Announcement

Collapse
No announcement yet.

Spammers Getting Around Image Verification

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #46
    I was getting them all day, changed from image verification to extra question and it stopped.

    Comment


    • #47
      Originally posted by HobbiesPR View Post
      Lots of the registrations I have seen today, under the user info: Biography: Man

      Registering from different locations but using the same entry in the Biography.
      When you see 'Man' in any profile field, its always a bot. Before 3.7.x I used to get those all the time.

      I enabled all checkboxes on the image verification settings (random shapes was the only one I had turned off) and the registrations stopped immediately.

      Maybe they only had a partial crack on the image verification.
      Last edited by Lt. Dan; Wed 1 Oct '08, 6:33pm.

      Comment


      • #48
        Originally posted by Photics View Post
        This seems like such a silly thing and a huge waste of time.

        Early this morning, after I figured out what was going on, the new posts were set to automatically be placed into moderation. The messages and the spam accounts were deleted. These spam messages didn't make me want to buy any viagra or visit any porn sites.
        Yes it is a huge waste of time... for a human. That's why they have bots spewing this mindless BS.

        I really wish there were some laws with teeth to throw these people in jail.

        Comment


        • #49
          Spam is on the rise now... just yesterday and today we have been getting an influx of over 30 spam registrations from russia.... and the email they register with always resolves to gmail or some other free email service.

          We have email verification and they seem to also verify their email accounts some how and spam...

          Comment


          • #50
            Awaiting Moderation

            I have turned ON new registration moderation, over 60 spam users today. I have deleted some users but this is a screenshot of the remaining. Lots using gmail.com now.
            Attached Files
            HobbiesPR.com - Hobbies Radio Control Forum
            AnytimeHosting.com

            Comment


            • #51
              Originally posted by Wayne Luke View Post
              Was your question: What is 2 + 2?

              You need to ask decent questions.
              Yes, we also got smashed yesterday too.

              The question stopped them, no point putting a question that can be Googled.

              Comment


              • #52
                Same BS here. Here is a list of new banning options I added as of today (I actually totally disabled gmail and hotmail for now since 98% of the spammers used those emails as well as .ru emails)

                Emails:
                @gmail.com @hjklghjkl.co.cc rambler.ru @xmail.net mymail-in.net @e-mail.org @web-sex.tv @mail.ru @intim-shluhi.ru @viagrabe.com @sina.com

                IP's:
                93.81.*
                92.243.*
                82.7.*
                78.157.*
                67.212.*
                87.118.*
                94.50.*
                93.81.*
                200.63.*

                I know this is somewhat drastic but at this point I had no choice. I probable deleted around 300 accounts today.

                Tip: Do a search for new accounts registered today/yesterday.
                If they use a gmail I just deleted them. But click on their profile and look for suspicious sigs, websites, etc...

                Hopefully this helps. And note: I am using all of the current spam settings. The only thing I do not have (but am adding right now) is the extra registration question...
                Bob- (pank)
                pankpages.com / http://twitter.com/_pank

                Comment


                • #53
                  I am using 3.6.11 with no spam and they manged to break past nospam as well! These are definetly bots, which never used to get past nospam and imagevarification. Another interesting twist came when I traced two ips which belong to servers is US and one of them to an imageshack server (check your logs for ips begining with 70.) though that one didn't made it past the registration page, it kind of makes me believe that it might be a handy work of distributed spam network, being carried out through a trojan or a virus, installed on computers/servers.
                  .

                  Comment


                  • #54
                    Originally posted by khosk View Post
                    I have checked my logs, the spambot isn't even checking the captcha. It calls register.php with a parameter of s and some long hex string then calls index.php with a parameter of s and you can see the rest. No image.php is ever called, so the spambot is bypassing the check.

                    the first two parameters are getting cut off when I post.

                    register.php s = 062e492e20f2647ed111199cd81519a9
                    index.php s = 29407f6d587142b54a2129a1a679a85b

                    PHP Code:


                    84.19.188.30 
                    - - [01/Oct/2008:18:38:44 -0400"GET /forum/register.php? HTTP/1.0" 200 18156 "http://volkovtrio.com/sound/pre/index.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01"
                    84.19.188.30 - - [01/Oct/2008:18:38:48 -0400"GET /forum/index.php? HTTP/1.0" 200 45797 "http://www.erisaboard.com/index.php?" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01"
                    84.19.188.30 - - [01/Oct/2008:18:39:01 -0400"GET /forum/register.php HTTP/1.0" 200 17854 "http://www.erisaboard.com/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01"
                    84.19.188.30 - - [01/Oct/2008:18:39:02 -0400"POST /forum/register.php?do=register HTTP/1.0" 200 23413 "http://www.erisaboard.com/forum/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01"
                    84.19.188.30 - - [01/Oct/2008:18:39:05 -0400"POST /forum/register.php?do=addmember HTTP/1.0" 200 23907 "http://www.erisaboard.com/forum/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01" 
                    Is this bypassing reCaptcha as well?

                    Comment


                    • #55
                      Seriously.... I don't have "AdminCP -> User Profile Fields -> Add New User Profile Field
                      " in my AdminCP. I am using 3.7.1. What am i missing here????

                      I have had to turn off new regs as well.... seems like a pretty big exploit?
                      AdminCP -> User Profile Fields -> Add New User Profile Field

                      Profile Field Type: Single-Line Text Field
                      <<Continue>>

                      Use the following information when creating the Profile Field:
                      Title: Can you spell?
                      (Note: Adjust the title to the question you want to ask)
                      Description: Enter the first character of the word "Monkey"
                      (Note: Adjust the question. Don't use this example as it would be quickly picked up by bot registrations)
                      Default Value: B
                      (Note: anything but a valid answer)
                      Field Required: No, but display at registration
                      Field Editable by User: Only at registration
                      Private Field: Yes
                      Field Searchable on Members List: No
                      Show on Members List: No
                      Regular Expression: ^[mM]$
                      (Note: this expression would only allow a 'm' or 'M' as valid answers, adjust to your needs)

                      Comment


                      • #56
                        Originally posted by Steve Machol View Post
                        Post #2.
                        Thanks for the info. Steve. I have had everything you mentioned in place except for moderating new posts and the recaptcha service. I am now moderating new posts because of the 30 or so spammers my forum got today. They were all from @gmail.com. I have never had this many register at one time.

                        Comment


                        • #57
                          Originally posted by wutthehell View Post
                          Seriously.... I don't have "AdminCP -> User Profile Fields -> Add New User Profile Field
                          " in my AdminCP. I am using 3.7.1. What am i missing here????

                          I have had to turn off new regs as well.... seems like a pretty big exploit?
                          AdminCP -> User Profile Fields -> Add New User Profile Field

                          Profile Field Type: Single-Line Text Field
                          <<Continue>>

                          Use the following information when creating the Profile Field:
                          Title: Can you spell?
                          (Note: Adjust the title to the question you want to ask)
                          Description: Enter the first character of the word "Monkey"
                          (Note: Adjust the question. Don't use this example as it would be quickly picked up by bot registrations)
                          Default Value: B
                          (Note: anything but a valid answer)
                          Field Required: No, but display at registration
                          Field Editable by User: Only at registration
                          Private Field: Yes
                          Field Searchable on Members List: No
                          Show on Members List: No
                          Regular Expression: ^[mM]$
                          (Note: this expression would only allow a 'm' or 'M' as valid answers, adjust to your needs)
                          I just set it up and it appears to be working fine???
                          Bob- (pank)
                          pankpages.com / http://twitter.com/_pank

                          Comment


                          • #58
                            Getting the same spam that others are on a forum that's very low traffic.

                            The attack definitely appears distributed - webmasters blocking out such IP addresses are wasting their time, and worse may be blocking out legitimate people, if blocking IP ranges, which it appear some webmasters are doing.

                            I get the feeling, especially based on what others here have posted, that some spammers may be totally bypassing vBulletin's captcha.

                            Ron

                            Comment


                            • #59
                              Originally posted by Wayne Lukas
                              am using Recaptcha on different sites and haven't had a single spam registration.
                              Listen to the man

                              The progam appears to defeat captcha not recaptcha
                              The kalinka klown must be selling the program for cheap now, it was $3Gs.

                              Comment


                              • #60
                                reCaptcha is not foolproof - they're getting past it as well.
                                Peggy
                                ~ normal is overrated ~

                                One Buzy Mama!

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X