Announcement

Collapse
No announcement yet.

Spammers Getting Around Image Verification

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    You'll have to switch Human Verification methods. Human Verification especially Image Verification is a cat and mouse game. There are only so many changes we can make to the system before they crack it again. The other verification methods are a little more difficult but will eventually be cracked as well.

    If you insist on continuing to use Image based Captcha's then changing the fonts so that they are different from those supplied with vBulletin will slow them down. As will changing the backgrounds.

    The only long term solution to spam will be bayesian filters similar to those used by email clients. vBulletin allows you to use the Akismet Anti-spam filter at this time and will expand to allowing the Typepad Anti-spam filter in 3.8.0.

    Personally, I'd recommend moderating a new user's posts until they have 5 approved before turning off registration. Legitimate users will still post and wait for approval. Spam will be deleted before it reaches the public. Plus if you let them register then you can build you're own anti-spam database to either track it in the future or ban the offenders from your site altogether.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API

    Comment


    • #32
      Another vote for non-human spam bot. Maybe human configured, but it was happening too fast and to too many sites to be human one at a time. I had a flood (about 30 accounts each) created on 3 of the sites I admin. Changing the captcha seemed to stop it.

      Comment


      • #33
        Originally posted by Rusted View Post
        Another vote for non-human spam bot. Maybe human configured, but it was happening too fast and to too many sites to be human one at a time. I had a flood (about 30 accounts each) created on 3 of the sites I admin. Changing the captcha seemed to stop it.
        The newest thing for attacks of this nature are "Human Assisted Bots". People are only called in when the bot beeps that its stuck. The centers that do this could have dozens if not hundreds of people working to register and spam different sites. With modern computers, a single person can unleash the bot on dozens of sites at a time.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API

        Comment


        • #34
          My forum got hammered today as well. I had to turn off new registrations, then deleted all of the spam members.

          What got these people fired up? Who do they think they'll attract?

          Comment


          • #35
            Originally posted by Wayne Luke View Post
            The newest thing for attacks of this nature are "Human Assisted Bots". People are only called in when the bot beeps that its stuck. The centers that do this could have dozens if not hundreds of people working to register and spam different sites. With modern computers, a single person can unleash the bot on dozens of sites at a time.
            The delay between the HTTP GET of the image and the HTTP POST of the reply is less than a second. And that interval is always the same. It's just too fast and consistent to be human.
            Visit www.discussionworldforum.com

            Comment


            • #36
              Count me among the number. Started apparently the other day and today has been murder. I am cleaning out the addresses.

              Comment


              • #37
                I'm being hammered too. I use email verification, captcha, and the NoSpam mod which requires a correct answer to a question that I make up. They are getting by everything like its not even there.
                Last edited by Thamelas; Wed 1 Oct '08, 4:26pm.

                Comment


                • #38
                  I have checked my logs, the spambot isn't even checking the captcha. It calls register.php with a parameter of s and some long hex string then calls index.php with a parameter of s and you can see the rest. No image.php is ever called, so the spambot is bypassing the check.

                  the first two parameters are getting cut off when I post.

                  register.php s = 062e492e20f2647ed111199cd81519a9
                  index.php s = 29407f6d587142b54a2129a1a679a85b

                  PHP Code:


                  84.19.188.30 
                  - - [01/Oct/2008:18:38:44 -0400"GET /forum/register.php? HTTP/1.0" 200 18156 "http://volkovtrio.com/sound/pre/index.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01"
                  84.19.188.30 - - [01/Oct/2008:18:38:48 -0400"GET /forum/index.php? HTTP/1.0" 200 45797 "http://www.erisaboard.com/index.php?" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01"
                  84.19.188.30 - - [01/Oct/2008:18:39:01 -0400"GET /forum/register.php HTTP/1.0" 200 17854 "http://www.erisaboard.com/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01"
                  84.19.188.30 - - [01/Oct/2008:18:39:02 -0400"POST /forum/register.php?do=register HTTP/1.0" 200 23413 "http://www.erisaboard.com/forum/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01"
                  84.19.188.30 - - [01/Oct/2008:18:39:05 -0400"POST /forum/register.php?do=addmember HTTP/1.0" 200 23907 "http://www.erisaboard.com/forum/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01" 

                  Comment


                  • #39
                    The s is the session hash. Do you have image verification on?
                    Translations provided by Google.

                    Wayne Luke
                    The Rabid Badger - a vBulletin Cloud demonstration site.
                    vBulletin 5 API

                    Comment


                    • #40
                      Yes, but it never even calls it. I have tested and everything looks fine but the spambot can register without ever calling the image for verification.

                      Comment


                      • #41
                        Originally posted by Steve Machol View Post
                        Verification does not stop human spammers from registering then turning over the posting to a bot.

                        Please see this: How to Reduce Spam and Registration Bots
                        I've had 50 + spammers just today, on each of my sites. After being banned, they then use the contact us and proceed to spam ME.

                        Can contact us not be disabled for the banned usergroup??
                        Peggy
                        ~ normal is overrated ~

                        One Buzy Mama!

                        Comment


                        • #42
                          This seems like such a silly thing and a huge waste of time.

                          Early this morning, after I figured out what was going on, the new posts were set to automatically be placed into moderation. The messages and the spam accounts were deleted. These spam messages didn't make me want to buy any viagra or visit any porn sites.
                          Michael Garofalo
                          Webmaster - http://photics.com

                          Comment


                          • #43
                            Our site has been hit bad as well. However I am having an issue implenting the extra question during verification. I am using 3.7.1 and I don't have a "User Profile Fields"....

                            I have had to turn off new regs as well.... seems like a pretty big exploit?
                            AdminCP -> User Profile Fields -> Add New User Profile Field

                            Profile Field Type: Single-Line Text Field
                            <<Continue>>

                            Use the following information when creating the Profile Field:
                            Title: Can you spell?
                            (Note: Adjust the title to the question you want to ask)
                            Description: Enter the first character of the word "Monkey"
                            (Note: Adjust the question. Don't use this example as it would be quickly picked up by bot registrations)
                            Default Value: B
                            (Note: anything but a valid answer)
                            Field Required: No, but display at registration
                            Field Editable by User: Only at registration
                            Private Field: Yes
                            Field Searchable on Members List: No
                            Show on Members List: No
                            Regular Expression: ^[mM]$
                            (Note: this expression would only allow a 'm' or 'M' as valid answers, adjust to your needs)

                            Oh Yeah... heres my list of banned IPs...
                            190.11.1*
                            78.157.1*
                            200.63.4*
                            85.12.2*
                            87.118.1*
                            79.143.1*
                            204.246.1*
                            136.226.2*
                            93.92.2*
                            91.66.2*
                            85.12.2*
                            89.18.1*
                            94.75.1*
                            92.112.1*
                            221.12.1*
                            195.149.*
                            93.80.*
                            87.226.*
                            89.208.*
                            92.243.*
                            77.121.*

                            Comment


                            • #44
                              I implemented the extra question. It didn't seem to work for me. HA!
                              Michael Garofalo
                              Webmaster - http://photics.com

                              Comment


                              • #45
                                Originally posted by Photics View Post
                                I implemented the extra question. It didn't seem to work for me. HA!
                                Was your question: What is 2 + 2?

                                You need to ask decent questions.

                                Though like I said in a different thread, I am using Recaptcha on different sites and haven't had a single spam registration. One site is just sitting wide open (not even using the latest version) and uses recaptcha for human verification with no issues today.
                                Translations provided by Google.

                                Wayne Luke
                                The Rabid Badger - a vBulletin Cloud demonstration site.
                                vBulletin 5 API

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X