Announcement

Collapse
No announcement yet.

Spam bots defeat Recaptcha.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • El Burro
    replied
    I installed ISBot this morning it's already stopped five bots registering in only a few hours!

    It certainly seems to work very well. Not sure if it's 100% proof but it's automatic and saves deleting spam.

    Worth a try if you aren't using it yet.

    http://www.vbulletin.org/forum/showt...ighlight=isbot

    Leave a comment:


  • nibb
    replied
    In the last 24 hours the 3 registered on my site:
    [email protected]
    [email protected]

    And [email protected]

    They are all from China, they did not posted anything on the forum so i just deleted them.

    I dont have recaptcha but normal captcha with email verification.

    Now the funny thing is that my forum is very new it has maybe 5 topics on it and its not even in english so they must be bots. I suppose another person with a non english forum that has Q&A setting on can confirm this? If they also get the registrations then they are bots. If they where humans i dont think they speak every language in the world.

    Leave a comment:


  • TalkPhotography
    replied
    We've had an increase in spammers this past week (3.7).
    Most resolve to a chinese IP address.

    We have most things turned on, but theyre still getting through. No big problem though, there are only a few, and theyre quite easy to spot. Here are some more to look out for

    beijmanli [email protected]
    KaiyureBoy [email protected]
    klmn939 [email protected]
    lovebeijgo [email protected]
    LRKSFAG [email protected]

    Only one of these had chance to spam.
    I noticed the others, because our first custom field (which is a real name) was being filled with the word Array.
    A quick search on that field led me to the others, and sure as eggs is eggs, theyre spammers.
    May be something to look out for?

    Leave a comment:


  • mikesz
    replied
    The last badguy you got on your list has tried to get onto my site (unsuccessfully) at least five times in the last week. The IP resolves to

    217-20-115-118.internetserviceteam.com

    FYI, I have been tracking this stuff for the last six months and have successfully block 100% of these attacks using a simple filter and IP trap that just does input verification of registration data entry and an IP lookup against a bad guy table that dynamically maintains itself from the badguys it traps.

    These robots are not very smart but they are savvy about "in the box" stuff like captchas and simple questions. They do tend to use the same IP addresses and do stupid things like populating hidden form fields.

    I was using .htaccess for some time to block the IP addresses but the list got too big and the performance on my system started to go to hell so I pulled if off and use a database lookup now with an ejection process that prevents the badguy from coming back with the same IP address.

    So far, its 100% success, though the list of IP addresses is rapidly approaching 10K (I started with a seed of known badguys of about 5000) and I have physical data ( I try to log everything in the database if I can about these freaks ) that I have collected since November that 3500 of these freaks have been blocked from my site.

    By the way, at least one group of Russian spammers have purchased large blocks of Chinese IP addresses (in Shanghai but I don't thinks that matters as the IP address are not geographically specific to there but are in China) which may be why you are seeing a lot of Chinese IP addresses. Though having said that, I have a fair number of attempts coming from Chinese .edu sites as well as real Chinese badguys. With the robots you can't really tell where they originate, however, they tend to grab IP addresses that are available and exposed.

    It is not a pretty story.

    I do have my memberlist protected now so that no one can access it, not even the site admin from any external source. If the incentive is to get to my memberlist, that's a fool's errand on my site.

    I reported here back in 3.6.8 time frame that I was getting spammed and bogus member sign ups even though I had captcha and !NOSPAM enabled but didn't get any good answers that worked. As I recall, I got disbelief like "that's not possible we have the best captcha on the planet" or just ignored. BTW, so this isn't a johnny come lately problem, it has been around some time and perhaps worse than ever. I am guessing that the vb developer who said that it was a "leapfrog" problem is 100% right on and THAT is why vB can not fix the problem. Have the "best" makes it a target for any moron hacker up for the challenge! That number grows with each release of th product and every new feature that is added it it becomes the next project for the hacker. The solution can not be "business as usual" ... The badguys have ready access to all of that technology and are adept enough to smoke any solution before it ever gets off the launch pad. Custom solutions on the other hand are a LOT more difficult to figure out and don't have the problem of exposure to the universe.


    HTH, mikesz
    Last edited by mikesz; Thu 22 May '08, 12:05am.

    Leave a comment:


  • AdrianH
    replied
    The Q+A is not working as the "Q" has not changed on my forum, I have made several test users and the "Q" remains the same for each registration , it never changes.

    Last night I increased the span time for the ISBot mod to 20 seconds and went to Image Captcha and all the bots failed to get in, the names are listed on Track Visitors and in the ISBot emails.

    --------------------------------------------


    The following user name with email address was blocked by the Is Bot mod: suilmelia - [email protected] (1 seconds transpired) The IP Address is: 86.121.173.124


    The following user name with email address was blocked by the Is Bot mod: neawdwepe - [email protected] (2 seconds transpired) The IP Address is: 217.20.115.118


    The following user name with email address was blocked by the Is Bot mod: WIEGAND-BRUSSJOSEPH - [email protected] (3 seconds transpired) The IP Address is: 203.162.2.134


    The following user name with email address was blocked by the Is Bot mod: Lundun - [email protected] (11 seconds transpired) The IP Address is: 85.91.81.188


    The following user name with email address was blocked by the Is Bot mod: zonasitesla - [email protected] (6 seconds transpired) The IP Address is: 195.248.184.115
    -----------------------------------------------------

    Failed attempts listed by Track Guest Visistor.




    22nd May 2008, 05:21 Visitor No register 218.240.13.108 Member Registration for lmno705

    22nd May 2008, 03:48 Visitor No register 222.183.128.26 Member Registration for lovebeijgo

    22nd May 2008, 02:35 Visitor No register 58.83.45.91 Member Registration for bobo69011

    22nd May 2008, 00:43 Visitor No register 218.82.5.102 Member Registration for netinfgoo

    21st May 2008, 23:20 Visitor Yes (1) register 195.248.184.115 Member Registration for zonasitesla

    21st May 2008, 21:19 Visitor No register 85.91.81.188 Member Registration for Lundun

    21st May 2008, 21:18 Visitor No register 201.43.188.135 *

    21st May 2008, 21:18 Visitor No register 203.162.2.137 *

    21st May 2008, 20:46 Visitor No register 221.201.208.138 Member Registration for lrdldu

    21st May 2008, 20:44 Visitor Yes (1) register 203.162.2.134 Member Registration for WIEGAND-BRUSSJOSEPH

    21st May 2008, 19:58 Visitor No register 217.20.115.118 Member Registration for neawdwepe

    Leave a comment:


  • Boosted Panda
    replied
    I use ImageMagick and im still getting them.

    Leave a comment:


  • Vtec44
    replied
    Originally posted by Zachery View Post
    ImageMagick was, and would have fixed the issue
    Now I know At least spammers kept my moderators busy.

    Leave a comment:


  • Chris-777
    replied
    Originally posted by 5thfoot View Post
    I have had these two as well, checked Google and looks like they have registered on at least 1,500 forums in the last 48 hours. I have email verification and Image verification active.

    beijmanli
    Email Address : [email protected]
    Birthday : January 1, 1980
    Referrer: N/A
    IP Address: 58.17.147.112


    KaiyureBoy
    Email Address : [email protected]
    Birthday : January 1, 1980
    Referrer: N/A
    IP Address: 121.234.239.204



    (and that 1,500 forums are the ones Google bothers to index on a daily basis, real number of infected forums must be vast)
    Both of these registered on my site as well.

    Throwing this one into the list for your banning pleasure:

    [email protected]
    81.199.41.228

    I would very much like to see the option of using MULTIPLE verification methods at once. Eg: Captcha + Q&A. I pay for my site out of pocket, and my site is very busy. I already pay over $250/mo into hosting. I'm not throwing another $600 up for anti-Spam. For vBulletin to include Akismet in their commercial software, Akismet should offer a reasonable rate for vB license holders. Right now Jelsoft is just giving them business for nothing, and in return they're gouging your customers.
    Last edited by Chris-777; Wed 21 May '08, 6:54pm.

    Leave a comment:


  • Zachery
    replied
    ImageMagick was, and would have fixed the issue

    Leave a comment:


  • Vtec44
    replied
    Originally posted by Zachery View Post
    Sounds like you had GD SimpleFont and not TrueType 2, which would cause the issue.
    Oops, I meant to say "We used to get like 10 spams a day even with captcha and email verification on with 3.5.2". And you're probably right since TrueType 2 wasn't an option in 3.5.2.

    Leave a comment:


  • Zachery
    replied
    Originally posted by Vtec44 View Post
    I have new user moderation on, and vBMail mod. So far, no spam ever since I upgraded to 3.7. We used to get like 10 spams a day even with captcha and email verification on.
    Sounds like you had GD SimpleFont and not TrueType 2, which would cause the issue.

    Leave a comment:


  • Vtec44
    replied
    I have new user moderation on, and vBMail mod. So far, no spam ever since I upgraded to 3.7. We used to get like 10 spams a day even with captcha and email verification on.

    Leave a comment:


  • smooth-c
    replied
    Not sure if this one has been mentioned;

    limited1 [email protected] 83.229.90.44

    can anyone confirm if this one is a spammer?

    PinBoard Blog [email protected] 92.3.224.157

    Leave a comment:


  • Andy
    replied
    Originally posted by randychase View Post
    Note that the spammers are not attacking the main site listed in my sig, but are attacking other sites of mine that are not listed.

    And FYI... I changed the Q&A to something that did not include the answer, and just got one more registration, so that is not stopping the swarm.
    You me the site where you ask "What is the abbreviaton for Printed Circuit Board?" It's not very difficult to find your sites because you have a unique handle.

    I think the spammers are targeting threads like this one and registering by human to throw us off to make us think that Q&A is not working.

    Leave a comment:


  • randychase
    replied
    Originally posted by Andy View Post
    The spammers are using vBulletin and monitor threads like this one. As long as you make it easy to locate your website like you do, a human will register just to throw you off.

    Delete all personal data on vBulletin.com and just use the Q/A system on your forum, you will find that it works.

    Note that the spammers are not attacking the main site listed in my sig, but are attacking other sites of mine that are not listed.

    And FYI... I changed the Q&A to something that did not include the answer, and just got one more registration, so that is not stopping the swarm.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X