Announcement

Collapse
No announcement yet.

Spam bots defeat Recaptcha.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
    chrisrixon
    New Member

  • chrisrixon
    replied
    I'm afraid the answer was:

    "There are as yet no confirmed and verifiable reports of this happening."

    Leave a comment:

  • EcoForumZ
    New Member

  • EcoForumZ
    replied
    removed post
    EcoForumZ
    New Member
    Last edited by EcoForumZ; Mon 2 Jun '08, 8:57pm.

    Leave a comment:

  • copiertalk
    Senior Member

  • copiertalk
    replied
    Originally posted by Mike Jordan View Post


    Mike
    Well written.

    Leave a comment:

  • chrisrixon
    New Member

  • chrisrixon
    replied
    Ok done.

    Leave a comment:

  • Steve Machol
    Former Customer Support Manager

  • Steve Machol
    replied
    Originally posted by chrisrixon View Post
    Sadly the vbulletin staff don't seem to be very interested, see:
    http://www.vbulletin.com/forum/showthread.php?p=1573643
    I told you to submit a bug report since you are certain this is a vB issue. Please do so.

    Leave a comment:

  • chrisrixon
    New Member

  • chrisrixon
    replied
    Sadly the vbulletin staff don't seem to be very interested, see:
    http://www.vbulletin.com/forum/showthread.php?p=1573643

    Leave a comment:

  • Mike Jordan
    New Member

  • Mike Jordan
    replied

    I'm going to add my 2 cents to this thread as well. I bought 3.6.8 back last Dec. I've got a small, niche type forum so I don't get a lot of users or search bot traffic. In the last 6 months I've not had one spam attempt nor had I seen any guests that their IP addresses were from outside the US. And I keep a pretty close eye on my forum. I managed a much bigger vBulletin site for years that was constantly getting hit by spam bots and other unwanted attention, so I pretty much know what to look for and know just how bad it is out there.

    Come the end of May and I upgrade to 3.7.0. It hadn't even been up 12 hours and I get a Vietnamese and Chinese IP address. Next day it's Russian. A couple more Chinese and some small country that use to be part of the Soviet Block. Some of them just mill around like bots do and a few try to register, but so far none have been able to. So that at least is good.

    Sure, it could be a coincidence and I might had seen these had I stayed on 3.6.8. And that is what I would have thought had I not seen all the other threads on here about increased activity right after people upgraded. I read the comments that these people are targeting vBulletin 3.7. Maybe it's because it's brand new and since so many people are upgrading to it they want to see just how good it is...

    or maybe it's because they know that when people go to a new version they make mistakes and leave holes in their security. So the best time to try and take advantage is when people are installing new software.
    I was curious as to how easy it was to find out who was running vBulletin 3.7 so I did a Google search with the words "Powered by vBulletin® Version 3.7"... Yep, page after page after page of forums, including mine, came up. So for those wondering how they are finding out, it's not hard for them to find out who is on 3.7 at all. So vBulletin gets a lot of advertisement for free (that's just business of course) but there is a lighted path right back to all of us.

    I do wish that the US government would address the issue (or at least put more bite into what they are doing) of countries that allow (and in some cases are actively supporting) this type of activity. It's not just about spam anymore... most of it is targeted at identity theft and other criminal activities like that.

    I don't think the group at Jelsoft (or any other forum software) will ever be able to create the perfect forum software. It's always been known that anything one person can create, another person can find a way around. It's the nature of the beast and one of the costs of us wanting to run forums. I think Jelsoft does a pretty good job and I hope they continue to stay close, even if they can't get ahead of the people that are out to take advantage of us.

    Mike

    Leave a comment:

  • Christophe_O
    Senior Member

  • Christophe_O
    replied
    Suggestion: Semi-automatic 'quarantine' that misdirects the spammer or spambot.
    • I am just struggling to get a website and forum running and don't even know what Captcha is yet. (PS--oh yes, I guess Captcha is that image thing? Which I set to very low standards because otherwise I could hardly read it myself heh. Well now I guess there's no need to raise the standard.)
    • So I just came here searching for anti-spam tools because of being hit with annoying 'WOW GOLD' ads from lovebeijgo etc. Latest are loveumaryii and Dreamath.
    • I did not ban KaiyureBoy because there was no advertising. Just repeated messages saying 'I have read your article it was very helpful' and then asking for my MSN. I replied with a warning against repeat messages, and he stopped.
    • KaiyureBoy also did a 'fake signature' including 6 links for amateurish non-porn celebrity URLs. If that's all bot, it's a bit clever.
    • What I am hoping to find is some kind of anti-spam system that:
      1. Detects all 'probable spam' according to keywords which I can tweak.
      2. Display these all on one page. "Select all" and selectively de-select.
      3. In one action a) "Move all" spam messages to a spam archive thread, and b) "Quarantine" the transgressing members.


    By 'quarantine' I mean perhaps a permanent ban. But what might be better than to ban them: a) automatically move all their posts to an invisible subforum. Or b) automatically require that all their messages must be moderated before being posted. Thus, they 'think' they are still active members, and they do not bother to re-join under different names.

    [rant]These people are so clever with their software. And then so stupid to think anybody is going to reply to their WOW GOLD ads. Which doesn't even make any sense, in English at least. Yes and look out world, it's these brain damaged survivors of communism from Russia, China, and eastern Europe who are taking over the global economy. And America's answer so far is to elect and re-elect a born again Christian from Texas who can hardly get through a Sunday school reading. So we might not buy WOW GOLD but we did buy the gulf war II. Holy Toledo. Time to build bunkers.[/rant]

    Thank you everyone who contributed to this thread, especially mikesz, El Burro, CareyCrew, 1996 and renep, who I quote below.
    Originally posted by mikesz View Post
    FYI, I have been tracking this stuff for the last six months and have successfully block 100% of these attacks using a simple filter and IP trap that just does input verification of registration data entry and an IP lookup against a bad guy table that dynamically maintains itself from the badguys it traps.
    Originally posted by El Burro View Post
    I installed ISBot this morning it's already stopped five bots registering in only a few hours!
    http://www.vbulletin.org/forum/showt...ighlight=isbot
    Originally posted by CareyCrew View Post
    Another tool for anyone interested is a huge list of spammers email addresses maintained by my old friend ForumNut at http://forumnutsandbolts.freeforums.org/portal.php mainly phpbb2 stuff there but he keeps up this list which can be used as a blocklist.
    The thread is located here.....
    http://forumnutsandbolts.freeforums....28-08-t34.html
    ( Registration is required) He gets hate mail from the spammers along with expletives and threats but the list keeps growing
    Originally posted by 1996 328ti View Post
    I don't think banning email addresses or entire ip blocks is the answer. I think by far the best mod (and should be included with vB) is Prevent Spam Posts
    http://www.vbulletin.org/forum/showthread.php?t=131568 I've added additional keywords to prevent our latest fiends from posting.
    I don't care that I need to delete and ban a few people each week.
    I'm just glad their posts are not visible. And I don't believe askimet is of any use. Look how much spam gets posted to vb.com.
    Originally posted by renep View Post
    I've used that trick in some hand-coded form handlers (outside of vB). It worked fine for a while, but a couple of months ago new spam started to pass this test ... I don't see how you could get false positives though.
    (False positives for 'hidden form' traps might come from blind people using aural readers...?)
    Christophe_O
    Senior Member
    Last edited by Christophe_O; Sat 31 May '08, 12:09pm. Reason: about captcha-fake signature

    Leave a comment:

  • baghdad4ever
    Senior Member

  • baghdad4ever
    replied
    i have this also

    after upgrade to 3.7.0

    every spammer make only five replies

    it is strange thing

    and i attach the message

    please how to solve that??
    baghdad4ever
    Senior Member
    Last edited by baghdad4ever; Sun 12 Oct '08, 7:52am.

    Leave a comment:

  • copiertalk
    Senior Member

  • copiertalk
    replied
    Originally posted by thebigman87 View Post
    It's not a path I'd personally go down, I mean China is a very fast developing country and with a Population of 1 Billion its not one to be blocked by outsiders (their Government can do that for them :P).
    Most of these posts have come from an IP of 220.*.*.* with the second, third and fourth octet being unique. I also have members from Australia that have the same beginning 220 octet and if I ban all people with an IP that starts with 220 I will ban the people I want on my forum as well. I agree that this is not a solution.

    The bots/spammers also have joined with an address with a starting octet of 58 or 59. In the end I do not want to have to keep up with a huge list of numbers that I have banned.

    We have just been watching the forum and monitoring who joins and tries to edit their signature. We ban that person within minutes most times and although it is not the best solution, it is working for us.
    copiertalk
    Senior Member
    Last edited by copiertalk; Fri 30 May '08, 11:49am.

    Leave a comment:

  • Scalemotorcars
    Member

  • Scalemotorcars
    replied
    Go figure them doing that. Just glad someone is keeping track of all this to make it easier on the rest of us. Thanks again for the link.

    Leave a comment:

  • Wayne Luke
    vBulletin Technical Support Lead

  • Wayne Luke
    replied
    Originally posted by Scalemotorcars View Post
    Thanks Wayne. That was quick. Site is currently down but Ill check back soon.
    I think they are currently being DDOSed by spammers... It happens quite a lot there if you can imagine. The site works but it is slow right now.

    Leave a comment:

  • Scalemotorcars
    Member

  • Scalemotorcars
    replied
    Thanks Wayne. That was quick. Site is currently down but Ill check back soon.

    Leave a comment:

  • Wayne Luke
    vBulletin Technical Support Lead

  • Wayne Luke
    replied
    Originally posted by Scalemotorcars View Post
    Anyone know of a master list that can be copy/pasted into my banning section?
    http://www.projecthoneypot.org/top_comment_spammers.php

    Of course any true spammer is just going to start spoofing their IP address or lease a zombie workstation in another country.

    Leave a comment:

  • Scalemotorcars
    Member

  • Scalemotorcars
    replied
    Thanks for posting the list. I know someone is working on a Spam hack at VB.org but its far from finished. Anyone know of a master list that can be copy/pasted into my banning section? Thanks again. Daniel

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X