I installed ISBot this morning it's already stopped five bots registering in only a few hours!

It certainly seems to work very well. Not sure if it's 100% proof but it's automatic and saves deleting spam.

Worth a try if you aren't using it yet.

In the last 24 hours the 3 registered on my site:
[email protected]
[email protected]

And [email protected]

They are all from China, they did not posted anything on the forum so i just deleted them.

I dont have recaptcha but normal captcha with email verification.

Now the funny thing is that my forum is very new it has maybe 5 topics on it and its not even in english so they must be bots. I suppose another person with a non english forum that has Q&A setting on can confirm this? If they also get the registrations then they are bots. If they where humans i dont think they speak every language in the world.

We've had an increase in spammers this past week (3.7).
Most resolve to a chinese IP address.

We have most things turned on, but theyre still getting through. No big problem though, there are only a few, and theyre quite easy to spot. Here are some more to look out for

beijmanli [email protected]
KaiyureBoy [email protected]
klmn939 [email protected]
lovebeijgo [email protected]
LRKSFAG [email protected]

Only one of these had chance to spam.
I noticed the others, because our first custom field (which is a real name) was being filled with the word Array.
A quick search on that field led me to the others, and sure as eggs is eggs, theyre spammers.
May be something to look out for?

The last badguy you got on your list has tried to get onto my site (unsuccessfully) at least five times in the last week. The IP resolves to

217-20-115-118.internetserviceteam.com

FYI, I have been tracking this stuff for the last six months and have successfully block 100% of these attacks using a simple filter and IP trap that just does input verification of registration data entry and an IP lookup against a bad guy table that dynamically maintains itself from the badguys it traps.

These robots are not very smart but they are savvy about "in the box" stuff like captchas and simple questions. They do tend to use the same IP addresses and do stupid things like populating hidden form fields.

I was using .htaccess for some time to block the IP addresses but the list got too big and the performance on my system started to go to hell so I pulled if off and use a database lookup now with an ejection process that prevents the badguy from coming back with the same IP address.

So far, its 100% success, though the list of IP addresses is rapidly approaching 10K (I started with a seed of known badguys of about 5000) and I have physical data ( I try to log everything in the database if I can about these freaks ) that I have collected since November that 3500 of these freaks have been blocked from my site.

By the way, at least one group of Russian spammers have purchased large blocks of Chinese IP addresses (in Shanghai but I don't thinks that matters as the IP address are not geographically specific to there but are in China) which may be why you are seeing a lot of Chinese IP addresses. Though having said that, I have a fair number of attempts coming from Chinese .edu sites as well as real Chinese badguys. With the robots you can't really tell where they originate, however, they tend to grab IP addresses that are available and exposed.

It is not a pretty story.

I do have my memberlist protected now so that no one can access it, not even the site admin from any external source. If the incentive is to get to my memberlist, that's a fool's errand on my site.

I reported here back in 3.6.8 time frame that I was getting spammed and bogus member sign ups even though I had captcha and !NOSPAM enabled but didn't get any good answers that worked. As I recall, I got disbelief like "that's not possible we have the best captcha on the planet" or just ignored. BTW, so this isn't a johnny come lately problem, it has been around some time and perhaps worse than ever. I am guessing that the vb developer who said that it was a "leapfrog" problem is 100% right on and THAT is why vB can not fix the problem. Have the "best" makes it a target for any moron hacker up for the challenge! That number grows with each release of th product and every new feature that is added it it becomes the next project for the hacker. The solution can not be "business as usual" ... The badguys have ready access to all of that technology and are adept enough to smoke any solution before it ever gets off the launch pad. Custom solutions on the other hand are a LOT more difficult to figure out and don't have the problem of exposure to the universe.


HTH, mikesz

The Q+A is not working as the "Q" has not changed on my forum, I have made several test users and the "Q" remains the same for each registration , it never changes.

Last night I increased the span time for the ISBot mod to 20 seconds and went to Image Captcha and all the bots failed to get in, the names are listed on Track Visitors and in the ISBot emails.

--------------------------------------------


The following user name with email address was blocked by the Is Bot mod: suilmelia - [email protected] (1 seconds transpired) The IP Address is: 86.121.173.124


The following user name with email address was blocked by the Is Bot mod: neawdwepe - [email protected] (2 seconds transpired) The IP Address is: 217.20.115.118


The following user name with email address was blocked by the Is Bot mod: WIEGAND-BRUSSJOSEPH - [email protected] (3 seconds transpired) The IP Address is: 203.162.2.134


The following user name with email address was blocked by the Is Bot mod: Lundun - [email protected] (11 seconds transpired) The IP Address is: 85.91.81.188


The following user name with email address was blocked by the Is Bot mod: zonasitesla - [email protected] (6 seconds transpired) The IP Address is: 195.248.184.115
-----------------------------------------------------

Failed attempts listed by Track Guest Visistor.




22nd May 2008, 05:21 Visitor No register 218.240.13.108 Member Registration for lmno705

22nd May 2008, 03:48 Visitor No register 222.183.128.26 Member Registration for lovebeijgo

22nd May 2008, 02:35 Visitor No register 58.83.45.91 Member Registration for bobo69011

22nd May 2008, 00:43 Visitor No register 218.82.5.102 Member Registration for netinfgoo

21st May 2008, 23:20 Visitor Yes (1) register 195.248.184.115 Member Registration for zonasitesla

21st May 2008, 21:19 Visitor No register 85.91.81.188 Member Registration for Lundun

21st May 2008, 21:18 Visitor No register 201.43.188.135 *

21st May 2008, 21:18 Visitor No register 203.162.2.137 *

21st May 2008, 20:46 Visitor No register 221.201.208.138 Member Registration for lrdldu

21st May 2008, 20:44 Visitor Yes (1) register 203.162.2.134 Member Registration for WIEGAND-BRUSSJOSEPH

21st May 2008, 19:58 Visitor No register 217.20.115.118 Member Registration for neawdwepe

I use ImageMagick and im still getting them.

Now I know At least spammers kept my moderators busy.

Both of these registered on my site as well.

Throwing this one into the list for your banning pleasure:

[email protected]
81.199.41.228

I would very much like to see the option of using MULTIPLE verification methods at once. Eg: Captcha + Q&A. I pay for my site out of pocket, and my site is very busy. I already pay over $250/mo into hosting. I'm not throwing another $600 up for anti-Spam. For vBulletin to include Akismet in their commercial software, Akismet should offer a reasonable rate for vB license holders. Right now Jelsoft is just giving them business for nothing, and in return they're gouging your customers.

ImageMagick was, and would have fixed the issue

Oops, I meant to say "We used to get like 10 spams a day even with captcha and email verification on with 3.5.2". And you're probably right since TrueType 2 wasn't an option in 3.5.2.

Sounds like you had GD SimpleFont and not TrueType 2, which would cause the issue.

I have new user moderation on, and vBMail mod. So far, no spam ever since I upgraded to 3.7. We used to get like 10 spams a day even with captcha and email verification on.

Not sure if this one has been mentioned;

limited1 [email protected] 83.229.90.44

can anyone confirm if this one is a spammer?

PinBoard Blog [email protected] 92.3.224.157

You me the site where you ask "What is the abbreviaton for Printed Circuit Board?" It's not very difficult to find your sites because you have a unique handle.

I think the spammers are targeting threads like this one and registering by human to throw us off to make us think that Q&A is not working.

Note that the spammers are not attacking the main site listed in my sig, but are attacking other sites of mine that are not listed.

And FYI... I changed the Q&A to something that did not include the answer, and just got one more registration, so that is not stopping the swarm.