Just got another one:

cdef904 - [email protected] - 125.83.36.197

I could only stop them by using "Human Verification" System. Even I ban them they come with different mail and different user name.

I used Question / Answer in my native language. Now they can not register

I guess this is useless for an English Spoken Forum


KaiyureBoy vbulletinboy @ gmail.com
stuv502 edgdrgdrg @ 21cn.com
uvwx698 lmy416 @ gmail.com

Over the past week I have had to ban several users for spamming.

This is the first time since I have owned the forum.

The members are:

beijmanli - [email protected] - 58.17.147.112
jklm895 - [email protected] - 59.173.226.84
joshnjob - [email protected] - 122.194.25.28
KaiyureBoy - [email protected] - 222.187.236.142
KevinFlys - [email protected] - 220.178.42.42
lovebeijgo - [email protected] - 222.183.122.18
loveumaryii - [email protected] - 222.183.121.201

The letter/text image is on, and I have now activited email variation.

Ditto here also.

Two of them, both posted few similar posts, both I banned few seconds after they posted comments.




Names:

1. KevinFlys
2. lovebeijgo

Gmail email, under location (which is obligation on my forum) they put location number "1" and registered like that? lovebeijgo registered today, KevinFlys I was ban before few days, he return today and log inside forum, than I was edit his account and change mail and password.

Forum Registration Config.
Image verification registration with verification email send back for all newly registered users.

I've used that trick in some hand-coded form handlers (outside of vB). It worked fine for a while, but a couple of months ago new spam started to pass this test.

I guess any trick that can be beaten by an if-then-else statement is worthless.

I don't see how you could get false positives though.

Any opinions on this?

Just got a new one, hasn't posted yet, but look at the email.

username: loveumaryii
email: [email protected]
sig: self-trust is the first secret of success.
ip: 222.183.121.201

I don't think banning email addresses or entire ip blocks is the answer.
Some of you get too worked up over this.
Spam is here to stay. I don't believe they are bots doing it providing you confirm email addresses and use CAPTCHA.

I think by far the best mod (and should be included with vB) is
Prevent Spam Posts


I've added additional keywords to prevent our latest fiends from posting.
I don't care that I need to delete and ban a few people each week.
I'm just glad their posts are not visible.

And I don't believe askimet is of any use.
Look how much spam gets posted to vb.com.

If the ban doesn't work it really seems to be a security problem in this case. AKA "bug".
I banned the whole chinese networks on the server level so they can't even access vb. This helped. No bot-registrations since then.

I got the two in the original post.

Hi

since 21.5.2008 I have also all the mentioned spammers on my different forums. All vb forums. Version 3.68, 3.6.10 and 3.7. More then 10 forums.

I have always captcha on (GD true image), I have always e-mail verification on and I have always at least one mandatory field for a profile question (select option box).

So this is not a version issue.

Surprisingly, I have under the same "roof" also other forums with a different software (discusware.com). No spam attack there at all!

So these guys have obviously focused on vb only.

The way how they behave is always the same. They register on one board, then they do nothing for 1-2 days. After that they start posting.

They do not register on all of my forums at the same time. The same username does it on one day on forum 1, on the second day on forum 2 etc. All forums are under one roof and are linked to each other.

I have Englisch and German forums, so the language seems not to be a criteria.


Now there are 2 very serious problems, noone in this thread mentioned before:

1. These accounts are able to post, although the exact same IP was banned one day before

2. These accounts are able to post, although all gmail e-mail addresses are blocked (also for old users) one day before.


How is this possible? And how to fix this asap?

Here are my 2 that I didn't see before on this thread

dreamath [email protected] 116.234.4.127 Birthday : January 1, 1980

KevinFlys [email protected] 220.178.42.42 Birthday : January 1, 1980

FYI, I ask 2 questions for the profile, and they are being filled with "1"

Narrow access drastically?

I have been getting these ones too, about 5-6 different ones in the last week.

I ban the register, then ban their IP,(xxx.xxx.xxx.*) but it is not enough for me. Time to get tougher. I am 99.9% sure that everyone I want to reach is located in North America. How can I completely shut off access to everywhere except North America? (I know that they can work through a more local computer, but this should at lease slow them down.)

I will start keeping a list of these spammers, and IPs to help out.

Thanks,
-Neil

hahaha i got those too

0523jk [email protected] 23-05-2008 24-05-2008 0
080522jk [email protected] 22-05-2008 23-05-2008 0

Do you think this would be a good tactic? Add a hidden form field to the registration form, and then when it's submitted, if there is anything in it, then deny registration? Would there be any chance of false positives?

lovebeigo just hit my board.