Announcement

Collapse
No announcement yet.

Spammers Getting Around Image Verification

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • I am being hit with 50-75 a day too. And I changed it two days ago to moderate new users and the only users getting moderated are legit. The Spammers are by passing the moderate new users option.

    Comment


    • Originally posted by unicorn2433 View Post
      I am being hit with 50-75 a day too. And I changed it two days ago to moderate new users and the only users getting moderated are legit. The Spammers are by passing the moderate new users option.
      Can someone who has had spammers bypassing user moderation, please post this into bug tracker so that vbulletin programers can have a look at it because it seems like a major security flaw.
      .

      Comment


      • Originally posted by unicorn2433 View Post
        The Spammers are by passing the moderate new users option.
        If that is the case, there is a major security issue here and an emergency is at hand.

        My forum got hit as well, BTW...few got through in my case: 6- 12

        I used Akismet, Image Verification and Address Verification.

        I just switched to Registration Moderation, reCAPTCHA until we know what's going on.
        I fear someone found an exploit and is milking it for all its worth.

        Comment


        • Just to clarify. Nothing is "bypassed" they can just "read" what the captcha says, it is not a security issue. That said, yes, very frustrating for board owners and changing to the HV Q+A with a home made creative question stops it for 99%

          Comment


          • Originally posted by unicorn2433 View Post
            I changed it two days ago to moderate new users and the only users getting moderated are legit. The Spammers are by passing the moderate new users option.
            Originally posted by Floris View Post
            Just to clarify. Nothing is "bypassed" they can just "read" what the captcha says, it is not a security issue. That said, yes, very frustrating for board owners and changing to the HV Q+A with a home made creative question stops it for 99%
            Floris please read Unicorn's reply, this is not the first time I am reading a post like this here or in vb.org.
            .

            Comment


            • Originally posted by unicorn2433 View Post
              The Spammers are by passing the moderate new users option.
              --I also hope that is not true, and that you are having some other issue. So far, I have not seen anything like this. I will certainly report it if I see it. The other thing I wanted to mention is to be careful with signatures. I.e. even if you moderate new users, only give signature create access to fully registered users that you trust are legit. If these creeps register, the first thing they try to corrupt is the signature.

              Comment


              • Default usergroup: Always moderate? YES

                Create a new usergroup: dont-moderate-these-members, with permission to not moderate them.

                Create a new promotion for the default usergroup, to upgrade after 2 or 5 posts to additional usergroup you just created.

                Then everybody has 0 posts basically that sign up, untill their good posts are approved, every hour the script checks who has the x or more posts, and upgrades them, so future posts wont get moderated.

                Comment


                • Originally posted by yogesh View Post
                  Floris please read Unicorn's reply, this is not the first time I am reading a post like this here or in vb.org.
                  From the few reports I've read in the last 48 hours only 1 user I can not clarify why this happened. No log files are provided either. If this happens to you too, please provide server log files for access_log and error_log in a private support ticket, with details of what user and which IP. So we can see if we can trace the steps back and find out why they could possibly bypass this usergroup.

                  Comment


                  • This is very odd I was about to post a thread wondering why we are receiving so many spammers the past 2 days. It's strange to see its not just me..

                    Comment


                    • Never ever got spam through sendmessage.php until yesterday

                      Using different e-mails, IP's are not the same but the first numbers are often identical, sometimes advertisments for movfree or german viagra. They're always sent at night, strangely. Luckily they don't register yet, so I'll disable sendmessage.php for unregistered members.








                      Edit: Ah, good thread: http://www.vbulletin.com/forum/showthread.php?t=275800
                      Last edited by EWGF; Sat 4 Oct '08, 3:57am.

                      Comment


                      • http://arstechnica.com/news.ars/post...l-hotmail.html
                        http://www.amywinehouseforum.co.uk

                        Comment


                        • Originally posted by slcousin View Post
                          My Forum has been hit today too. I dont think these are human spammers.
                          I can say for a fact that they are not humans. I was updating a forum last night that died with a database error. The forum wouldn't work in a browser. It was late and very low activity forum so I let it go. Got up early this morning to fix things up and had a bunch of new user emails!

                          Comment


                          • Change to the Human Verifiaction Library : Question & Answers, and set a few unique creative questions.

                            Bad question: What is 2+2
                            Good question: If you eat half a dozen of apples, but put one back, how many do you have left?

                            Bad question: Color of Sky?
                            Good question: Third letter in the logo of this site? (From the right)

                            Comment


                            • Nice find! Thanks for sharing I see it's not just forums and Gmail, but Hotmail too.

                              Comment


                              • Originally posted by spiceplace View Post
                                I can say for a fact that they are not humans. I was updating a forum last night that died with a database error. The forum wouldn't work in a browser. It was late and very low activity forum so I let it go. Got up early this morning to fix things up and had a bunch of new user emails!
                                We have had confirmation from one forum that a human registered, then turned over the Q&A info to a bot which then rapidly added new registrations to began spamming.

                                At this time I recommend using the Q&A verification with as many different Q&As as possible which will be randomly applied for each registration.

                                Meanwhile the Devs are looking at stronger measures but unfortunately when you have a person doing something like this, then there is no easy way to stop this. If you are being hit, you should consider moderating new members.
                                Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                                Change CKEditor Colors to Match Style (for 4.1.4 and above)

                                Steve Machol Photography


                                Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X