Announcement

Collapse
No announcement yet.

Spammers Getting Around Image Verification

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Photics
    replied
    This seems like such a silly thing and a huge waste of time.

    Early this morning, after I figured out what was going on, the new posts were set to automatically be placed into moderation. The messages and the spam accounts were deleted. These spam messages didn't make me want to buy any viagra or visit any porn sites.

    Leave a comment:


  • Ohiosweetheart
    replied
    Originally posted by Steve Machol View Post
    Verification does not stop human spammers from registering then turning over the posting to a bot.

    Please see this: How to Reduce Spam and Registration Bots
    I've had 50 + spammers just today, on each of my sites. After being banned, they then use the contact us and proceed to spam ME.

    Can contact us not be disabled for the banned usergroup??

    Leave a comment:


  • khosk
    replied
    Yes, but it never even calls it. I have tested and everything looks fine but the spambot can register without ever calling the image for verification.

    Leave a comment:


  • Wayne Luke
    replied
    The s is the session hash. Do you have image verification on?

    Leave a comment:


  • khosk
    replied
    I have checked my logs, the spambot isn't even checking the captcha. It calls register.php with a parameter of s and some long hex string then calls index.php with a parameter of s and you can see the rest. No image.php is ever called, so the spambot is bypassing the check.

    the first two parameters are getting cut off when I post.

    register.php s = 062e492e20f2647ed111199cd81519a9
    index.php s = 29407f6d587142b54a2129a1a679a85b

    PHP Code:


    84.19.188.30 
    - - [01/Oct/2008:18:38:44 -0400"GET /forum/register.php? HTTP/1.0" 200 18156 "http://volkovtrio.com/sound/pre/index.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01"
    84.19.188.30 - - [01/Oct/2008:18:38:48 -0400"GET /forum/index.php? HTTP/1.0" 200 45797 "http://www.erisaboard.com/index.php?" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01"
    84.19.188.30 - - [01/Oct/2008:18:39:01 -0400"GET /forum/register.php HTTP/1.0" 200 17854 "http://www.erisaboard.com/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01"
    84.19.188.30 - - [01/Oct/2008:18:39:02 -0400"POST /forum/register.php?do=register HTTP/1.0" 200 23413 "http://www.erisaboard.com/forum/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01"
    84.19.188.30 - - [01/Oct/2008:18:39:05 -0400"POST /forum/register.php?do=addmember HTTP/1.0" 200 23907 "http://www.erisaboard.com/forum/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01" 

    Leave a comment:


  • Thamelas
    replied
    I'm being hammered too. I use email verification, captcha, and the NoSpam mod which requires a correct answer to a question that I make up. They are getting by everything like its not even there.
    Last edited by Thamelas; Wed 1 Oct '08, 4:26pm.

    Leave a comment:


  • Doodad
    replied
    Count me among the number. Started apparently the other day and today has been murder. I am cleaning out the addresses.

    Leave a comment:


  • Dominiek
    replied
    Originally posted by Wayne Luke View Post
    The newest thing for attacks of this nature are "Human Assisted Bots". People are only called in when the bot beeps that its stuck. The centers that do this could have dozens if not hundreds of people working to register and spam different sites. With modern computers, a single person can unleash the bot on dozens of sites at a time.
    The delay between the HTTP GET of the image and the HTTP POST of the reply is less than a second. And that interval is always the same. It's just too fast and consistent to be human.

    Leave a comment:


  • JonUrban
    replied
    My forum got hammered today as well. I had to turn off new registrations, then deleted all of the spam members.

    What got these people fired up? Who do they think they'll attract?

    Leave a comment:


  • Wayne Luke
    replied
    Originally posted by Rusted View Post
    Another vote for non-human spam bot. Maybe human configured, but it was happening too fast and to too many sites to be human one at a time. I had a flood (about 30 accounts each) created on 3 of the sites I admin. Changing the captcha seemed to stop it.
    The newest thing for attacks of this nature are "Human Assisted Bots". People are only called in when the bot beeps that its stuck. The centers that do this could have dozens if not hundreds of people working to register and spam different sites. With modern computers, a single person can unleash the bot on dozens of sites at a time.

    Leave a comment:


  • Rusted
    replied
    Another vote for non-human spam bot. Maybe human configured, but it was happening too fast and to too many sites to be human one at a time. I had a flood (about 30 accounts each) created on 3 of the sites I admin. Changing the captcha seemed to stop it.

    Leave a comment:


  • Wayne Luke
    replied
    You'll have to switch Human Verification methods. Human Verification especially Image Verification is a cat and mouse game. There are only so many changes we can make to the system before they crack it again. The other verification methods are a little more difficult but will eventually be cracked as well.

    If you insist on continuing to use Image based Captcha's then changing the fonts so that they are different from those supplied with vBulletin will slow them down. As will changing the backgrounds.

    The only long term solution to spam will be bayesian filters similar to those used by email clients. vBulletin allows you to use the Akismet Anti-spam filter at this time and will expand to allowing the Typepad Anti-spam filter in 3.8.0.

    Personally, I'd recommend moderating a new user's posts until they have 5 approved before turning off registration. Legitimate users will still post and wait for approval. Spam will be deleted before it reaches the public. Plus if you let them register then you can build you're own anti-spam database to either track it in the future or ban the offenders from your site altogether.

    Leave a comment:


  • biglips31
    replied
    Originally posted by birdie View Post
    This current onslaught are not bots; they are humans.

    I am getting hammed since last night.. These are bots' not humans.. Lets get a solution here.
    I had to actually turn off the registrations.. Thanks

    Leave a comment:


  • maritimesbob
    replied
    Glad I see this topic.

    I have also been hit by spammers signing up today. Never had this problem up until today. I have blocked "ru.mail" emails, but now they`re using gmail addresses too. I`m getting them every ten minutes or so.

    We have our board set up for admin approval. Going to be a pita having to go through all them all and hoping I don`t zap a genuine registration.

    Leave a comment:


  • bluidkiti
    replied
    Post from a spammer:

    Quote:
    Well... interesting site... Im looking for seek-url on your site.Can you advise me?P.S. Anybody know about [link removed] software? Need a link to it...
    I had a new member post something similar at one of my sites day before yesterday.

    Info on that new member below:
    User Name Zumokillat
    IP 200.63.42.85
    Location: Kalinka
    email [email protected]
    Last edited by bluidkiti; Wed 1 Oct '08, 1:27pm. Reason: Add info

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X