Announcement

Collapse
No announcement yet.

Spam bots defeat Recaptcha.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • haddockman
    replied
    Does anyone have a list of Chinese Ips that can be banned?

    Leave a comment:


  • Eagle Creek
    replied
    I got a lot of gmail spammers also.. I never had those guys and now they seem to pup up every day.

    I use a system of Captcha and questions like 1+1=, they still manage to get through.
    And like I've said: mostly gmail, since they beat gmail and hotmail it's amazing how many accounts are being abused.

    Leave a comment:


  • mikesz
    replied
    I still get a LOT of badguys using yahoo.com so its not just a gmail issue but then again I get a lot of .ru, .qawab, .info and sina. Beijboy uses sina email addresses as frequently as he does he does gmail, fyi. Many of the post in this thread act like the whole concept of "Asian Market" doesn't exist any maybe it doesn't if your are running a custom home entertainment site in St Joseph, MO but the reality is quite different. I have multiple sites that target the Asian Market so banning blocks of Asian IP address, Chinese or otherwise is not really an option. I still think that a dedicated effort by Jelsoft to find out how this particular group of badguys seem to be able to completely bypass the human verification process that doesn't see to work or is simply being hijacked by their robot code.

    regards, mikesz
    Last edited by mikesz; Mon 9 Jun '08, 1:29am.

    Leave a comment:


  • setishock
    replied
    Tcrubuyggo
    [email protected]
    222.183.121.125
    China
    Jan 1, 1980

    Leave a comment:


  • Profaders
    replied
    Thanks Wayne.

    And that's why Gmail will remained blacklisted on our site, and every other site I operate.

    Life was so much better with Compuserve in the early days - if not a tad expensive!

    Leave a comment:


  • Wayne Luke
    replied
    Originally posted by Profaders View Post
    Google have still not addressed their security issues and spammers are getting hold of email accounts far too easily. Gmail has been banned on all my other sites.
    Free email is free email. I doubt Google does any checking on signups on their system or the emails that are sent out until someone complains about a particular account. Just not enough man-power in the world for that kind of moderation.

    I have a GMail account and it gets about 1000 spam emails a day from Chinese accounts. One of the reasons I don't like the service.

    Leave a comment:


  • Profaders
    replied
    Beijboy/girl et al

    We've had the same as described in this thread.

    Running 3.6.8. with True Type font etc etc etc... I did raise the point in another thread a while back that spammers are getting around True Type Font Captcha in Vb.

    I delete the spammer just as soon as it appears, often within a few hours (our email notifications are often date stamped around 3am UK time).
    Again, we just keep blacklisting the ISP (and its wildcard string).

    We've had the whole range of Beijboy from 1-5 and other such like. Clearly, using the username vbulletingirl/boy he appears to like vb forums - we've had those too. Thankfully, the spammer only managed to post on one occasion - they seem to like placing advertising links spread across the forum. Ours was for some pc game. I am of the belief this is a wannabe spammer - probably contracted by some US spammer.

    Yes, there is a pattern: the birthday remains the same (01 Jan 1980) as does the time zone: hong kong, singapore etc. In my experience the spambot registers, and then comes back a couple of days later to post the links.

    I think the following link is the real Beijboy from a couple of years back, username: Beijboy - a student! Are we surprised? Perhaps someone could reply to him to be his friend!

    http://www.cityweekend.com.cn/beijin...y/#comment_460

    The outcome of this is that Gmail along with the most frequently used ISPs have been blacklisted. Unfortunate, as we too see some user-traffic from China. But we can do without this. I simply put a notice below the email entry in the registration form (confirm email string) that users wishing to register using a gmail address should contact us first. A hassle, but much better than spam littering your forum.

    On some other non-forum websites I operate, I am also seeing an increase in gmail spam. It's coming from China, Vietnam and South Korea. Google have still not addressed their security issues and spammers are getting hold of email accounts far too easily. Gmail has been banned on all my other sites.

    Leave a comment:


  • Glathannus
    replied
    Here is my own personal blacklist so far (could be a lot more if I hadn't recently set up some ISP blockings):

    Username: lola1234
    Email: [email protected]
    IP: 82.128.8.78
    Join Date: January 10th, 2008
    Birthday: Unspecified
    Timezone: (GMT -8:00) Pacific Time (US & Canada)
    Receive Admin Emails: Yes

    Username: eaterrell37204
    Email: [email protected]
    IP: 89.111.164.162
    Join Date: March 27th, 2008
    Birthday: April 18th, 1973
    Timezone: (GMT) Western Europe Time, London, Lisbon, Casablanca
    Receive Admin Emails: No

    Username: michael001
    Email: [email protected]
    IP: 72.3.137.82
    Join Date: April 16th, 2008
    Birthday: Unspecified
    Receive Admin Emails: Yes

    Username: banthony551
    Email: [email protected]
    IP: 195.209.36.65
    Join Date: April 20th, 2008
    Birthday: April 18th, 1973
    Timezone: (GMT) Western Europe Time, London, Lisbon, Casablanca
    Receive Admin Emails: No

    Username: Jessie
    Email: [email protected]
    IP: 128.241.105.0
    Join Date: May 2nd, 2008
    Birthday: Unspecified
    Timezone: (GMT -8:00) Pacific Time (US & Canada)
    Receive Admin Emails: No
    Notes: Spammed across PMs about a Buddhism portal site

    Username: kwhurley160
    Email: [email protected]
    IP: 89.111.165.167
    Join Date: May 5th, 2008
    Birthday: April 18th, 1973
    Timezone: (GMT) Western Europe Time, London, Lisbon, Casablanca
    Receive Admin Emails: No

    Username: KaiyureBoy
    Email: [email protected]
    IP: 121.234.237.74
    Join Date: May 17th, 2008
    Birthday: January 1, 1980
    Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
    Receive Admin Emails: No

    Username: beijmanli
    Email: [email protected]
    IP: 58.17.147.112
    Join Date: May 20th, 2008
    Birthday: January 1, 1980
    Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
    Receive Admin Emails: No

    Username: klmn857
    Email: [email protected]
    IP: 59.173.226.84
    Join Date: May 20th, 2008
    Birthday: January 1, 1980
    Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
    Receive Admin Emails: No

    Username: lovebeijgo
    Email: [email protected]
    IP: 222.183.122.18
    Join Date: May 20th, 2008
    Birthday: January 1, 1980
    Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
    Receive Admin Emails: No

    Username: dreamath
    Email: duadmi[email protected]
    IP: 116.234.10.169
    Join Date: May 20th, 2008
    Birthday: January 1, 1980
    Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
    Receive Admin Emails: No

    Username: goleveling
    Email: [email protected]
    IP: 61.191.23.238
    Join Date: May 21st, 2008
    Birthday: January 1, 1980
    Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
    Receive Admin Emails: No

    Username: 080522jk
    Email: [email protected]
    IP: 218.240.13.108
    Join Date: May 23, 2008
    Birthday: January 1, 1980
    Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
    Receive Admin Emails: No

    Username: kevin7901
    Email: [email protected]
    IP: 58.37.254.100
    Join Date: May 25th, 2008
    Birthday: January 1, 1980
    Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
    Receive Admin Emails: No

    Username: lrdldu
    Email: [email protected]
    IP: 221.201.98.74
    Join Date: May 25th, 2008
    Birthday: January 1, 1980
    Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
    Receive Admin Emails: No

    Username: joshnjob
    Email: [email protected]
    IP: 122.194.25.131
    Join Date: May 25th, 2008
    Birthday: January 1, 1980
    Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
    Receive Admin Emails: No

    Username: loveumaryii
    Email: [email protected]
    IP: 222.183.121.201
    Join Date: May 26th, 2008
    Birthday: January 1, 1980
    Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
    Receive Admin Emails: No

    Username: Isabella219
    Email: [email protected]
    IP: 222.92.140.249
    Join Date: May 26th, 2008
    Birthday: Unspecified
    Timezone: (GMT -8:00) Pacific Time (US & Canada)
    Receive Admin Emails: Yes
    Notes: They used the Contact Administrator form, after they were banned. It was an admittance that what they would post if I unbanned them now, would have the same problem as before - "free iPods" are not what my community is about.

    Username: KevinFlys
    Email: [email protected]
    IP: 220.178.42.42
    Join Date: May 30th, 2008
    Birthday: January 1, 1980
    Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
    Receive Admin Emails: No

    Username: ultimatewarrior8888
    Email: [email protected]
    IP: 220.249.163.229
    Join Date: June 2nd, 2008
    Birthday: January 1, 1980
    Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
    Receive Admin Emails: No

    Username: usagirl19735
    Email: [email protected]
    IP: 61.174.135.63
    Join Date: June 2nd, 2008
    Birthday: January 1, 1980
    Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
    Receive Admin Emails: No

    Username: weiwei
    Email: [email protected]
    IP: 221.221.173.160
    Join Date: June 2nd, 2008
    Birthday: January 1, 1980
    Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
    Receive Admin Emails: No

    Username: KaiyureGirl
    Email: [email protected]
    IP: 117.95.220.225
    Join Date: June 7, 2008
    Birthday: January 1, 1980
    Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
    Receive Admin Emails: No
    Notes: Registered while I was in the middle of previewing this post.

    Username: gprunescaper2
    Email: [email protected]
    IP: 218.106.154.107
    Join Date: June 15, 2008
    Birthday: January 1, 1980
    Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
    Receive Admin Emails: No

    Some Chinese/Russian spammers are going to slip through the cracks I've left open, because I've limited some of the ISP blocking for a few of my legitimate users, and a minority of the spammers may fall within that range.
    Last edited by Glathannus; Sun 15 Jun '08, 2:16pm.

    Leave a comment:


  • ESPALPSP
    replied
    KaiyureGirl
    [email protected]
    222.187.239.10

    New bot

    Leave a comment:


  • Glathannus
    replied
    95% of the spammer usernames/emails that people here have mentioned so far, I too have come across. I noticed in late May that the birth date was the most common factor, but I have a feeling that the more we talk about it, or the sooner we come up with an automated solution based on the birth date...

    the sooner the spambots will either stop using that birthdate, or start using random birth dates. We should assume the worst - that we can't count on this birth date red flag, for forever.

    Nearly every time a new spambot (or a revisit of an old spambot) appears on my site, I've manually ISP blocked it, which involves a WHOIS to find the complete IP range.

    I have to be very careful when I do this, because although my site is English language, it attracts legitimate users from all over the world - including a few from China. So every time I ISP block another Chinese range, I always check it against the very few legitimate Chinese members my site already has. This tactic will eventually stop another legitimate Chinese user from joining my site, but the spam is so out-of-hand right now, that I'm considering this to be a small price to pay. I don't feel comfortable with ISP blocking as a longterm solution though.

    I'm probably going to introduce a subforum for New Member Introductions. When you confirm your email address for registration, you're shifted into a phase-one custom usergroup that can only post, in the manner of starting new thread(s) in New Member Introductions. Until you've done this, you can't start threads in any other subforums, or reply to any threads other than your own. After that, if you have at least one post, eventually you get auto-promoted, and can post/reply in any subforum. However, that promotion could come real quick, so to make sure it's always at least an hour, you introduce another intermediary custom usergroup, whose sole purpose is to exist one hour before the promotions CRON triggers again.

    Once a spammer starts posting, they'll do it in waves. They aren't going to sit around and wait 1-2 hours until they can post in other subforums, and that's if they're not banned by then. What I like about the New Member Introductions idea, is that all of the spam will originate in one place, and you can safely appoint a legion of moderators solely for that board, with custom permissions so they can only move posts, and you have a trash/spam subforum that's not public, as evidence for a higher-up staff member to eventually issue a banning.

    I can understand why some vB owners here would want to block their Member Lists, because a little-talked-about problem right now, is spam across Private Messages. Though I don't know how much good it does to block the Member List, because a smart spambot could build its own index of usernames, by brute forcing all of the User ID numbers. I'm thinking of reserving the Private Messaging privilege for users who have already posted at least 10 times, and same with being able to view the Member List or any individual User Profile. That ought to solve some problems.

    Now, I'm not deeply knowledgeable about the repercussions with robots.txt, so for anyone who is more familiar with how it works, will spambots being able to access robots.txt, in any way foil any of my ideas here?

    Leave a comment:


  • EcoForumZ
    replied
    Originally posted by ryansmith View Post
    This is not a vB 3.7.x issue. I am running vB 3.6.10 and I've banned every username mentioned in this thread so far.

    I just ran through my members list and deleted every suspicious username with a birthdate of Jan 1, 1980 and also did a quick scan of gmail.com, 21cn.com, and sina.com email addresses. I deleted about 30 members, all with 0 posts, who were either "User Awaiting Email Confirmation" or were approved but hadn't posted yet.

    I've installed Prevent Spam and I've set it to flag any post that contains a URL. I also have new member moderation turned on so that I have to approve each new registration manually.

    Between these two options I hope to stop a lot of this nonsense. This has only become a problem in the last week or two.
    I had all kinds of spammers then I configured "Akismet" in admincp and it has captured all spammers ever since. It does all the work for you.


    This is the best solution!


    Try it!

    Leave a comment:


  • Wayne Luke
    replied
    Originally posted by vitalie View Post
    Code:
    222.183.124.191 - - [04/Jun/2008:11:21:18 +0300] GET /register.php?do=signup HTTP/1.1 "200" 20122 "http://www.******.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; 
    SV1; .NET CLR 2.0.50727)" "-"
    222.183.124.191 - - [04/Jun/2008:11:21:26 +0300] POST /register.php?do=register HTTP/1.1 "200" 31520 "http://www.******.com/register.php?do=signup" "Mozilla/4.0 (compatible; 
    MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "-"
    222.183.124.191 - - [04/Jun/2008:11:21:26 +0300] GET /image.php?type=regcheck&imagehash=c9ee867e0b4ed45254e16b9a4c85b4a0 HTTP/1.1 "200" 10320 "http://www.******.com/register.
    php?do=signup" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "-"
    222.183.124.191 - - [04/Jun/2008:11:21:34 +0300] POST /ajax.php?do=imagereg&imagehash=c9ee867e0b4ed45254e16b9a4c85b4a0 HTTP/1.1 "200" 111 "http://www.******.com/register.php?
    do=signup" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "-"
    222.183.124.191 - - [04/Jun/2008:11:21:34 +0300] GET /image.php?type=regcheck&imagehash=5568e8b5c6ea1e138248d590ecdba890 HTTP/1.1 "200" 10257 "http://www.******.com/register.
    php?do=signup" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "-"
    222.183.124.191 - - [04/Jun/2008:11:22:01 +0300] POST /register.php?do=addmember HTTP/1.1 "200" 23886 "http://www.******.com/register.php?do=register" "Mozilla/4.0 (compatibl
    e; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "-"
    222.183.124.191 - - [04/Jun/2008:11:22:07 +0300] GET /profile.php?do=editsignature HTTP/1.1 "200" 29979 "http://www.******.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 
     5.1; SV1; .NET CLR 2.0.50727)" "-"
    222.183.124.191 - - [04/Jun/2008:11:22:15 +0300] POST /profile.php?do=updatesignature HTTP/1.1 "200" 29484 "http://www.******.com/profile.php?do=editsignature" "Mozilla/4.0 (
    compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "-"
    o.com/help/us/ysearch/slurp)" "74.6.12.58"
    222.183.124.191 - - [04/Jun/2008:11:22:47 +0300] GET /register.php?a=act&u=56&i=31984333 HTTP/1.1 "200" 24108 "-" "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
    This is most likely human... They reloaded the image verification three times. You're not even using recaptcha.

    Leave a comment:


  • ryansmith
    replied
    This is not a vB 3.7.x issue. I am running vB 3.6.10 and I've banned every username mentioned in this thread so far.

    I just ran through my members list and deleted every suspicious username with a birthdate of Jan 1, 1980 and also did a quick scan of gmail.com, 21cn.com, and sina.com email addresses. I deleted about 30 members, all with 0 posts, who were either "User Awaiting Email Confirmation" or were approved but hadn't posted yet.

    I've installed Prevent Spam and I've set it to flag any post that contains a URL. I also have new member moderation turned on so that I have to approve each new registration manually.

    Between these two options I hope to stop a lot of this nonsense. This has only become a problem in the last week or two.

    Leave a comment:


  • Jason Buchanan
    replied
    I have a guest lurking around trying the permissions pretty hard. they have yet to try and register. Their ip is 150.70.84.41 shows it's origin is Japan.

    Leave a comment:


  • baghdad4ever
    replied
    i enable only picture verification

    and also the same

    there r many of them in my forum

    and i dont know how to do?

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X