Announcement

Collapse
No announcement yet.

Bots and clones,spammers etc..

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Bots and clones,spammers etc..

    After upgrading to 3.7.0 we started to have problems with bots,crawlers etc that register and spam the forum with everything,is there a solution to this?

    No problems with this before upgrading,am i missing something here?

  • #2
    Switch to a different human verification system.

    Make sure that email validation is on.

    Sign up and use the Akismet integration included in the software.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API

    Comment


    • #3
      Is vbulletin looking into this?

      Prior to 3.7 no bots. Now lots of bots. A lot of people think 3.7 is vulnerable

      Quite a few posters here are fairly sure its an exploit in 3.7

      http://www.vbulletin.com/forum/showthread.php?t=272439

      Comment


      • #4
        We haven't seen an increase in spam on this site. There are attempts quite often. Usually only a few posts get through a day and they are handled. The rest are either stopped at registration or through Akisment post scanning.

        If there were a vulnerability, this would increase activity on this site as well as it is in no way immune.

        Chrisixon, looking at the site linked to your forum account you are still using vBulletin 3.5.0 with simple font GD image verification. This was deprecated in 3.6.4 and completely removed in 3.7.0 due to its ineffectiveness at stopping spambots. You will need to upgrade to 3.7.0 to take advantage of the new Human Verification features that are a lot more effective.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API

        Comment


        • #5
          >We haven't seen an increase in spam on this site. There are attempts quite often.

          Well if I was a spammer and bot writer I wouldn't spam this site

          >Chrisixon, looking at the site linked to your forum account you are still using vBulletin 3.5.0

          We have two licenses, the 2nd is running 3.7.0

          >with simple font GD image verification. This was deprecated in 3.6.4 and completely removed in 3.7.0 due to its ineffectiveness at stopping spambots. You will need to upgrade to 3.7.0 to take advantage of the new Human Verification features that are a lot more effective.

          The 3.5 forum isn't being attacked

          We only got attacked when we upgraded 3.6 to 3.7

          People have done measurements making it look like the verification is being sidestepped:

          http://www.vbulletin.com/forum/showthread.php?t=272439

          I think you need to take this more seriously, this site is not a good indication!

          Thanks.

          Comment


          • #6
            The spam controls - if you use them - are significantly stronger in 3.7 than 3.5 or 3.6.

            The link talks about ReCaptcha which is a third-party program that we do not control and is one of 3 separate verification options you can use. Personally I use vB's built-in Image Verification.
            Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
            Change CKEditor Colors to Match Style (for 4.1.4 and above)

            Steve Machol Photography


            Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


            Comment


            • #7
              So you're completely confident there isn't a new exploit introduced in 3.7 ?

              Have you seen this post:
              http://www.vbulletin.com/forum/showp...6&postcount=54

              "Please note that this is really everything they did from the server point of view. The remarkable thing is: there was not a single image loaded, no javascript, no nothing besides the scripts. The bots seem to get directly to the vb-scripts and register the bot-user."

              That plus the fact that many many users are saying 3.7 is being spammed where 3.6 wasn't would seem worthy of investigation

              In the 3.7.1 announcment you said: "we have been busy squashing the inevitable collection of bugs that get reported after large numbers of customers deploy a new major version to their servers"

              It seems very possible that a bug has crept into the human verification code especially as it went such a major overhaul.

              Please can you address these points rather than trotting out how great you think 3.7 is ?

              Comment


              • #8
                Maybe it's not a bug, http://people.oii.ox.ac.uk/z/2007/11...olve-captchas/.

                Also, read the comment on that post. doh!
                So Cal Sportbike forum - So Cal Moto - Kawasaki Ninja 250R Forum - Custom vinyl decals - Southern California camping forum

                Comment


                • #9
                  Originally posted by Vtec44 View Post
                  Maybe it's not a bug
                  Did you read the quote in my post: "The remarkable thing is: there was not a single image loaded"

                  Also I changed to question and answer and it made no difference.

                  Comment


                  • #10
                    Originally posted by chrisrixon View Post
                    So you're completely confident there isn't a new exploit introduced in 3.7 ?

                    Have you seen this post:
                    http://www.vbulletin.com/forum/showp...6&postcount=54

                    "Please note that this is really everything they did from the server point of view. The remarkable thing is: there was not a single image loaded, no javascript, no nothing besides the scripts. The bots seem to get directly to the vb-scripts and register the bot-user."

                    That plus the fact that many many users are saying 3.7 is being spammed where 3.6 wasn't would seem worthy of investigation

                    In the 3.7.1 announcment you said: "we have been busy squashing the inevitable collection of bugs that get reported after large numbers of customers deploy a new major version to their servers"

                    It seems very possible that a bug has crept into the human verification code especially as it went such a major overhaul.

                    Please can you address these points rather than trotting out how great you think 3.7 is ?
                    If you want to post a bug report, then please do so. I won't stop you.
                    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                    Change CKEditor Colors to Match Style (for 4.1.4 and above)

                    Steve Machol Photography


                    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                    Comment


                    • #11
                      Originally posted by chrisrixon View Post
                      Did you read the quote in my post: "The remarkable thing is: there was not a single image loaded"
                      Maybe you missed the title of that thread, but it's "reCaptcha". As Steve pointed out, that's not vB's product.

                      I'm using vB's builtin captcha, no spam since I upgraded to 3.5.x to 3.7. We used to get at least 10 spams account per day, now 0.
                      So Cal Sportbike forum - So Cal Moto - Kawasaki Ninja 250R Forum - Custom vinyl decals - Southern California camping forum

                      Comment


                      • #12
                        You already posted you have no spam. Good for you. Perhaps they haven't got you on their list.

                        The point is lots of boards are being spammed. I have been using vB's builtin captcha in fact. The question is are they using humans to bypass it or is it an exploit ...

                        Comment

                        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                        Working...
                        X