Announcement

Collapse
No announcement yet.

Spam bots defeat Recaptcha.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #91
    looking at the logs, there's a 90% chance they aren't going to your site at all.... but rather running a simple CURL program they whipped up. it's pretty easy to make a curl script to do this. <100 lines a code, tops.

    Comment


    • #92
      Actually, Briansol, I think you are right on with that one. I have been trapping the data entry for some time now and that is exactly what it looks like, either that or they have figure out how to do an injection but it does not appear to be using the standard vbulletin registration vehicle to me.

      I have been avoiding these jerks for several months and just the other day, three of their attempts succeeded so I had to tweak my filter to trap them but its clear to me that they were not using the "standard" form spamming bot, maybe as you say, CURL is their vehicle now.

      vBulletin need to find a zealot in their development organization to champion this cause like they do with ALL the other phantom XSS and CSRF they have supposedly fixed. THIS one is REAL and PRESENT and affecting thousands of vBulletin owners and operators every day.

      I don't appreciate wasting MY time to try to hack a solution for this product deficiency frankly. I would prefer to use my skills for more creative and satisfying work.

      regards, mikesz
      Last edited by mikesz; Wed 28 May '08, 8:21pm.

      Comment


      • #93
        I recently been hit by them as well ;(

        I would hate to do manual verification

        Comment


        • #94
          I've been getting hit by one of these bots almost daily. They get passed the normal vBulletin registration and Enhanced Captcha Image Verification which makes me believe that they are using some other way to completely bypass all that as well.

          I'm currently using Prevent Spam to put all posts into the post moderation cue for all post that contain links from members that have fewer than 10 posts. So far it has caught all the bots.

          Only correlation that I've noticed is that they all put their birthdate as January 1st, 1980 and all have their time set to GMT + 8:00 (Beijing, Perth, Singapore, Hong Kong).

          Hopefully the vBulletin development team will take a serious look into this matter and fix it.

          Comment


          • #95
            Im also hit by this ****

            Comment


            • #96
              eh, I just edited the .htaccess file and banned ALL Chinese IP's. Problem solved, for the Chinese anyway.

              Comment


              • #97
                hmm why dont we all mass email these guys and flood their account!?

                Comment


                • #98
                  Originally posted by CarterMarkham View Post
                  eh, I just edited the .htaccess file and banned ALL Chinese IP's. Problem solved, for the Chinese anyway.


                  KevinFlys


                  They are pretty easy to spot when they join. The almost immediately edit the signature. I just made it so people that that user group can not edit their signature.
                  www.Copiertalk.com - Everything Copier , Printer, Fax

                  Comment


                  • #99
                    Originally posted by CarterMarkham View Post
                    eh, I just edited the .htaccess file and banned ALL Chinese IP's. Problem solved, for the Chinese anyway.
                    It's not a path I'd personally go down, I mean China is a very fast developing country and with a Population of 1 Billion its not one to be blocked by outsiders (their Government can do that for them :P).

                    I know you probably don't see any reason for a Chinese lad joining but I suppose depending on your site it helps to have as many views from different areas in the world. btw My Site is a Registered Only forum for Members, so I am quite surprised to be hit by it, because I only have 1 entry on google. Which I think summarises the scale of the problem.

                    Before I continue to babble any longer, my solution will be to use Prevent Spam so new members who post links are placed in a moderation queue. Although it's not the external links I'm particularly worried about it's the nuisance it causes to me and members using the site.
                    Last edited by thebigman87; Fri 30 May '08, 2:01am.

                    Comment


                    • Well, today I was hit by 4 different bots at once: joef88112, baadman25, kevin7901, and loveumaryii. Luckily, none of their posts actually appeared on the forum because of Prevent Spam. I modified it further to only stop posts with links from users with no posts. Since the bots posts are placed into moderation cue, they are not counted towards their post count. This problem appears to be getting worse and blocking all of China is not an option for me.

                      Comment


                      • Thanks for posting the list. I know someone is working on a Spam hack at VB.org but its far from finished. Anyone know of a master list that can be copy/pasted into my banning section? Thanks again. Daniel

                        Comment


                        • Originally posted by Scalemotorcars View Post
                          Anyone know of a master list that can be copy/pasted into my banning section?
                          http://www.projecthoneypot.org/top_comment_spammers.php

                          Of course any true spammer is just going to start spoofing their IP address or lease a zombie workstation in another country.
                          Translations provided by Google.

                          Wayne Luke
                          The Rabid Badger - a vBulletin Cloud demonstration site.
                          vBulletin 5 API

                          Comment


                          • Thanks Wayne. That was quick. Site is currently down but Ill check back soon.

                            Comment


                            • Originally posted by Scalemotorcars View Post
                              Thanks Wayne. That was quick. Site is currently down but Ill check back soon.
                              I think they are currently being DDOSed by spammers... It happens quite a lot there if you can imagine. The site works but it is slow right now.
                              Translations provided by Google.

                              Wayne Luke
                              The Rabid Badger - a vBulletin Cloud demonstration site.
                              vBulletin 5 API

                              Comment


                              • Go figure them doing that. Just glad someone is keeping track of all this to make it easier on the rest of us. Thanks again for the link.

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X