Announcement

Collapse
No announcement yet.

Spam bots defeat Recaptcha.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • pete2007
    replied
    Originally posted by pete2007 View Post
    Over the past week I have had to ban several users for spamming.

    This is the first time since I have owned the forum.

    The members are:

    beijmanli - [email protected] - 58.17.147.112
    jklm895 - [email protected] - 59.173.226.84
    joshnjob - [email protected] - 122.194.25.28
    KaiyureBoy - [email protected] - 222.187.236.142
    KevinFlys - [email protected] - 220.178.42.42
    lovebeijgo - [email protected] - 222.183.122.18
    loveumaryii - [email protected] - 222.183.121.201

    The letter/text image is on, and I have now activited email variation.
    Just got another one:

    cdef904 - [email protected] - 125.83.36.197

    Leave a comment:


  • lapsetur
    replied
    I could only stop them by using "Human Verification" System. Even I ban them they come with different mail and different user name.

    I used Question / Answer in my native language. Now they can not register

    I guess this is useless for an English Spoken Forum


    KaiyureBoy vbulletinboy @ gmail.com
    stuv502 edgdrgdrg @ 21cn.com
    uvwx698 lmy416 @ gmail.com
    Last edited by lapsetur; Tue 27 May '08, 6:09am.

    Leave a comment:


  • pete2007
    replied
    Over the past week I have had to ban several users for spamming.

    This is the first time since I have owned the forum.

    The members are:

    beijmanli - [email protected] - 58.17.147.112
    jklm895 - [email protected] - 59.173.226.84
    joshnjob - [email protected] - 122.194.25.28
    KaiyureBoy - [email protected] - 222.187.236.142
    KevinFlys - [email protected] - 220.178.42.42
    lovebeijgo - [email protected] - 222.183.122.18
    loveumaryii - [email protected] - 222.183.121.201

    The letter/text image is on, and I have now activited email variation.

    Leave a comment:


  • BrotherX
    replied
    Ditto here also.

    Two of them, both posted few similar posts, both I banned few seconds after they posted comments.




    Names:
    1. KevinFlys
    2. lovebeijgo
    Gmail email, under location (which is obligation on my forum) they put location number "1" and registered like that? lovebeijgo registered today, KevinFlys I was ban before few days, he return today and log inside forum, than I was edit his account and change mail and password.

    Forum Registration Config.
    Image verification registration with verification email send back for all newly registered users.
    Last edited by BrotherX; Mon 26 May '08, 1:30pm. Reason: a

    Leave a comment:


  • renep
    replied
    Originally posted by sockwater View Post
    Do you think this would be a good tactic? Add a hidden form field to the registration form, and then when it's submitted, if there is anything in it, then deny registration? Would there be any chance of false positives?
    I've used that trick in some hand-coded form handlers (outside of vB). It worked fine for a while, but a couple of months ago new spam started to pass this test.

    I guess any trick that can be beaten by an if-then-else statement is worthless.

    I don't see how you could get false positives though.

    Leave a comment:


  • David Grove
    replied
    Originally posted by sockwater View Post
    Do you think this would be a good tactic? Add a hidden form field to the registration form, and then when it's submitted, if there is anything in it, then deny registration? Would there be any chance of false positives?
    Any opinions on this?

    Just got a new one, hasn't posted yet, but look at the email.

    username: loveumaryii
    email: [email protected]
    sig: self-trust is the first secret of success.
    ip: 222.183.121.201
    Last edited by David Grove; Mon 26 May '08, 5:17am.

    Leave a comment:


  • steven s
    replied
    I don't think banning email addresses or entire ip blocks is the answer.
    Some of you get too worked up over this.
    Spam is here to stay. I don't believe they are bots doing it providing you confirm email addresses and use CAPTCHA.

    I think by far the best mod (and should be included with vB) is
    Prevent Spam Posts
    http://www.vbulletin.org/forum/showthread.php?t=131568

    I've added additional keywords to prevent our latest fiends from posting.
    I don't care that I need to delete and ban a few people each week.
    I'm just glad their posts are not visible.

    And I don't believe askimet is of any use.
    Look how much spam gets posted to vb.com.

    Leave a comment:


  • hbr
    replied
    Originally posted by snoopy5 View Post
    Now there are 2 very serious problems, noone in this thread mentioned before:

    1. These accounts are able to post, although theiexact same IP was banned one day before

    2. These accounts are able to post, although all gmail e-mail addresses are blocked (also for old users) one day before.


    How is this possible? And how to fix this asap?
    If the ban doesn't work it really seems to be a security problem in this case. AKA "bug".
    I banned the whole chinese networks on the server level so they can't even access vb. This helped. No bot-registrations since then.

    Leave a comment:


  • copiertalk
    replied
    I got the two in the original post.

    Leave a comment:


  • snoopy5
    replied
    Hi

    since 21.5.2008 I have also all the mentioned spammers on my different forums. All vb forums. Version 3.68, 3.6.10 and 3.7. More then 10 forums.

    I have always captcha on (GD true image), I have always e-mail verification on and I have always at least one mandatory field for a profile question (select option box).

    So this is not a version issue.

    Surprisingly, I have under the same "roof" also other forums with a different software (discusware.com). No spam attack there at all!

    So these guys have obviously focused on vb only.

    The way how they behave is always the same. They register on one board, then they do nothing for 1-2 days. After that they start posting.

    They do not register on all of my forums at the same time. The same username does it on one day on forum 1, on the second day on forum 2 etc. All forums are under one roof and are linked to each other.

    I have Englisch and German forums, so the language seems not to be a criteria.


    Now there are 2 very serious problems, noone in this thread mentioned before:

    1. These accounts are able to post, although the exact same IP was banned one day before

    2. These accounts are able to post, although all gmail e-mail addresses are blocked (also for old users) one day before.


    How is this possible? And how to fix this asap?
    Last edited by snoopy5; Mon 26 May '08, 1:53am.

    Leave a comment:


  • Toivo1037
    replied
    Here are my 2 that I didn't see before on this thread

    dreamath [email protected] 116.234.4.127 Birthday : January 1, 1980

    KevinFlys [email protected] 220.178.42.42 Birthday : January 1, 1980

    FYI, I ask 2 questions for the profile, and they are being filled with "1"

    Leave a comment:


  • Toivo1037
    replied
    Narrow access drastically?

    I have been getting these ones too, about 5-6 different ones in the last week.

    I ban the register, then ban their IP,(xxx.xxx.xxx.*) but it is not enough for me. Time to get tougher. I am 99.9% sure that everyone I want to reach is located in North America. How can I completely shut off access to everywhere except North America? (I know that they can work through a more local computer, but this should at lease slow them down.)

    I will start keeping a list of these spammers, and IPs to help out.

    Thanks,
    -Neil

    Leave a comment:


  • magmf
    replied
    Originally posted by Sparky-s View Post
    Got a new one today

    There is a new user, 0523jk

    Email Address : [email protected]
    Birthday : January 1, 1980
    Referrer: N/A
    IP Address: 218.240.13.108

    How you heard about us? : 1

    hahaha i got those too

    0523jk [email protected] 23-05-2008 24-05-2008 0
    080522jk [email protected] 22-05-2008 23-05-2008 0

    Leave a comment:


  • David Grove
    replied
    Do you think this would be a good tactic? Add a hidden form field to the registration form, and then when it's submitted, if there is anything in it, then deny registration? Would there be any chance of false positives?

    Leave a comment:


  • steven s
    replied
    lovebeigo just hit my board.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X