Tweet
I am being hit with 50-75 a day too. And I changed it two days ago to moderate new users and the only users getting moderated are legit. The Spammers are by passing the moderate new users option.
-
-
Can someone who has had spammers bypassing user moderation, please post this into bug tracker so that vbulletin programers can have a look at it because it seems like a major security flaw.Originally posted by unicorn2433 View Post.Comment
-
If that is the case, there is a major security issue here and an emergency is at hand.Originally posted by unicorn2433 View Post
My forum got hit as well, BTW...few got through in my case: 6- 12
I used Akismet, Image Verification and Address Verification.
I just switched to Registration Moderation, reCAPTCHA until we know what's going on.
I fear someone found an exploit and is milking it for all its worth.Comment
-
Just to clarify. Nothing is "bypassed" they can just "read" what the captcha says, it is not a security issue. That said, yes, very frustrating for board owners and changing to the HV Q+A with a home made creative question stops it for 99%Comment
-
--I also hope that is not true, and that you are having some other issue. So far, I have not seen anything like this. I will certainly report it if I see it. The other thing I wanted to mention is to be careful with signatures. I.e. even if you moderate new users, only give signature create access to fully registered users that you trust are legit. If these creeps register, the first thing they try to corrupt is the signature.Originally posted by unicorn2433 View PostComment
-
Default usergroup: Always moderate? YES
Create a new usergroup: dont-moderate-these-members, with permission to not moderate them.
Create a new promotion for the default usergroup, to upgrade after 2 or 5 posts to additional usergroup you just created.
Then everybody has 0 posts basically that sign up, untill their good posts are approved, every hour the script checks who has the x or more posts, and upgrades them, so future posts wont get moderated.Comment
-
From the few reports I've read in the last 48 hours only 1 user I can not clarify why this happened. No log files are provided either. If this happens to you too, please provide server log files for access_log and error_log in a private support ticket, with details of what user and which IP. So we can see if we can trace the steps back and find out why they could possibly bypass this usergroup.Originally posted by yogesh View PostComment
-
This is very odd I was about to post a thread wondering why we are receiving so many spammers the past 2 days. It's strange to see its not just me..Comment
-
Never ever got spam through sendmessage.php until yesterday
Using different e-mails, IP's are not the same but the first numbers are often identical, sometimes advertisments for movfree or german viagra. They're always sent at night, strangely. Luckily they don't register yet, so I'll disable sendmessage.php for unregistered members.
Edit: Ah, good thread: http://www.vbulletin.com/forum/showthread.php?t=275800Last edited by EWGF; Sat 4 Oct '08, 3:57am.Comment
-
I can say for a fact that they are not humans. I was updating a forum last night that died with a database error. The forum wouldn't work in a browser. It was late and very low activity forum so I let it go. Got up early this morning to fix things up and had a bunch of new user emails!Originally posted by slcousin View PostComment
-
Change to the Human Verifiaction Library : Question & Answers, and set a few unique creative questions.
Bad question: What is 2+2
Good question: If you eat half a dozen of apples, but put one back, how many do you have left?
Bad question: Color of Sky?
Good question: Third letter in the logo of this site? (From the right)Comment
-
Nice find! Thanks for sharingOriginally posted by Winehouse View Post
I see it's not just forums and Gmail, but Hotmail too.
Comment
-
We have had confirmation from one forum that a human registered, then turned over the Q&A info to a bot which then rapidly added new registrations to began spamming.Originally posted by spiceplace View Post
At this time I recommend using the Q&A verification with as many different Q&As as possible which will be randomly applied for each registration.
Meanwhile the Devs are looking at stronger measures but unfortunately when you have a person doing something like this, then there is no easy way to stop this. If you are being hit, you should consider moderating new members.Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
Comment