Announcement

Collapse
No announcement yet.

Spam bots defeat Recaptcha.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • EricPSF
    replied
    Spam bots are getting much clever these days.

    (1) They can post avatar and profile pictures too!

    (2) Few of them had also break the code of "extra qn on registration". The qn is to spell out a letter from my qn. I had tested out asking for different letter on each day, they are able to spell the letter out correctly!

    I don't know whether the spam bots are attacking on just vB forums particularly.

    Leave a comment:


  • tommac
    replied
    Does anyone have a list of all china and russia IP class A or B addresses?

    I would like to block all of china and russia. As I never had anyone on my boards from there that were real users.

    Is there a place I can find all of the class A addresses that belong to russia and china?

    Leave a comment:


  • DelphiVillage
    replied
    why is everybody overlooking germans ? you all blame china or russia being responsible for the spam but have a look here and you will see the difference is not that big

    internetserviceteam.com => german
    keymachine => german

    should i continue ? 222.* ip's are anonymizing proxies that does not mean the spammer is located in the country you see when whoising that ip so all of you sould add german ip's to yor blocklist

    Leave a comment:


  • CtrlAltDel
    replied
    When they release their patch levels, they could change it each one.

    Leave a comment:


  • David Grove
    replied
    Originally posted by sarahk View Post
    Agreed, certainly the honeypot I've added could be out of the box.
    Yes, things like that certainly work (I use them), but if they are added officially to vBulletin, their effectiveness would dwindle because botmakers would cater to them.

    Leave a comment:


  • syrius
    replied
    I don't want to speak too soon, but since upgrading to 3.72(and using Recapture instead of capture), in the last couple hours, I haven't had any spam bot registrations. Of course i'm keeping my fingers crossed, but if that doesn't work I will try step 6: on http://www.vbulletin.com/forum/showthread.php?t=275800

    6) Although there is a Q&A option in the Human Verification Manager, at this time these is no way to use this in conjunction with Image Verification or reCaptcha. However there is a workaround for this. You can create a required profile field to add Q&A to the registration process. To do so, follow these instructions: Add an extra question to the registration to prevent bot registrations.

    To answer the previous question..

    "Also, once they have registered, is there a way to do a mass delete of these invalid registrations? "
    Sulli, the easiest way I've found is to prune users, sorting by date registered and selecting them for deletion that way.. good luck

    Leave a comment:


  • sarahk
    replied
    Originally posted by CtrlAltDel View Post
    I understand what I would need to do.

    Thing is I shouldnt HAVE to do it. Jelsoft's software is faulty, and since we are paying to use it and for support, they should be developing the 'honeypot'/'trap' etc.

    Instead they usually just say 'go to .org and discuss this there'.
    Agreed, certainly the honeypot I've added could be out of the box.

    As for the go to vb.org line, I've had that a few times when I've been discussing concerns relating to hooks and core vB functionality. It's a fine line between helping the development of plugins and helping to use the product and I imagine end users get tangled in that all the time.

    Leave a comment:


  • syrius
    replied
    damn bots!

    In the last week we have all of a sudden gotten spammed registrations many many times, image verification does nothing.. email verification is almost useless since I don't know who is real and who isn't. I'm going to try the question and answer, is that not working for boogie?

    Leave a comment:


  • sullivanmar
    replied
    I am getting hit on my site too. I do have a few questions I'm hoping some can help with.

    I had not previously set up moderation on new registrations. But as a result of all of this, I turned this on a few days ago. I am now getting 8-10 moderation requests a day that I'm able to do a mass delete on using the moderation page.

    However, somehow I am also still getting 6-7 actual registrations a day that seem to be bypassing the moderation step. Can someone explain how this might be possible?

    Also, once they have registered, is there a way to do a mass delete of these invalid registrations? The method I use now is to search for Users/New Registrations. But this method requires me to select each user one at a time, select delete, confirm delete, research new registrations, and start the cycle again. Is there a faster way?

    Thanks

    Leave a comment:


  • CtrlAltDel
    replied
    I understand what I would need to do.

    Thing is I shouldnt HAVE to do it. Jelsoft's software is faulty, and since we are paying to use it and for support, they should be developing the 'honeypot'/'trap' etc.

    Instead they usually just say 'go to .org and discuss this there'.

    Leave a comment:


  • sarahk
    replied
    Originally posted by CtrlAltDel View Post
    I was getting a few a day and now I get this after I made some SEO changes.
    The SEO worked - look at how easy you are to find now!

    We implemented a simple honeypot using
    • new field with regex to check it is empty
    • minor change to the registration fields template
    • css to work on that minor change and hide the div.

    I was really pleased that we could do all that without a plugin and using vB as cleanly as possible. The only criticism would be that the template change was required when it should or could have been out-of-the-box.

    so far the honeypot is working.

    Leave a comment:


  • CtrlAltDel
    replied
    I was getting a few a day and now I get this after I made some SEO changes.



    So I guess my real question is, if VBulletin is failing. Why are WE, as end users, required to alter it in a manner so that it is not abused/circumvented?

    Seems like the VB people should be trying to stay more on top of this instead of forcing forum admins to do it themselves. Since the flaw is in their software.
    Last edited by CtrlAltDel; Tue 7 Oct '08, 9:53pm.

    Leave a comment:


  • David Grove
    replied
    Originally posted by FCRhino View Post
    Where can I find that mod?
    http://www.vbulletin.org/forum/showthread.php?t=172155

    Leave a comment:


  • FCRhino
    replied
    Originally posted by skublum View Post
    I have the force read a thread mod installed....
    Where can I find that mod?

    Leave a comment:


  • member007
    replied
    another spammer I found

    spammer name: sunrxpartner
    IP: 61.17.186.147
    email: [email protected]

    I've search through google and found that on other sites as well.

    I did a reverse ip lookup and I found:
    OrgName: Asia Pacific Network Information Centre
    OrgID: APNIC
    Address: PO Box 2131
    City: Milton
    StateProv: QLD
    PostalCode: 4064
    Country: AU

    ReferralServer: whois://whois.apnic.net

    NetRange: 61.0.0.0 - 61.255.255.255
    CIDR: 61.0.0.0/8
    NetName: APNIC3
    NetHandle: NET-61-0-0-0-1
    Parent:
    NetType: Allocated to APNIC
    NameServer: NS1.APNIC.NET
    NameServer: NS3.APNIC.NET
    NameServer: NS4.APNIC.NET
    NameServer: NS-SEC.RIPE.NET
    NameServer: TINNIE.ARIN.NET
    Comment: This IP address range is not registered in the ARIN database.
    Comment: For details, refer to the APNIC Whois Database via
    Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
    Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
    Comment: for the Asia Pacific region. APNIC does not operate networks
    Comment: using this IP address range and is not able to investigate
    Comment: spam or abuse reports relating to these addresses. For more
    Comment: help, refer to http://www.apnic.net/info/faq/abuse
    Comment:
    RegDate: 1997-04-25
    Updated: 2005-05-20

    OrgTechHandle: AWC12-ARIN
    OrgTechName: APNIC Whois Contact
    OrgTechPhone: +61 7 3858 3188
    OrgTechEmail: [email protected]

    # ARIN WHOIS database, last updated 2008-08-10 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X