Spam bots defeat Recaptcha.

**copiertalk** · Fri 30 May '08, 11:44am

Originally posted by thebigman87

It's not a path I'd personally go down, I mean China is a very fast developing country and with a Population of 1 Billion its not one to be blocked by outsiders (their Government can do that for them :P).

Most of these posts have come from an IP of 220.*.*.* with the second, third and fourth octet being unique. I also have members from Australia that have the same beginning 220 octet and if I ban all people with an IP that starts with 220 I will ban the people I want on my forum as well. I agree that this is not a solution.

The bots/spammers also have joined with an address with a starting octet of 58 or 59. In the end I do not want to have to keep up with a huge list of numbers that I have banned.

We have just been watching the forum and monitoring who joins and tries to edit their signature. We ban that person within minutes most times and although it is not the best solution, it is working for us.

**baghdad4ever** · Fri 30 May '08, 12:51pm

i have this also

after upgrade to 3.7.0

every spammer make only five replies

it is strange thing

and i attach the message

please how to solve that??

**Christophe_O** · Sat 31 May '08, 11:29am

Suggestion: Semi-automatic 'quarantine' that misdirects the spammer or spambot.

I am just struggling to get a website and forum running and don't even know what Captcha is yet. (PS--oh yes, I guess Captcha is that image thing? Which I set to very low standards because otherwise I could hardly read it myself heh. Well now I guess there's no need to raise the standard.)
So I just came here searching for anti-spam tools because of being hit with annoying 'WOW GOLD' ads from lovebeijgo etc. Latest are loveumaryii and Dreamath.
I did not ban KaiyureBoy because there was no advertising. Just repeated messages saying 'I have read your article it was very helpful' and then asking for my MSN. I replied with a warning against repeat messages, and he stopped.
KaiyureBoy also did a 'fake signature' including 6 links for amateurish non-porn celebrity URLs. If that's all bot, it's a bit clever.
What I am hoping to find is some kind of anti-spam system that:
1. Detects all 'probable spam' according to keywords which I can tweak.
2. Display these all on one page. "Select all" and selectively de-select.
3. In one action a) "Move all" spam messages to a spam archive thread, and b) "Quarantine" the transgressing members.

By 'quarantine' I mean perhaps a permanent ban. But what might be better than to ban them: a) automatically move all their posts to an invisible subforum. Or b) automatically require that all their messages must be moderated before being posted. Thus, they 'think' they are still active members, and they do not bother to re-join under different names.

[rant]These people are so clever with their software. And then so stupid to think anybody is going to reply to their WOW GOLD ads. Which doesn't even make any sense, in English at least. Yes and look out world, it's these brain damaged survivors of communism from Russia, China, and eastern Europe who are taking over the global economy. And America's answer so far is to elect and re-elect a born again Christian from Texas who can hardly get through a Sunday school reading. So we might not buy WOW GOLD but we did buy the gulf war II. Holy Toledo. Time to build bunkers.[/rant]

Thank you everyone who contributed to this thread, especially mikesz, El Burro, CareyCrew, 1996 and renep, who I quote below.

Originally posted by mikesz

FYI, I have been tracking this stuff for the last six months and have successfully block 100% of these attacks using a simple filter and IP trap that just does input verification of registration data entry and an IP lookup against a bad guy table that dynamically maintains itself from the badguys it traps.

Originally posted by El Burro

I installed ISBot this morning it's already stopped five bots registering in only a few hours!
http://www.vbulletin.org/forum/showt...ighlight=isbot

Originally posted by CareyCrew

Another tool for anyone interested is a huge list of spammers email addresses maintained by my old friend ForumNut at http://forumnutsandbolts.freeforums.org/portal.php mainly phpbb2 stuff there but he keeps up this list which can be used as a blocklist.
The thread is located here.....

http://forumnutsandbolts.freeforums.org/spammer-e-mail-list-v03-28-08-t34.html

( Registration is required) He gets hate mail from the spammers along with expletives and threats but the list keeps growing

Originally posted by 1996 328ti

I don't think banning email addresses or entire ip blocks is the answer. I think by far the best mod (and should be included with vB) is Prevent Spam Posts
http://www.vbulletin.org/forum/showthread.php?t=131568 I've added additional keywords to prevent our latest fiends from posting.
I don't care that I need to delete and ban a few people each week.
I'm just glad their posts are not visible. And I don't believe askimet is of any use. Look how much spam gets posted to vb.com.

Originally posted by renep

I've used that trick in some hand-coded form handlers (outside of vB). It worked fine for a while, but a couple of months ago new spam started to pass this test ... I don't see how you could get false positives though.

(False positives for 'hidden form' traps might come from blind people using aural readers...?)

**Mike Jordan** · Sun 1 Jun '08, 7:21am

I'm going to add my 2 cents to this thread as well. I bought 3.6.8 back last Dec. I've got a small, niche type forum so I don't get a lot of users or search bot traffic. In the last 6 months I've not had one spam attempt nor had I seen any guests that their IP addresses were from outside the US. And I keep a pretty close eye on my forum. I managed a much bigger vBulletin site for years that was constantly getting hit by spam bots and other unwanted attention, so I pretty much know what to look for and know just how bad it is out there.

Come the end of May and I upgrade to 3.7.0. It hadn't even been up 12 hours and I get a Vietnamese and Chinese IP address. Next day it's Russian. A couple more Chinese and some small country that use to be part of the Soviet Block. Some of them just mill around like bots do and a few try to register, but so far none have been able to. So that at least is good.

Sure, it could be a coincidence and I might had seen these had I stayed on 3.6.8. And that is what I would have thought had I not seen all the other threads on here about increased activity right after people upgraded. I read the comments that these people are targeting vBulletin 3.7. Maybe it's because it's brand new and since so many people are upgrading to it they want to see just how good it is...

or maybe it's because they know that when people go to a new version they make mistakes and leave holes in their security. So the best time to try and take advantage is when people are installing new software.
I was curious as to how easy it was to find out who was running vBulletin 3.7 so I did a Google search with the words "Powered by vBulletin® Version 3.7"... Yep, page after page after page of forums, including mine, came up. So for those wondering how they are finding out, it's not hard for them to find out who is on 3.7 at all. So vBulletin gets a lot of advertisement for free (that's just business of course) but there is a lighted path right back to all of us.

I do wish that the US government would address the issue (or at least put more bite into what they are doing) of countries that allow (and in some cases are actively supporting) this type of activity. It's not just about spam anymore... most of it is targeted at identity theft and other criminal activities like that.

I don't think the group at Jelsoft (or any other forum software) will ever be able to create the perfect forum software. It's always been known that anything one person can create, another person can find a way around. It's the nature of the beast and one of the costs of us wanting to run forums. I think Jelsoft does a pretty good job and I hope they continue to stay close, even if they can't get ahead of the people that are out to take advantage of us.

Mike

**chrisrixon** · Sun 1 Jun '08, 10:36am

Sadly the vbulletin staff don't seem to be very interested, see:

Bots and clones,spammers etc.. - vBulletin Community Forum

http://www.vbulletin.com/forum/showthread.php?p=1573643

**Steve Machol** · Sun 1 Jun '08, 10:37am

Originally posted by chrisrixon

Sadly the vbulletin staff don't seem to be very interested, see:
http://www.vbulletin.com/forum/showthread.php?p=1573643

I told you to submit a bug report since you are certain this is a vB issue. Please do so.

**chrisrixon** · Sun 1 Jun '08, 10:48am

Ok done.

**copiertalk** · Sun 1 Jun '08, 11:37am

Originally posted by Mike Jordan

Mike

Well written.

**EcoForumZ** · Sun 1 Jun '08, 2:00pm

removed post

**chrisrixon** · Sun 1 Jun '08, 2:42pm

I'm afraid the answer was:

"There are as yet no confirmed and verifiable reports of this happening."

**Steve Machol** · Sun 1 Jun '08, 4:53pm

Originally posted by chrisrixon

I'm afraid the answer was:

"There are as yet no confirmed and verifiable reports of this happening."

To clarify I am talking about Bots bypassing the registration and verification process. As long as you allow registration there is nothing to stop humans from registering and then turning over the account to a Bot.

**EcoForumZ** · Sun 1 Jun '08, 9:07pm

removed post

**EcoForumZ** · Sun 1 Jun '08, 9:10pm

removed post

**Vtec44** · Sun 1 Jun '08, 9:17pm

Originally posted by EcoForumZ

They are spamming 3.6x as well.

They're spaming pretty much all forums, non-vB and vB. I'm on a few that have been hit by these guys.

**copiertalk** · Sun 1 Jun '08, 10:00pm

We have been soft deleting the posts and banning the usernames.

We run a small community and have cought most of them prior to any spam.

Spam bots defeat Recaptcha.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment