Announcement

Collapse
No announcement yet.

Spammers Getting Around Image Verification

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • spiceplace
    replied
    Originally posted by slcousin View Post
    My Forum has been hit today too. I dont think these are human spammers.
    I can say for a fact that they are not humans. I was updating a forum last night that died with a database error. The forum wouldn't work in a browser. It was late and very low activity forum so I let it go. Got up early this morning to fix things up and had a bunch of new user emails!

    Leave a comment:


  • Winehouse
    replied
    http://arstechnica.com/news.ars/post...l-hotmail.html

    Leave a comment:


  • EWGF
    replied
    Never ever got spam through sendmessage.php until yesterday

    Using different e-mails, IP's are not the same but the first numbers are often identical, sometimes advertisments for movfree or german viagra. They're always sent at night, strangely. Luckily they don't register yet, so I'll disable sendmessage.php for unregistered members.








    Edit: Ah, good thread: http://www.vbulletin.com/forum/showthread.php?t=275800
    Last edited by EWGF; Sat 4 Oct '08, 3:57am.

    Leave a comment:


  • se_p800
    replied
    This is very odd I was about to post a thread wondering why we are receiving so many spammers the past 2 days. It's strange to see its not just me..

    Leave a comment:


  • Floris
    replied
    Originally posted by yogesh View Post
    Floris please read Unicorn's reply, this is not the first time I am reading a post like this here or in vb.org.
    From the few reports I've read in the last 48 hours only 1 user I can not clarify why this happened. No log files are provided either. If this happens to you too, please provide server log files for access_log and error_log in a private support ticket, with details of what user and which IP. So we can see if we can trace the steps back and find out why they could possibly bypass this usergroup.

    Leave a comment:


  • Floris
    replied
    Default usergroup: Always moderate? YES

    Create a new usergroup: dont-moderate-these-members, with permission to not moderate them.

    Create a new promotion for the default usergroup, to upgrade after 2 or 5 posts to additional usergroup you just created.

    Then everybody has 0 posts basically that sign up, untill their good posts are approved, every hour the script checks who has the x or more posts, and upgrades them, so future posts wont get moderated.

    Leave a comment:


  • TGRS
    replied
    Originally posted by unicorn2433 View Post
    The Spammers are by passing the moderate new users option.
    --I also hope that is not true, and that you are having some other issue. So far, I have not seen anything like this. I will certainly report it if I see it. The other thing I wanted to mention is to be careful with signatures. I.e. even if you moderate new users, only give signature create access to fully registered users that you trust are legit. If these creeps register, the first thing they try to corrupt is the signature.

    Leave a comment:


  • yogesh
    replied
    Originally posted by unicorn2433 View Post
    I changed it two days ago to moderate new users and the only users getting moderated are legit. The Spammers are by passing the moderate new users option.
    Originally posted by Floris View Post
    Just to clarify. Nothing is "bypassed" they can just "read" what the captcha says, it is not a security issue. That said, yes, very frustrating for board owners and changing to the HV Q+A with a home made creative question stops it for 99%
    Floris please read Unicorn's reply, this is not the first time I am reading a post like this here or in vb.org.

    Leave a comment:


  • Floris
    replied
    Just to clarify. Nothing is "bypassed" they can just "read" what the captcha says, it is not a security issue. That said, yes, very frustrating for board owners and changing to the HV Q+A with a home made creative question stops it for 99%

    Leave a comment:


  • SolidSlug
    replied
    Originally posted by unicorn2433 View Post
    The Spammers are by passing the moderate new users option.
    If that is the case, there is a major security issue here and an emergency is at hand.

    My forum got hit as well, BTW...few got through in my case: 6- 12

    I used Akismet, Image Verification and Address Verification.

    I just switched to Registration Moderation, reCAPTCHA until we know what's going on.
    I fear someone found an exploit and is milking it for all its worth.

    Leave a comment:


  • yogesh
    replied
    Originally posted by unicorn2433 View Post
    I am being hit with 50-75 a day too. And I changed it two days ago to moderate new users and the only users getting moderated are legit. The Spammers are by passing the moderate new users option.
    Can someone who has had spammers bypassing user moderation, please post this into bug tracker so that vbulletin programers can have a look at it because it seems like a major security flaw.

    Leave a comment:


  • unicorn2433
    replied
    I am being hit with 50-75 a day too. And I changed it two days ago to moderate new users and the only users getting moderated are legit. The Spammers are by passing the moderate new users option.

    Leave a comment:


  • beishe8
    replied
    Originally posted by Freddie Bingham View Post
    On the page where you specified the question, there are two input boxes.

    Question
    Answers are added after the question is created.

    Regular Expression
    You may require the input field to match a regular expression (PCRE).

    A regex answer allows you to use code to specify multiple answers. You need to leave that blank and save your question. After you save, you will see your question and then a new "Add Answer" option beneath it. If you specify "bul" as an answer then the only answers that will be accepted is

    bul

    Answers are case insensitive so BUL (and so one) will also be accepted.
    Thank you Freddie,I'll try it.

    Leave a comment:


  • Freddie Bingham
    replied
    Originally posted by beishe8 View Post
    Sorry Freddie,I really don't understand how the regex option works or what it is.
    What I know is, that after setting them up,nospam works,Q&A does not.
    On the page where you specified the question, there are two input boxes.

    Question
    Answers are added after the question is created.


    Regular Expression
    You may require the input field to match a regular expression (PCRE).


    A regex answer allows you to use code to specify multiple answers. You need to leave that blank and save your question. After you save, you will see your question and then a new "Add Answer" option beneath it. If you specify "bul" as an answer then the only answers that will be accepted is

    bul

    Answers are case insensitive so BUL (and so one) will also be accepted.

    Leave a comment:


  • beishe8
    replied
    Originally posted by Freddie Bingham View Post
    That would only happen if you put "bul" into the regex option as is. If you want to only accept "bul" then create a proper answer using the answer system. If you want to use the regex option then you need to understand how it works.
    Sorry Freddie,I really don't understand how the regex option works or what it is.
    What I know is, that after setting them up,nospam works,Q&A does not.

    Going to check the options for Q&A now...

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X