:46:02 -0700] "GET /forums/image.php?type=regcheck&imagehash=0d806c08dbd04682551a0dba05e364dc HTTP/1.0" 200 8773 "http://www.nullwhore.com/image.php?type=regcheck&imagehash=0d806c08dbd04682551a0dba05e364dc" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
85.140.52.32 - - [18/Jun/2006:16:46:05 -0700] "POST /forums/register.php HTTP/1.0" 200 12988 "http://www.nullwhore.com/forums/register.php?" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

I'm a bit suspicious here...

**hdtvoice** · Tue 20 Jun '06, 6:23am

im getting like 5 or so spam messages a day now...

my mods are going nuts

**eSology** · Mon 10 Jul '06, 5:14am

I am not sure if they are spam bots but every morning I am getting tons of spam from users in india. Is there a way to block an entire country?

**vwturbo** · Mon 10 Jul '06, 6:48am

This spam problem started on my boards as well. It began maybe a couple weeks ago where a user signs up and then posts spam about selling electronics. So far I'm banning the account and IP (which is never the same unfortunately). There has got to be a better way, such as blocking a whole country like eSology mentions since they are all from Africa and Europe so far.

**shawno** · Tue 11 Jul '06, 11:31pm

Our spam problem started at exactly the same time we upgraded from v3.08 to v3.54. We are currently getting around 2-5 spam replies to threads each day. These are being only made to the only forum that doesn't require a user to be signed in (this forum is to report technical difficulties which I have to leave open to unregistered users because most often than not its a "can't log in question".

Thanks

**Steve Machol** · Wed 12 Jul '06, 9:04am

Originally posted by shawno

Our spam problem started at exactly the same time we upgraded from v3.08 to v3.54.

That's just a coincidence. I have a forum that is running 3.0.14 and the spam started increasing there at the same time.

**Andy** · Sat 12 Aug '06, 9:38pm

I'm also getting many bots registering every day, looks like the captcha does not work.

Perhaps the best way to prevent bots from registering is to ask a simple question and if the answer is incorrect the registration process is aborted. The simple question would be unique for each forum and should be easily be changed in the Admin CP.

**Steve Machol** · Sat 12 Aug '06, 11:40pm

I have never seen any proof that the captcha doesn't work. These are instances of someone manually registering then turning over the posting to a bot.

Help! Spam bots in spite of visual confirmation

Help! Spam bots in spite of visual confirmation

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment