Announcement

Collapse
No announcement yet.

Spam bots defeat Recaptcha.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • JPnyc
    replied
    just block all the countries in Asia. Problem solved. If your forum is anything like ours, you get no legitimate traffic from that region anyway, or at least not enough to worry about.

    Leave a comment:


  • dtg-forums
    replied
    HELP: IP BLOCKING (And Block List)

    Originally posted by cyburbia View Post
    Be careful about banning a short octet in APNIC IP space. The majority of Chinese IP blocks will fill an entire short octet, but you may find cases where xxx.xxx.[0-127].xxx is in China, and xxx.xxx.[128-255].xxx is in Australia, New Zealand, or some other country. in this case, there's no easy way to block through vBulletin; you've got to do it in .htaccess with either CIDR blocks or regular expressions.
    So, what does this mean?

    Here is a list of my blocked IP addresses -- ALL of which:
    * Posted more than TWO spams
    * Were checked by SamSpade.org
    * Proven to be in China, or some other country with no business in my forum
    * added to the list
    * user deleted, along with all his posts

    However, one listed as BLOCKED on this list got back in this morning.

    Are any of these in the octet mentioned in quote above?????

    114.241.1*
    114.246.15*
    114.246.163.116
    114.246.163.2*
    116.205.17.232
    116.23.149.215
    116.234.5*
    116.7.255.88
    116*
    117.15.2*
    117.25.5*
    117.25.5*
    117.8*
    118.71.176.109
    119.14*
    119.146.198.205
    119.150*
    119.152.44.6*
    119.27.1*
    120.8*
    121.145.14.9
    121.204*
    121.224*
    121.229.196.1*
    121.230*
    121.231.9.81
    121.231.9*
    121.235*
    121.239*
    121.247.55.153
    122.156.52.3*
    122.162.209.185
    122.162.211*
    122.163.107.5
    122.167.22.43
    122.169.1*
    122.172.30*
    122.174.72*
    122.23*
    122.5*
    122.53.159.238
    123.1*
    123.23*
    123.6*
    124.253.74.240
    124.253.8*
    124.253.83.1*
    124.7.104*
    124.7*
    124.92.73*
    125.11*
    125.115.12.240
    125.120.1*
    125.120.1*
    125.131.2*
    125.209.1*
    125.254.11.15*
    125.33.0*
    125.33.25*
    125.34.2*
    125.37.22*
    125.60.248.153
    125.7*
    125.70.58.1*
    125.78.242.237
    125.8*
    125.82.22.46
    174.132.18.164
    195.225
    196.202.78*
    196.220.10
    196.29.219.2*
    196.3.182.250
    196.3.183.72
    200.215.89.1*
    201.39.1.130
    202.105.106.1*
    202.106.1*
    202.106.1*
    202.106.1*
    202.106.111.2*
    202.106*
    202.106*
    208.78.62.1*
    209.11.241.2*
    209.5.112.2*
    211.15*
    211.158.21.152
    212.100.250*
    212.150.96.0
    212.150.96.1*
    212.150.96.2*
    212.247*
    213.232.20*
    216.139.164.86
    218.104.6*
    218.104*
    218.109.15*
    218.24*
    218.6.2*
    218.6.26.223
    218.6.26.223
    218.6.9*
    218.6*
    218.74.2*
    218.82.58.108
    218.84.1*
    219.148.0*
    219.150*
    219.253.180.226
    220.114.15*
    220.161.1*
    220.176.220*
    220.178*
    220.179.217.214
    220.180*
    220.249.1*
    220.250*
    221.10.15*
    221.134
    221.135
    221.135.255
    221.139.49.98
    221.20*
    221.200.210.157
    221.225.2*
    221.6.130.1*
    222.127.22*
    222.129.20*
    222.131.1*
    222.18*
    222.183*
    222.240.29*
    222.35.15*
    222.6*
    222.64.100*
    222.64*
    222.65.62*
    222.76.69*
    222.77.23*
    222.85.9*
    38.119.107.11*
    41.20*
    41.204.224.20
    41.219*
    41.234.132.122
    58.14*
    58.144.2*
    58.144.68.49
    58.2*
    58.22.141.146
    58.22*
    58.223.6*
    58.24*
    58.240.18*
    58.242.206.72
    58.242.206.72
    58.34.0*
    58.41.18.2*
    58.49*
    58.65.1*
    58.81.1.88
    58.83.3*
    58.83.4*
    59.17*
    59.176.10*
    59.32*
    59.40*
    59.41.174.35
    59.5*
    59.6*
    59.61.11*
    59.61.111.146
    59.61.161.38
    59.92.85.170
    59.92.85*
    59.95.2*
    60.12.45.2
    60.168*
    60.17*
    60.208*
    60.217.255*
    61.135.0*
    61.135.2*
    61.135*
    61.145*
    61.169*
    61.17.90*
    61.17*
    66.232.147.62
    66.28.144.20
    67.198.201.226
    69.89.27*
    72.27.143.81
    75.150.246.118
    75.56.167.5
    78.25.48.50
    78.46.75.5*
    80.73.3.110
    80.78.20*
    81.199.43*
    81.222.64*
    82.128*
    82.73.5.132
    83.229.9*
    86.51.144.143
    86.51*
    87.242.11*
    87.244.194.121
    87.247*
    88.229*
    89.124.235.130
    89.19*
    92.113.207

    Leave a comment:


  • Wayne Luke
    replied
    Originally posted by killerkitten View Post
    Very interesting thread, if 2 months old - has any progress been made on this issue by anyone?
    Personally, I have not seen any spam bots defeat ReCaptcha. There was a period when their algorithm was broken and it let any two words through. I believe they have fixed this. However since ReCaptcha is a third-party service, any concerns about the quality of their service should be directed to their website.

    With vBulletin, there are other ways to defeat spambots that have been incorporated into the software besides Captcha and Turing algorithms. These are your best bet to completely reduce spam. See:
    How to Reduce Spam and Registration Bots

    There are also a number of addons at www.vbulletin.org designed to try and combat spam and bot registration ranging from keyword density algorithms to detecting bot activity via load times and other automated behavior.

    Leave a comment:


  • killerkitten
    replied
    Very interesting thread, if 2 months old - has any progress been made on this issue by anyone?

    Leave a comment:


  • carntheroos4eva
    replied
    Probably best to get rid of the free emails just to stop the spambots /pornbots from joining up

    Leave a comment:


  • sullivanmar
    replied
    Originally posted by TGRS View Post
    As you gain more experience running discussion boards, you will begin to understand this concept better.
    Thanks. That explains it fine. I just hadn't thought of it that way. As I said, the community on my board is small and registrations are (were?) normally only a handful a month.

    The better news is that both types seem to have stopped since implementing Recapcha.

    Thanks for the help.

    Leave a comment:


  • TGRS
    replied
    Originally posted by sullivanmar View Post
    But once I've done this I still have a batch that I can find by doing user/search for new registrations. These are still in "Waiting email confirmation" so they haven't been able to post to my site. But I don't understand why I'm getting both classes.
    --You're getting both because the ones inside the "waiting email confirmation" usergroup, have not yet authenticated their email address, that's why they're still in there. The ones that are inside the "awaiting moderation" usergroup, are the ones that have authenticated their email address, and are now waiting on you to approve (or moderate). Both of the above scenarios are perfectly legitimate, in that you will sometimes get users (bad and good users) that fail to authenticate their email address. This has nothing what so ever to do with the original issue that you reported, regarding the bypassing of moderation. As you gain more experience running discussion boards, you will begin to understand this concept better.

    Leave a comment:


  • sullivanmar
    replied
    Originally posted by TGRS View Post
    Hello. I might be able to help you, but I want to make sure that I understand you first.


    --I have never seen anything like this, and I want to understand this more. When you say that they 'bypass' the moderation step; in other words, you are getting new user signups that go directly from the registration form, into the 'Registered Users' usergroup, without any intervention from you, is that correct? Please explain. I know of a way that this might be possible, but I just want to make sure that you are not overlooking something first.


    --Ok, but here's the thing: if you turned moderation on for newly registered users, that also means that both the good and bad guys (so to speak) will need to be moderated; therefore, you are going to have to examine each one to make sure you are not rejecting a legitimate user registration. Are you following what I am saying?
    Well, I will need to check more closely if this continues to happen. I seem to be getting new registrations in two classes,
    • Ones that show up as needing moderation in the CP. I can delete them using the delete radio button.
    • But once I've done this I still have a batch that I can find by doing user/search for new registrations. These are still in "Waiting email confirmation" so they haven't been able to post to my site. But I don't understand why I'm getting both classes. I'm pretty sure the usernames in each are different but I'll check again.
    I am prepared to check the registrations closely. In my case, our board is a fairly small community and I can usually tell if one is legit or not. If in doubt, I send an email to check.

    I may not see this again as I've since installed Recapcha.

    Leave a comment:


  • jebs49
    replied
    Same Problem, No Solutions

    Originally posted by sullivanmar View Post
    I am getting hit on my site too. I do have a few questions I'm hoping some can help with.

    I had not previously set up moderation on new registrations. But as a result of all of this, I turned this on a few days ago. I am now getting 8-10 moderation requests a day that I'm able to do a mass delete on using the moderation page.

    However, somehow I am also still getting 6-7 actual registrations a day that seem to be bypassing the moderation step. Can someone explain how this might be possible?

    Also, once they have registered, is there a way to do a mass delete of these invalid registrations? The method I use now is to search for Users/New Registrations. But this method requires me to select each user one at a time, select delete, confirm delete, research new registrations, and start the cycle again. Is there a faster way?

    Thanks
    SullivanMar,

    I am having the very same problem. I spent most of the day yesterday reworking and updating my forum to fix this. I thought I had fixed it because I did a test registration myself and I was sent to the moderation cue. This morning my mailbox was filled with more spam registrations that were not sent to the moderation cue. They got through and are shown as registered users. I have no idea how that is possible.

    This is really frustrating. I don't have the time to constantly be fighting these international idiots. I still don't know what they are actually getting out of this game.

    FT

    Leave a comment:


  • guppy
    replied
    I've spent a while today reading the threads here on spam handling over the last couple of months. Thank you for having so much in one place, it's helped get my mind straight.

    Capchas and email verification are fine for rejecting spambots. A lot of people are still reacting to spambots so it's as well to have those tools available.

    Spamborgs aren't stopped by Capchas and email verification. I don't care whether they're inconvenienced, my sole need is to stop them. The only thing that'll stop them is a mature blacklist fed by honeytraps, just the way email spam was handled at that stage in its development (with user reports taking the place of the honeytraps - I think we can automate rather better now).

    In the absence of a mature blacklist module I'm going to put new users on moderation and only take them off after I've been presented with a sensible post in a meaningful context. I'm not prepared to expose my users to spam and that's the cost to the newbies. I can recognize a spam account from the way it's named and configured and the email address it uses and the IP origin but I'm not prepared to put that many hours into fighting them, I need to batch filter new users onto my site and moderating new users will do that.

    Here's the internal memo I just sent about the problem:
    There's no adequate module for vBulletin yet.

    I might look at the code and decide whether there's a sensible single place to put a two-line patch to query the honeypot.org database. If you want to leave the release level as it is until the new year I'll do it with what's there. If it's in your mind to get current then I'll leave it a while. Have you a preference? I may well not be able to put a patch in place anyway. At the point where I have the new user email registration returned, before switching it off "waiting for confirmation", I can http a query for the confirmation IP address and the registration IP address and if either of them give a positive I can change the new status to banned instead. Maybe that's five lines. To whatever extent the honeypot database is accurate it provides a solution. I'd definitely dry-run all the existing hand-banned accounts against it first to see that they and I agree.
    Last edited by guppy; Sun 12 Oct '08, 6:29am.

    Leave a comment:


  • TGRS
    replied
    Originally posted by landspro View Post
    I am now getting 10-20 new registration requests per day. Most of those have gmail as their email.
    --I realize that legitimate users use google email; however, you may want to consider banning gmail email addresses if your problem is severe. I have had to do this off and on myself. The spammers are currently abusing google services.

    Originally posted by landspro View Post
    Since upgrading to the later version, the user does not submit legitimate reasons and interests that indicate whether they are spam or not (my website is about gardening), so it is difficult for me to tell if they are real potential members.
    --When you say they don’t submit it, what do you mean? Be specific, and I might be able to help.

    Originally posted by landspro View Post
    Also, how do I ban specific ip addresses?
    --If you want to ban specific ip addresses from registering, simply go into your admincp and select:
    Vbulletin options…user banning options…banned ip addresses box.
    If you want to ban ip addresses from your overall site, you can use htaccess to ban them.

    Leave a comment:


  • landspro
    replied
    I am now getting 10-20 new registration requests per day. Most of those have gmail as their email.

    Since upgrading to the later version, the user does not submit legitimate reasons and interests that indicate whether they are spam or not (my website is about gardening), so it is difficult for me to tell if they are real potential members.

    Also, how do I ban specific ip addresses?

    Leave a comment:


  • TGRS
    replied
    Hello. I might be able to help you, but I want to make sure that I understand you first.

    Originally posted by sullivanmar View Post
    However, somehow I am also still getting 6-7 actual registrations a day that seem to be bypassing the moderation step. Can someone explain how this might be possible?
    --I have never seen anything like this, and I want to understand this more. When you say that they 'bypass' the moderation step; in other words, you are getting new user signups that go directly from the registration form, into the 'Registered Users' usergroup, without any intervention from you, is that correct? Please explain. I know of a way that this might be possible, but I just want to make sure that you are not overlooking something first.

    Originally posted by sullivanmar View Post
    Also, once they have registered, is there a way to do a mass delete of these invalid registrations? The method I use now is to search for Users/New Registrations. But this method requires me to select each user one at a time, select delete, confirm delete, research new registrations, and start the cycle again. Is there a faster way? Thanks
    --Ok, but here's the thing: if you turned moderation on for newly registered users, that also means that both the good and bad guys (so to speak) will need to be moderated; therefore, you are going to have to examine each one to make sure you are not rejecting a legitimate user registration. Are you following what I am saying?

    Leave a comment:


  • sullivanmar
    replied
    Originally posted by sullivanmar View Post
    I am getting hit on my site too. I do have a few questions I'm hoping some can help with.

    I had not previously set up moderation on new registrations. But as a result of all of this, I turned this on a few days ago. I am now getting 8-10 moderation requests a day that I'm able to do a mass delete on using the moderation page.

    However, somehow I am also still getting 6-7 actual registrations a day that seem to be bypassing the moderation step. Can someone explain how this might be possible?

    Also, once they have registered, is there a way to do a mass delete of these invalid registrations? The method I use now is to search for Users/New Registrations. But this method requires me to select each user one at a time, select delete, confirm delete, research new registrations, and start the cycle again. Is there a faster way?

    Thanks
    Hi, anyone have answers for my questions? Thanks

    Leave a comment:


  • minty_fres
    replied
    Yup been having the same problems on my boards too.

    Taken all the required steps and i notice i have a few members requiring moderation so best clean that up ! haha

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X