Announcement

Collapse
No announcement yet.

Spam bots defeat Recaptcha.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • beijmanli
    jklm292
    joshbob
    KaiyreBoy
    KevinFlys
    lovebeijgo
    lovemaryii
    Pereftiyo
    weiwei

    Those are the ones I have so for. I wonder why some are capital/lowercase while others are just lowercase?
    www.Copiertalk.com - Everything Copier , Printer, Fax

    Comment


    • Back when captcha was in it's infancy there was a theory (personally I never tested or proved) that captcha could be defeated as follows
      • porn-user visits free porn site but is required to complete captcha before entering.
      • bot takes next queued forum to register at, tries to register, gets captcha image
      • bot gives porn-user the captcha image to answer
      • bot takes the answer and feeds it back to the registration script.
      • bot succeeds in getting a registration, porn-user gets required content

      With the bots obviously using Curl to process the registration this scenario remains plausible.

      ===============
      Other options could be for vB to have some sort of image replacement available for pages such as registration.

      As the template is processed the image source is altered to pass through a script which will tag the image and count how many were generated for the page/session combo. Then when someone submits the registration form vB will check that the user has generated the right number of images and reject/pass.

      If a user is using Curl they will then be obliged to parse the html to find the images and download them too. This will create a bandwidth overhead for them.

      If nothing else they may start to target their efforts to the busy forums or their own niche rather than the niche forums that have no interest in their "product".
      Simple SEO

      Comment


      • Here is the second spamborg to register at my site in the past two weeks.

        Username: gprunescaper2
        Email: [email protected]
        IP: 218.106.154.107

        What's interesting is that earlier today, I saw the spambot's User Agent simultaneously "Registering" from a section of China I hadn't already blocked, and South Korea. I pre-emptively blocked those of course, otherwise I would've had 3 spambot registrations today. gprunescaper2 showed up while I was taking a nap, but he was banned and all his posts were rounded up, within 15 minutes.

        Comment


        • has anyone found a way to beat this yet?

          Comment


          • Originally posted by skublum View Post
            has anyone found a way to beat this yet?
            Yes. I have a couple of hidden fields on the reg. form and if they don't have the expected contents OR are not set, we have a bot

            I get 10-30 tries a week, but none get by my trap
            ~~~~~

            Comment


            • How are those "hidden" fields being filled? javascript?
              Simple SEO

              Comment


              • Originally posted by sarahk View Post
                How are those "hidden" fields being filled? javascript?
                I have one field that is filled by Javascript, which allows me to detect if the user has JS enabled. (If not, it might be a bot, but there are a few users who have JS turned off by default).

                I have another field that's empty, and if there's something in it, then it was a bot that registered.

                Up to now I've had all the bots register that have been mentioned in this thread. Their registrations have all been submitted with my 2 fields not set, which means it was a bot that registered (directly submitting POST data), not even a human slave at a computer.

                For real registrations, both my fields will be set, and the first will have a certain hash in it, set by JS, and the second will be empty (but will be set).

                It's worked like a charm so far.
                ~~~~~

                Comment


                • Originally posted by sockwater View Post
                  Yes. I have a couple of hidden fields on the reg. form and if they don't have the expected contents OR are not set, we have a bot ... I get 10-30 tries a week, but none get by my trap
                  sigpic Krystof
                  Starnectar Free Forums

                  Comment


                  • Originally posted by Christophe_O View Post
                    How about posting your trap code here, SOCKWATER?
                    A bot trap must be unique on every site, otherwise the spammers will code their bot to work with it.
                    ~~~~~

                    Comment


                    • I have a couple of hidden fields on the reg. form and if they don't have the expected contents OR are not set, we have a bot
                      Sorry for my ignorance, but what is 'hidden field' ?
                      Is it a private 'User Profile Field' or something else ?
                      Can you please tell in detail.


                      I have one field that is filled by Javascript
                      How do you do that ? You wrote a script or is there any setting in vB ?
                      Last edited by Suri.CMS; Wed 18 Jun '08, 12:40pm.

                      Comment


                      • Originally posted by Suri.CMS View Post
                        Sorry for my ignorance, but what is 'hidden field' ?
                        Is it a private 'User Profile Field' or something else ?
                        Can you please tell in detail.



                        How do you do that ? You wrote a script or is there any setting in vB ?
                        I coded it myself. A hidden field is a field not visible to a regular user.
                        ~~~~~

                        Comment


                        • The beauty of sockwater's system is that it's not difficult coding... we don't need a published plugin. I'm going to have a go with it and I'll publish the key pointers
                          Simple SEO

                          Comment


                          • Here's some sample code to get you going. What I do is in no way this simplistic, but it'll give you an idea. If bots start detecting hidden fields, you can make it type=text and hide it with css. The name of your field can also be a semi-random generated string-- etc, etc.

                            On the register_form_complete hook:
                            Code:
                            $vbulletin->templatecache['register'] = str_replace(
                                 '</form>', 
                                 '<input type="hidden" name="bottrap" value="" /></form>', 
                                 $vbulletin->templatecache['register']);
                            On register_addmember_process:
                            Code:
                            $bottrapset = isset($_POST['bottrap']);
                            if (!$bottrapset OR ($bottrapset AND $_POST['bottrap'] != ''))
                            {
                                  die;
                            }
                            ~~~~~

                            Comment


                            • Originally posted by creativepart View Post
                              We also search the short octet (xxx.xxx.) to see if any non spammer members would be effected by a ban of that set of IPs and if not we ban the entire short set.
                              Be careful about banning a short octet in APNIC IP space. The majority of Chinese IP blocks will fill an entire short octet, but you may find cases where xxx.xxx.[0-127].xxx is in China, and xxx.xxx.[128-255].xxx is in Australia, New Zealand, or some other country. in this case, there's no easy way to block through vBulletin; you've got to do it in .htaccess with either CIDR blocks or regular expressions.
                              Cyburbia Forums - a third place for urban planners
                              http://www.cyburbia.org/forums

                              Comment


                              • Originally posted by sockwater View Post
                                Up to now I've had all the bots register that have been mentioned in this thread. Their registrations have all been submitted with my 2 fields not set, which means it was a bot that registered (directly submitting POST data), not even a human slave at a computer.
                                Not here. For the MMORPG gold and power leveling spammers from China, they entered the word "Array" into custom defined fields. (Human SEO spammers from India and the Philippines always seem to enter something awkward into my defined "location" field, like "U,S,A", "newyork", "los angges", "i am in the texas", or something similar. The Nigerians almost always use "London" or "UK". It's never something like "Schaumburg, Illinois", "Burlington, Ontario" or "Sandton, Gauteng Province, SA"; it's the most dominant places foreigners are going to be the most familiar with.)

                                I believe that a human decodes the captcha, and they use a script to fill the profile fields.
                                Last edited by cyburbia; Wed 18 Jun '08, 4:17pm.
                                Cyburbia Forums - a third place for urban planners
                                http://www.cyburbia.org/forums

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X