Announcement

Collapse
No announcement yet.

Spammers Getting Around Image Verification

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Freddie Bingham
    replied
    Originally posted by natbaines View Post
    i changed to recaptcha after the recent problems and have gone from over 50 spammers in 12 hours to none.

    I am however anxious that Freddie believes recaptcha will also be broken soon, but if it works for now im happy for now!
    If vB owners change to recapctha in mass, then the script programmers will shift more resources to breaking it. I'm sure the recaptcha team can adjust it but it becomes an ongoing game.

    Leave a comment:


  • natbaines
    replied
    i changed to recaptcha after the recent problems and have gone from over 50 spammers in 12 hours to none.

    I am however anxious that Freddie believes recaptcha will also be broken soon, but if it works for now im happy for now!

    Leave a comment:


  • Freddie Bingham
    replied
    Originally posted by mikeinjersey View Post
    Instead of messing around with all that, I was going to try out the ReCaptcha method. But is it confirmed that, thats broken as well ? isnt that a fee based service ?
    As I said in my post
    The update for this program states that it hasn't broken recaptcha
    Recaptcha is free.

    Leave a comment:


  • Floris
    replied
    Originally posted by mikeinjersey View Post
    Instead of messing around with all that, I was going to try out the ReCaptcha method. But is it confirmed that, thats broken as well ? isnt that a fee based service ?
    It is not broken (yet); and once it is, surely since it's a service they will try to update reCAPTCHA to fix that.

    Leave a comment:


  • mikeinjersey
    replied
    Originally posted by Freddie Bingham View Post

    If you are using the image captcha, change the fonts and the backgrounds. In your forums/images/regimage directory, you will find a fonts/ and a backgrounds/ directory. Remove all of the default fonts in the fonts directory and add a collection of your own .ttf fonts. You can get freeware fonts all over the web. Pick some that are a bit strange but still readible and stick them in the directory. The backgrounds are 201x61 jpg images. Create your own, I suggest putting some text on them, that will really confuse the script, just do it so that when the captcha text is added to it by vBulletin, it doesn't confuse your registrees. The system will automatically use the fonts and images that you add to the appropriate directories.
    Instead of messing around with all that, I was going to try out the ReCaptcha method. But is it confirmed that, thats broken as well ? isnt that a fee based service ?

    Leave a comment:


  • Freddie Bingham
    replied
    It does appear that a certain spam program has released an update in the last few days that is able to decipher the image captchas of gmail, Invision, PHPBB, and vBulletin. Since gmail is broken, the script can automatically create email addresses for email verification.

    The update for this program states that it hasn't broken recaptcha, though they are surely trying.

    To continue to devise an image captcha, that is increasingly difficult for humans to decipher, leads to a captcha that only a computer can decipher. This is why I built the image captcha to be configurable by the end user.

    If you are using the image captcha, change the fonts and the backgrounds. In your forums/images/regimage directory, you will find a fonts/ and a backgrounds/ directory. Remove all of the default fonts in the fonts directory and add a collection of your own .ttf fonts. You can get freeware fonts all over the web. Pick some that are a bit strange but still readible and stick them in the directory. The backgrounds are 201x61 jpg images. Create your own, I suggest putting some text on them, that will really confuse the script, just do it so that when the captcha text is added to it by vBulletin, it doesn't confuse your registrees. The system will automatically use the fonts and images that you add to the appropriate directories.

    When using the QA system, don't create questions like these:

    What is 2 + 2?
    Please enter the word "brown".

    The nefarious script at work here can most likely handle those questions. You must ask a question that doesn't give the answer in the question. I suspect something like "If you have three apples and eat one, how many do you have left?" would work.

    Adding required fields will also no longer work. The script can handle the "required field missing" errors and resubmit with those fields filled in.

    Leave a comment:


  • kellym
    replied
    I got hit with 50 or 60 new users yesterday. Usually I get 1 or 2 new users a day. Indeed many use gmail addresses, and almost all come from unique IP addresses often in China, Russia, the Ukraine or the USA.

    Sometimes it's difficult to determine a real user from a spammer. The bots are starting to fill out the User Profile fields, making it look like they are real people. I spent a few hours tracking the attackers and noticed a curious thing: the computers used to register are compromised/hacked machines from all around the world.

    Try a port scan for TCP port 3389 on your newly registered users. I bet dollars to donuts the port is open, and it's a compromised machine. About 90% of the time, the spammers are using Windows Terminal Server to access these compromised computers, they register on Gmail and vBulletin forums and post forum spam. They are likely using the XRumer tool to automate this process, as the tool's authors started boasting recently that they've cracked both Gmail & vBulletin's image verification methods.

    Code:
    nmap -sS -T4 -P0 -p 3389 aaa.bbb.ccc.ddd
    where the aaa.bbb.ccc.ddd is the IP address of the new user.

    I implemented Moderation of all new users, so new spam doesn't hit the public. And since I already have Image Verification enabled, I added a second text-based Human Verification option as discussed in this thread. So far so good.

    kelly

    Leave a comment:


  • mikeinjersey
    replied
    I did a simple question and answer thing on all 3 of my forums...and the spam registrations stopped instantly. I wish people would stop posting with the inaccurate replies saying that this doesnt work and that doesnt work without giving it some time..

    Obviously the simpliest question and answer protocol fixes everything instantly....for now.

    so have just installed that No Spam mod, thanks for the links to it.
    I may install it as it seems like the next best method... but maybe vBulletin.com will implement it in their next version ? if so i'll wait.

    Leave a comment:


  • birdie
    replied
    I have 5 vB forums; 2 have been getting hit really bad and could not work out why the other 3 were being left alone ... I just put it down to luck.

    HOWEVER, I just worked out that I had the NoSpam! mod from vB.org installed on the 3 that were not getting hit ... I thought I had installed on all 5! ... installed it a couple of hours ago and the flood stopped instantly.

    Leave a comment:


  • Steve Machol
    replied
    Just a reminder: How to Reduce Spam and Registration Bots

    Leave a comment:


  • ascender
    replied
    Originally posted by Wayne Luke View Post
    There is the No Spam! addon at www.vbulletin.org. You can use that with one of the built-in Human Verification methods to have multiple questions. Also you can simply add required profile fields in the Profile Field Manager. See the following thread for an example:

    http://www.vbulletin.com/forum/showthread.php?t=205214
    I've been looking at NoSpam! but unfortunately can't get the mod to show on the user registration form. Meanwhile the spammers are rolling on in!

    Leave a comment:


  • Wayne Luke
    replied
    Originally posted by ascender View Post
    Is there any way that VB could be modified to support multiple questions & answers upon registration?
    There is the No Spam! addon at www.vbulletin.org. You can use that with one of the built-in Human Verification methods to have multiple questions. Also you can simply add required profile fields in the Profile Field Manager. See the following thread for an example:

    http://www.vbulletin.com/forum/showthread.php?t=205214

    Leave a comment:


  • terryp3
    replied
    Same thing, started yesterday, turned moderate new registrations on but ended up having to close registrations. Opened up today and back they come.
    I've just tried adding the extra profile field in the hopes that that stops them.

    Leave a comment:


  • ascender
    replied
    Is there any way that VB could be modified to support multiple questions & answers upon registration?

    Leave a comment:


  • Doodad
    replied
    I have been relatively quiet today with only a few spammers trying to join that I nixed quickly. Real users are being moderated, and they got in. I have not seen any spammers since this morning on the east coast.

    Mine is a very quiet forum with small daily input. BUT, it is school related and our member are teachers so porn (the one that did post to be moderated) is a threat to my well being.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X