Announcement

Collapse
No announcement yet.

Spam bots defeat Recaptcha.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
    kalam
    New Member

  • kalam
    replied
    Well, today I was hit by 4 different bots at once: joef88112, baadman25, kevin7901, and loveumaryii. Luckily, none of their posts actually appeared on the forum because of Prevent Spam. I modified it further to only stop posts with links from users with no posts. Since the bots posts are placed into moderation cue, they are not counted towards their post count. This problem appears to be getting worse and blocking all of China is not an option for me.

    Leave a comment:

  • thebigman87
    New Member

  • thebigman87
    replied
    Originally posted by CarterMarkham View Post
    eh, I just edited the .htaccess file and banned ALL Chinese IP's. Problem solved, for the Chinese anyway.
    It's not a path I'd personally go down, I mean China is a very fast developing country and with a Population of 1 Billion its not one to be blocked by outsiders (their Government can do that for them :P).

    I know you probably don't see any reason for a Chinese lad joining but I suppose depending on your site it helps to have as many views from different areas in the world. btw My Site is a Registered Only forum for Members, so I am quite surprised to be hit by it, because I only have 1 entry on google. Which I think summarises the scale of the problem.

    Before I continue to babble any longer, my solution will be to use Prevent Spam so new members who post links are placed in a moderation queue. Although it's not the external links I'm particularly worried about it's the nuisance it causes to me and members using the site.
    thebigman87
    New Member
    Last edited by thebigman87; Fri 30 May '08, 3:01am.

    Leave a comment:

  • copiertalk
    Senior Member

  • copiertalk
    replied
    Originally posted by CarterMarkham View Post
    eh, I just edited the .htaccess file and banned ALL Chinese IP's. Problem solved, for the Chinese anyway.


    KevinFlys


    They are pretty easy to spot when they join. The almost immediately edit the signature. I just made it so people that that user group can not edit their signature.

    Leave a comment:

  • CarterMarkham
    Senior Member

  • CarterMarkham
    replied
    hmm why dont we all mass email these guys and flood their account!?

    Leave a comment:

  • CarterMarkham
    Senior Member

  • CarterMarkham
    replied
    eh, I just edited the .htaccess file and banned ALL Chinese IP's. Problem solved, for the Chinese anyway.

    Leave a comment:

  • ampersand
    Senior Member

  • ampersand
    replied
    Im also hit by this ****

    Leave a comment:

  • kalam
    New Member

  • kalam
    replied
    I've been getting hit by one of these bots almost daily. They get passed the normal vBulletin registration and Enhanced Captcha Image Verification which makes me believe that they are using some other way to completely bypass all that as well.

    I'm currently using Prevent Spam to put all posts into the post moderation cue for all post that contain links from members that have fewer than 10 posts. So far it has caught all the bots.

    Only correlation that I've noticed is that they all put their birthdate as January 1st, 1980 and all have their time set to GMT + 8:00 (Beijing, Perth, Singapore, Hong Kong).

    Hopefully the vBulletin development team will take a serious look into this matter and fix it.

    Leave a comment:

  • Dan B
    New Member

  • Dan B
    replied
    I recently been hit by them as well ;(

    I would hate to do manual verification

    Leave a comment:


  • mikesz
    replied
    Actually, Briansol, I think you are right on with that one. I have been trapping the data entry for some time now and that is exactly what it looks like, either that or they have figure out how to do an injection but it does not appear to be using the standard vbulletin registration vehicle to me.

    I have been avoiding these jerks for several months and just the other day, three of their attempts succeeded so I had to tweak my filter to trap them but its clear to me that they were not using the "standard" form spamming bot, maybe as you say, CURL is their vehicle now.

    vBulletin need to find a zealot in their development organization to champion this cause like they do with ALL the other phantom XSS and CSRF they have supposedly fixed. THIS one is REAL and PRESENT and affecting thousands of vBulletin owners and operators every day.

    I don't appreciate wasting MY time to try to hack a solution for this product deficiency frankly. I would prefer to use my skills for more creative and satisfying work.

    regards, mikesz
    Last edited by mikesz; Wed 28 May '08, 9:21pm.

    Leave a comment:

  • briansol
    Senior Member

  • briansol
    replied
    looking at the logs, there's a 90% chance they aren't going to your site at all.... but rather running a simple CURL program they whipped up. it's pretty easy to make a curl script to do this. <100 lines a code, tops.

    Leave a comment:

  • Boosted Panda
    Member

  • Boosted Panda
    replied
    The problem is some of these are people as well as bots

    Leave a comment:

  • CKDexterHaven
    New Member

  • CKDexterHaven
    replied
    The site I run has also been hit with spammers over the past two weeks. I've deleted at least 5 or 6 of the names mentioned above--KevinFlys I just pitched out a few minutes ago. And last week, I also tossed out vbulletinboy (cheeky much).

    It got so bad that we added an approval step to the registration process--I just google each registrant's information to make sure he/she isn't a spammer before I activate the account. Even so, one or two with no prior spamming history have gotten through and posted spam before I banned them. Maybe those will show up on google as "banned" registrants, so other admins will have some warning about them.

    Incidentally, I'm running 3.6.8 and have rarely had spamming problems until the past two weeks.

    Leave a comment:

  • Firen
    New Member

  • Firen
    replied
    Yup, add my two sites to the list of vB forums that have been hit by these 'people'. EXACT same names. Coincidentally, both of my sites have recently been upgraded to 3.7.0. Before the upgrade, we very rarely had spammers. I have better things to do that spend my day deleting these members!

    Leave a comment:

  • thebigman87
    New Member

  • thebigman87
    replied
    I've too had trouble with these Bots (Name above) but was visiting Vbulletin.com for a seperate issue, However back to the issue, it's a shame that these Bots can get through but more surprising to me is how they have been able to span such large amounts of sites.

    Leave a comment:

  • BrotherX
    New Member

  • BrotherX
    replied
    THOSE SPAM NICKNAMES ARE NOT LISTED IN FORUM MEMBERS LIST, even they are registered!

    I get today one more.

    None of them.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X