Announcement

Collapse
No announcement yet.

Spam bots defeat Recaptcha.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by Zachery View Post
    Sounds like you had GD SimpleFont and not TrueType 2, which would cause the issue.
    Oops, I meant to say "We used to get like 10 spams a day even with captcha and email verification on with 3.5.2". And you're probably right since TrueType 2 wasn't an option in 3.5.2.
    So Cal Sportbike forum - So Cal Moto - Kawasaki Ninja 250R Forum - Custom vinyl decals - Southern California camping forum

    Comment


    • #32
      ImageMagick was, and would have fixed the issue

      Comment


      • #33
        Originally posted by 5thfoot View Post
        I have had these two as well, checked Google and looks like they have registered on at least 1,500 forums in the last 48 hours. I have email verification and Image verification active.

        beijmanli
        Email Address : [email protected]
        Birthday : January 1, 1980
        Referrer: N/A
        IP Address: 58.17.147.112


        KaiyureBoy
        Email Address : [email protected]
        Birthday : January 1, 1980
        Referrer: N/A
        IP Address: 121.234.239.204



        (and that 1,500 forums are the ones Google bothers to index on a daily basis, real number of infected forums must be vast)
        Both of these registered on my site as well.

        Throwing this one into the list for your banning pleasure:

        [email protected]
        81.199.41.228

        I would very much like to see the option of using MULTIPLE verification methods at once. Eg: Captcha + Q&A. I pay for my site out of pocket, and my site is very busy. I already pay over $250/mo into hosting. I'm not throwing another $600 up for anti-Spam. For vBulletin to include Akismet in their commercial software, Akismet should offer a reasonable rate for vB license holders. Right now Jelsoft is just giving them business for nothing, and in return they're gouging your customers.
        Last edited by Chris-777; Wed 21 May '08, 6:54pm.
        http://www.metalmusicians.org

        Comment


        • #34
          Originally posted by Zachery View Post
          ImageMagick was, and would have fixed the issue
          Now I know At least spammers kept my moderators busy.
          So Cal Sportbike forum - So Cal Moto - Kawasaki Ninja 250R Forum - Custom vinyl decals - Southern California camping forum

          Comment


          • #35
            I use ImageMagick and im still getting them.

            Comment


            • #36
              The Q+A is not working as the "Q" has not changed on my forum, I have made several test users and the "Q" remains the same for each registration , it never changes.

              Last night I increased the span time for the ISBot mod to 20 seconds and went to Image Captcha and all the bots failed to get in, the names are listed on Track Visitors and in the ISBot emails.

              --------------------------------------------


              The following user name with email address was blocked by the Is Bot mod: suilmelia - [email protected] (1 seconds transpired) The IP Address is: 86.121.173.124


              The following user name with email address was blocked by the Is Bot mod: neawdwepe - [email protected] (2 seconds transpired) The IP Address is: 217.20.115.118


              The following user name with email address was blocked by the Is Bot mod: WIEGAND-BRUSSJOSEPH - [email protected] (3 seconds transpired) The IP Address is: 203.162.2.134


              The following user name with email address was blocked by the Is Bot mod: Lundun - [email protected] (11 seconds transpired) The IP Address is: 85.91.81.188


              The following user name with email address was blocked by the Is Bot mod: zonasitesla - [email protected] (6 seconds transpired) The IP Address is: 195.248.184.115
              -----------------------------------------------------

              Failed attempts listed by Track Guest Visistor.




              22nd May 2008, 05:21 Visitor No register 218.240.13.108 Member Registration for lmno705

              22nd May 2008, 03:48 Visitor No register 222.183.128.26 Member Registration for lovebeijgo

              22nd May 2008, 02:35 Visitor No register 58.83.45.91 Member Registration for bobo69011

              22nd May 2008, 00:43 Visitor No register 218.82.5.102 Member Registration for netinfgoo

              21st May 2008, 23:20 Visitor Yes (1) register 195.248.184.115 Member Registration for zonasitesla

              21st May 2008, 21:19 Visitor No register 85.91.81.188 Member Registration for Lundun

              21st May 2008, 21:18 Visitor No register 201.43.188.135 *

              21st May 2008, 21:18 Visitor No register 203.162.2.137 *

              21st May 2008, 20:46 Visitor No register 221.201.208.138 Member Registration for lrdldu

              21st May 2008, 20:44 Visitor Yes (1) register 203.162.2.134 Member Registration for WIEGAND-BRUSSJOSEPH

              21st May 2008, 19:58 Visitor No register 217.20.115.118 Member Registration for neawdwepe

              Comment


              • #37
                The last badguy you got on your list has tried to get onto my site (unsuccessfully) at least five times in the last week. The IP resolves to

                217-20-115-118.internetserviceteam.com

                FYI, I have been tracking this stuff for the last six months and have successfully block 100% of these attacks using a simple filter and IP trap that just does input verification of registration data entry and an IP lookup against a bad guy table that dynamically maintains itself from the badguys it traps.

                These robots are not very smart but they are savvy about "in the box" stuff like captchas and simple questions. They do tend to use the same IP addresses and do stupid things like populating hidden form fields.

                I was using .htaccess for some time to block the IP addresses but the list got too big and the performance on my system started to go to hell so I pulled if off and use a database lookup now with an ejection process that prevents the badguy from coming back with the same IP address.

                So far, its 100% success, though the list of IP addresses is rapidly approaching 10K (I started with a seed of known badguys of about 5000) and I have physical data ( I try to log everything in the database if I can about these freaks ) that I have collected since November that 3500 of these freaks have been blocked from my site.

                By the way, at least one group of Russian spammers have purchased large blocks of Chinese IP addresses (in Shanghai but I don't thinks that matters as the IP address are not geographically specific to there but are in China) which may be why you are seeing a lot of Chinese IP addresses. Though having said that, I have a fair number of attempts coming from Chinese .edu sites as well as real Chinese badguys. With the robots you can't really tell where they originate, however, they tend to grab IP addresses that are available and exposed.

                It is not a pretty story.

                I do have my memberlist protected now so that no one can access it, not even the site admin from any external source. If the incentive is to get to my memberlist, that's a fool's errand on my site.

                I reported here back in 3.6.8 time frame that I was getting spammed and bogus member sign ups even though I had captcha and !NOSPAM enabled but didn't get any good answers that worked. As I recall, I got disbelief like "that's not possible we have the best captcha on the planet" or just ignored. BTW, so this isn't a johnny come lately problem, it has been around some time and perhaps worse than ever. I am guessing that the vb developer who said that it was a "leapfrog" problem is 100% right on and THAT is why vB can not fix the problem. Have the "best" makes it a target for any moron hacker up for the challenge! That number grows with each release of th product and every new feature that is added it it becomes the next project for the hacker. The solution can not be "business as usual" ... The badguys have ready access to all of that technology and are adept enough to smoke any solution before it ever gets off the launch pad. Custom solutions on the other hand are a LOT more difficult to figure out and don't have the problem of exposure to the universe.


                HTH, mikesz
                Last edited by mikesz; Thu 22 May '08, 12:05am.

                Comment


                • #38
                  We've had an increase in spammers this past week (3.7).
                  Most resolve to a chinese IP address.

                  We have most things turned on, but theyre still getting through. No big problem though, there are only a few, and theyre quite easy to spot. Here are some more to look out for

                  beijmanli [email protected]
                  KaiyureBoy [email protected]
                  klmn939 [email protected]
                  lovebeijgo [email protected]
                  LRKSFAG [email protected]

                  Only one of these had chance to spam.
                  I noticed the others, because our first custom field (which is a real name) was being filled with the word Array.
                  A quick search on that field led me to the others, and sure as eggs is eggs, theyre spammers.
                  May be something to look out for?

                  Comment


                  • #39
                    In the last 24 hours the 3 registered on my site:
                    [email protected]
                    [email protected]

                    And [email protected]

                    They are all from China, they did not posted anything on the forum so i just deleted them.

                    I dont have recaptcha but normal captcha with email verification.

                    Now the funny thing is that my forum is very new it has maybe 5 topics on it and its not even in english so they must be bots. I suppose another person with a non english forum that has Q&A setting on can confirm this? If they also get the registrations then they are bots. If they where humans i dont think they speak every language in the world.

                    Comment


                    • #40
                      I installed ISBot this morning it's already stopped five bots registering in only a few hours!

                      It certainly seems to work very well. Not sure if it's 100% proof but it's automatic and saves deleting spam.

                      Worth a try if you aren't using it yet.

                      http://www.vbulletin.org/forum/showt...ighlight=isbot

                      Comment


                      • #41
                        ^ That's working on 3.7?
                        http://www.metalmusicians.org

                        Comment


                        • #42
                          Seems to work on 3.7, though I'd imagine if a lot of people used it the bots would put a time delay in.

                          I've blocked China in htaccess. That seems to do the trick.

                          Comment


                          • #43
                            Originally posted by nibb View Post
                            I suppose another person with a non english forum that has Q&A setting on can confirm this?
                            Same here. [email protected] passed the Q&A on one of my Dutch forums.
                            "The lurking suspicion that something could be simplified is the world's richest source of rewarding challenges"
                            - Edsger Dijkstra

                            Comment


                            • #44
                              I have these beji members successfully registering too. I also have a track visitors mod on my 3.7 forum and it shows new registrations, but they don't show up in the members list, and vBulletin says the username was not recognized, so ReCaptcha is doing its job for the most part except for these Chinese people...

                              Comment


                              • #45
                                I would like to block all Chinese IP's how would I do that? This spam is rediculous, and more than that I hate WOW and all these spammers are those Chinese Farmers I always hear people at work babbling about.

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X