Announcement

Collapse
No announcement yet.

Spam bots defeat Recaptcha.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ekantnl
    replied
    I dont know if this one was already mentioned:

    ereieoty

    Email Address : [email protected]
    Birthday : January 1, 1980
    Referrer: N/A
    IP Address: 211.158.21.152

    Leave a comment:


  • Cannabis-World
    replied
    my spammers, which are mostly listed in this thread, are all inputting '1' into field3 (a custom user profile field)

    I know about the nospam mod, but does anyone know of a way to filter out the spammers by what they enter into 'field3' at registration time?

    Leave a comment:


  • Sakai Ray
    replied
    The bots defeated me so I was wondering the reason with the no spam the bots started to decrease o.o

    Leave a comment:


  • Glathannus
    replied
    I've just cleared out my IP ban list (but kept a copy of it here as a backup), and instead I'll be using a unique expression required userfield. I also executed an SQL query to pre-fill in the answer for my existing 700 members. I'll see how that goes. I'd like it to be something more specific, like a question for something that only people with a genuine interest in the community's topic matter, would actually know, but...

    I'm not yet l33t enough to come up with an expression of exclusive/alternate answers of entire words/names, some of the possible answers being in unicode too. That whole hypothetical code makes my brain hurt. I'm just going to start with a simpler expression that should be enough to hold off the Chinese, especially if they're auto-filling custom fields with "array". This should stop them dead. I'm still a little worried about nonChinese spammers, but they shouldn't be by any means an epidemic.

    Leave a comment:


  • pete2007
    replied
    Originally posted by skublum View Post
    So I kind of found it weird that I was getting so many spammers but they were not posting anything - so I just had to ban them because their profile would link to porn or what not. I started thinking and found out the reason why they are only able to register. I have the force read a thread mod installed, so that members "must" read the rules (at least click to go to tat page) the bots are unable to click the link to go to the force read board and therefore are unable to post anything. This doesn't prevent them from registering (which I don't mind this forum is an education forum and will help me get into college and a higher member count doesn't look bad) but it does prevent them from doing any real damage to your forum.
    Hi Skublum,

    Where can I install this "force read a thread mod installed" module?

    Thanks in advance!

    Leave a comment:


  • Christophe_O
    replied
    Originally posted by skublum View Post
    ...I have the force read a thread mod installed, so that members "must" read the rules (at least click to go to tat page) the bots are unable to click the link to go to the force read board and therefore are unable to post anything...
    Good idea. This may be better than my idea to 'quarantine' spamborgs to an invisible subforum.

    SOCKWATER has evidence these are mainly robots. However it seems to me, they are simply assisted by humans who read the Image Verification. These humans do not show any sign of even understanding the English messages that they post.

    Therefore, perhaps it is not even necessary to install a PHP hack. Perhaps the spamborgs can be defeated with a simple template modification. I.e., just change the ID and text of a form field for posting, or something. So long as each forum did this slightly differently, this might put an end to the spamborg phenomena. This might be standardized to work automatically with every Vbulletin as follows.
    • Enable each Vbulletin owner to change the ID of the SUBMIT REPLY button, and instead of text for the button VALUE, use an image with a customized file name. (Perhaps also an invisible SUBMIT REPLY button that either does nothing, or that automatically bans the user. Along with a message that the ban can be lifted by sending a PM request.)
    • Or a simple image verification required for each New Post.
    • Or after using the SUBMIT REPLY button, a simple verification page appears with customized values.


    Also likely to help: adding a simple question to the Image Verification at registration, as in the following hack:
    Originally posted by K4L
    If you are using vb3.7+ trying using NoSpam! for 3.7+
    http://www.vbulletin.org/forum/showt...55#post1548655
    Last edited by Christophe_O; Thu 26 Jun '08, 9:34am.

    Leave a comment:


  • skublum
    replied
    So I kind of found it weird that I was getting so many spammers but they were not posting anything - so I just had to ban them because their profile would link to porn or what not. I started thinking and found out the reason why they are only able to register. I have the force read a thread mod installed, so that members "must" read the rules (at least click to go to tat page) the bots are unable to click the link to go to the force read board and therefore are unable to post anything. This doesn't prevent them from registering (which I don't mind this forum is an education forum and will help me get into college and a higher member count doesn't look bad) but it does prevent them from doing any real damage to your forum.

    Leave a comment:


  • David Grove
    replied
    Originally posted by cyburbia View Post
    With the Chinese spamborgs, they land right on register.php?do=signup, with no referrer.
    They are bots or automated scripts that are somehow bypassing/solving the captcha. This is provable if you add some extra hidden form fields to the registration form, they will not be set by the bot meaning they are directly submitting POST data and not submitting from the registration page.

    Leave a comment:


  • cyburbia
    replied
    Something I've discovered from looking at the logs: the Indian and Philippine spammers will usually visit a few pages before they head to register.php. There may be a referrer from a Google search for a certain subject. With the Chinese spamborgs, they land right on register.php?do=signup, with no referrer.

    I still don't believe captcha or recaptcha was defeated. Having thousands of registrations may seem bot-like, but given a list of thousands of vBulletin-based oboards, it should be something a human can do in a few days.
    Last edited by cyburbia; Fri 20 Jun '08, 3:02pm.

    Leave a comment:


  • Christophe_O
    replied
    suggestion: pay extra attention to new members who do NOT post messages.

    Thank you SARAH and SOCKWATER for any <form> tips. My HTML is good except that my <form> skills are nil. I am eager to experiment.

    I also have a few suggestions to add to a previous strategy. It has been suggested by others to confine members with less than 1 post to a "New Member" forum.
    • Perhaps the New Member forum should only allow New Threads, no replies. Spamborgs do not seem to be configured for New Threads.
    • On the registration acceptance page, show active links that make it easy to start the New Thread, and encourage legitimate members clearly such as: "Just say Hi and your favorite sport, hobby, or TV show."
    • Once a week, review all new memberships with 0 posts. These may be spamborgs. You may want to ban them. Or quarantine them with an 'upgrade' to an obscure membership level that only allows posting in the New Member forum.
    • Spamborgs are not active immediately. The puppet master is building fake registrations. He returns days or weeks later to spam. Thus, any member who does NOT post a new message quickly is more likely a spamborg.
    • I.e., this changes the emphasis to be more efficient for large forums. Moderators may not need to scrutinize New Member messages. Instead, just bundle away those new members who do not post anything.

    (Note: I deleted a previous version of this message because it was over-complicated.)
    Last edited by Christophe_O; Thu 19 Jun '08, 3:08pm.

    Leave a comment:


  • cyburbia
    replied
    Originally posted by sockwater View Post
    Up to now I've had all the bots register that have been mentioned in this thread. Their registrations have all been submitted with my 2 fields not set, which means it was a bot that registered (directly submitting POST data), not even a human slave at a computer.
    Not here. For the MMORPG gold and power leveling spammers from China, they entered the word "Array" into custom defined fields. (Human SEO spammers from India and the Philippines always seem to enter something awkward into my defined "location" field, like "U,S,A", "newyork", "los angges", "i am in the texas", or something similar. The Nigerians almost always use "London" or "UK". It's never something like "Schaumburg, Illinois", "Burlington, Ontario" or "Sandton, Gauteng Province, SA"; it's the most dominant places foreigners are going to be the most familiar with.)

    I believe that a human decodes the captcha, and they use a script to fill the profile fields.
    Last edited by cyburbia; Wed 18 Jun '08, 4:17pm.

    Leave a comment:


  • cyburbia
    replied
    Originally posted by creativepart View Post
    We also search the short octet (xxx.xxx.) to see if any non spammer members would be effected by a ban of that set of IPs and if not we ban the entire short set.
    Be careful about banning a short octet in APNIC IP space. The majority of Chinese IP blocks will fill an entire short octet, but you may find cases where xxx.xxx.[0-127].xxx is in China, and xxx.xxx.[128-255].xxx is in Australia, New Zealand, or some other country. in this case, there's no easy way to block through vBulletin; you've got to do it in .htaccess with either CIDR blocks or regular expressions.

    Leave a comment:


  • David Grove
    replied
    Here's some sample code to get you going. What I do is in no way this simplistic, but it'll give you an idea. If bots start detecting hidden fields, you can make it type=text and hide it with css. The name of your field can also be a semi-random generated string-- etc, etc.

    On the register_form_complete hook:
    Code:
    $vbulletin->templatecache['register'] = str_replace(
         '</form>', 
         '<input type="hidden" name="bottrap" value="" /></form>', 
         $vbulletin->templatecache['register']);
    On register_addmember_process:
    Code:
    $bottrapset = isset($_POST['bottrap']);
    if (!$bottrapset OR ($bottrapset AND $_POST['bottrap'] != ''))
    {
          die;
    }

    Leave a comment:


  • sarahk
    replied
    The beauty of sockwater's system is that it's not difficult coding... we don't need a published plugin. I'm going to have a go with it and I'll publish the key pointers

    Leave a comment:


  • David Grove
    replied
    Originally posted by Suri.CMS View Post
    Sorry for my ignorance, but what is 'hidden field' ?
    Is it a private 'User Profile Field' or something else ?
    Can you please tell in detail.



    How do you do that ? You wrote a script or is there any setting in vB ?
    I coded it myself. A hidden field is a field not visible to a regular user.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X