No announcement yet.

Bot Registration with required fields blank

  • Filter
  • Time
  • Show
Clear All
new posts

  • #46
    Originally posted by Krikitu View Post
    Many ISP won't install ImageMagick, because of security issues with exec() function

    While I'm disappointed with this, I can understand their point of view, though...
    Krikitu what all functions have they disabled.


    • #47
      Below is the answer in my ISP's FAQ.

      mage Magick is not present and cannot be used on our servers because it needs the exec() function, which is not active for security reasons.

      The only product we have a patch for is "Gallery", in which we have made some changes to support image conversion.

      Hence, you will have to use the GD 2.x library. It contains the same functions.

      NetPBM and Image::Magick are not usable from inside php because we do not allow script execution from outside our servers. It is only possible from perl and the path is /usr/local/bin/convert
      Apart from that, I'm really happy with this ISP, so I won't change for another one only because of ImageMagick support The only thing I don't really understand here is the difference they make between perl and php. But I'm not a perl programmer, so...

      More generally, you can see on many sites/forums that the main reason to disable ImageMagick is its use of the exec() function. Which can lead to security holes if not correctly used.


      • #48
        There are a number of other functions system() etc that do the same sort of thing, if they've only disabled one and not the other...


        • #49
          Use the GD-TTF option, you don't need imagemagick.


          • #50
            Originally posted by Freddie Bingham View Post
            Use the GD-TTF option, you don't need imagemagick.
            That's what I've done in my tests. And that's also why I don't really care about the lack of ImageMagick

            Concerning the disabled functions, here they are : passthru(), set_timelimit(), popen(), exec(), shell_exec(), system() and proc_open().


            • #51
              Originally posted by Krikitu View Post
              Concerning the disabled functions, here they are : passthru(), set_timelimit(), popen(), exec(), shell_exec(), system() and proc_open().
              That hurts just to look at.

              No passthru, no set_timelimit.. I would be running around thinking the world was ending.


              • #52
                Unfortunately I'm with the same mess. (VB 3.5.4)
                Registering e-mail addresses shows [email protected] and many different names.
                Is it possible to block this IP address with a .htaccess file?

                order allow,deny
                deny from
                allow from all

                Will this solve the problem?


                • #53
                  Lol, how is blocking one ip goingto help? We need the whole plugged, altough they have been using the same ips and email adresses, it does not mean that they cannot use different ip's and random email adressses.

                  If you all stoped complaining and started posting on this thread and list all the hacks you have installed then maybe we could actually find the problem.



                  • #54
                    I have this problem, same IP's, same Urls 'spamming' or 'hacking' to create accounts. I have even had a couple post to random threads with the same message. I am running 3.5 with NO hacks, image verification is on and email verification is required.

                    I know it can sound like everyone is just complaining, but I think numerous posts have explained what is happening and what version and hacks they are running and what registration verification they have set up.

                    There is definately an issue to look into. Has anyone here reported it as a bug as suggested in an earlier post? Where/How would we report that?

                    I doubt it's a bug but rather someone has figured out how to get around all the security and verification.


                    • #55
                      But how do you know it's a Bot that is actually doing the registering? A person could register then turn over the posting to a Bot. There really is no way to stop that.

                      Regardless, vB 3.6.x has a stronger captcha so you should try upgrading.

                      I also wonder why these Bots haven't registered on our forums if they are able to?
                      Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                      Change CKEditor Colors to Match Style (for 4.1.4 and above)

                      Steve Machol Photography

                      Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                      • #56
                        I’ve been having this same issue, off and on, for a few months now.

                        Here’s what I have discovered, so far:
                        I don’t think this is a vb software issue at this point. This is a bunch of criminals, that have probably searched for vb forums via google. Once they find a forum, they add bogus
                        users to your forum so they can SPAM your board to death using those userids.
                        Banning the email addresses and/or the IP’s that they are using, appears to be pointless, since they generally change both of these with each new user that they add. I have found that they sometimes use the same email and/or IP multiple times, in which case, I will ban them at that point.

                        Here’s what I have done to try and circumvent the problem, but it has not absolutely solved the problem as of yet:
                        I have implemented the image verification at registration
                        time. I have always required my users to authenticate their email address at registration, and I also moderate the new user signups, so I can review the registration data BEFORE I approve them. All of this prevents them from spamming my board, but as I have said, they are still signing up, although at a much slower pace. The one thing that I did see that is consistent for each userid that they add, is that they are using a timezone of "eniwetok, kwajalein".

                        As for whether or not it is a "BOT" that is doing the registrations. I have not yet dismissed that possibility, but again, I don’t think this is a vb software issue at this point. And I agree that there really is no absolute way of stopping these creeps, under the circumstances.

                        If I get more info I will be happy to pass it along to you all.


                        • #57
                          Has there been anything further discussed on this? I am having the same issue, except in bulk... I went through and deleted over 1500 users, all of which had one thing in common and that was the time zone of (GMT -12.00) Eniwetok, Kwajalein. Most all other data varied such as e-mail address and IP.
                          Last edited by kenny hektik; Mon 23 Oct '06, 3:47pm.


                          • #58
                            We've had some problems with bots as well.

                            I tried the banning method, I.E. IP address, mail domains, but they just come back with a new one. So it's pretty pointless.

                            So what I've done is turned on the manual approval system and I check each applicant that confirms their email address. Most of these bot memberships never confirm their email addresses, and for the few that do I just delete. I figure why not waste their time.

                            I also banned usernames that contain anything like .com xxx viagra and a few more that are intended to get some attention in the newest member field. We get pretty frequent legit sign ups, so the names only show for a short time in the newest member field anyway. Heck, if the spammers want to pump up our member count for us, why not let them.


                            • #59
                              Kenny - is there a simple way of deleting all the users with Kwajalein as the time zone?

                              I dont' fancy going thru 400 (in my case) one by one looking for the time zone.



                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.