The title says it all,

I´m trying out Question & Answer Verification, let´s see how that goes, Image Verfication doesn´t seem to be enough.

Please vote, and tell us why.

recaptcha because it offers audio.

But which one is most effective ? For sure images are not enough for my forum.

Recaptcha too :)

reCaptcha works great for me

But which one is most effective ? For sure images are not enough for my forum.
I guess reCaptcha. Haven't had any spam issues on forums that I have worked on that use it.

I use Image Verification.

Question and answer verification. Spam has been pretty low for ages thanks to it.

reCaptcha.

With dozens of new registrations today alone (and limited time to delete them), I have just switched to ReCaptcha.

*crosses fingers* hoping for the best.

With dozens of new registrations today alone (and limited time to delete them), I have just switched to ReCaptcha.

*crosses fingers* hoping for the best.

We just had a huge influx of spammers this morning while using Image Verfication. We changed to ReCaptcha and so far we're good.

Over 60 spammers this morning.... :mad:

As with many others I used Image Verification but had a major influx of spammers signing up last night from Russian, Estonian and Ukranian addresses so I switched over to reCaptcha. That seems to have put a halt to the spam registrations. I'll probably add in the Q&A verification in addition to reCaptcha later tonight just to be sure. (Since I've heard that some bots/borgs are allied with humans to break reCaptcha.)

Question and Answer won't do anything to stop human registrations. Even if they don't speak the language, they just have to google the question to get the answer.

It's worked quite well for me along with moderating the first few posts. I haven't had spam bots for ages now...

We just had a huge influx of spammers this morning while using Image Verfication. We changed to ReCaptcha and so far we're good.

Over 60 spammers this morning.... :mad:

I have had the same thing happen to my forum today. How do I get ReCaptcha installed? Anyone have any tips or pointers?

The Spam is getting out of control.

TIA

If you're a vBulletin customer, reCaptcha support is standard in 3.7.0 and higher.

I have had the same thing happen to my forum today. How do I get ReCaptcha installed? Anyone have any tips or pointers?

The Spam is getting out of control.

TIA
Some links:

http://recaptcha.net/
http://www.vbulletin.com/docs/html/humanverify_recaptchaverify

I use reCaptcha. However, there will never be a 100% solution for not allowing spammers in. This is due to people that are hired to specifically handle the CAPTCHA stage of registration. If you prevent them from signing up, odds are you're also preventing anyone else from joining, too.

An ideal approach would be an invitation system. Whoever is found to have invited the spammer gets the boot (as well as possibly their other invitees).

ReCaptcha because I also wanted to do my bit for world literacy. :D

In any case, none of these can stop human registrations, in any case I have stopped more spammers so far using question and answer instead of image validation.

In the past couple of days, my forum has had a dramatic increase in spammer registrations. I can only conclude that the standard vBulletin image Capthca has been broken and is now automated. The spam accounts are all from what appear to be open proxies or are otherwise known for forum spam sources (see http://www.stopforumspam.com).

For vBulletin developers, it would be nice to have a way to check a remote database of known open proxies or otherwise bad IPs during registration. I know that the admin tool supports a list of banned IPs, but I worry about loading up over 13,000 lines -- the current list from stopforumspam.com. A database query or external blacklist query would, I think, be preferable.

After last night's flood of spam bot registrations I changed the verification method to reCaptcha. Here's to hoping that makes a difference.

I use the vB Captcha. No one has 'broken' it.

I use the vB Captcha. No one has 'broken' it.
Two forums I administrate used the vB Captcha for the longest time, until yesterday when both forums got slammed with hundreds of Spam Bots. I'm talking at least 100 bots attacked my Final Fantasy forums alone. I alone deleted roughly 45+ spam bot accounts yesterday, then I came online this morning to find roughly 50+ new accounts to have been banned by my admins and mods. Who knows how many hit the other forum.

I switched one to ReCaptcha and we're planning on upgrading the other to 3.7 (it still runs 3.6) so we can change it to ReCaptcha as well, and see how that works out.

Somehow, they got passed the vB Captcha as well as the Email Activation, because they were in the Registered Users group.

I don't blame Jelsoft, though, they did a damn fine job on the Human Verification feature. It's just these damn persistent spammers that get on my nerves.

Somehow, they got passed the vB Captcha as well as the Email Activation, because they were in the Registered Users group.

Email Verification on free web-based systems is as simple as spidering the inbox and following the links in the emails.

There is no confirmation at this time that Bots can bypass Image Verification, particular if you have the right settings. However humans can and once they do that they can turn over posting to a Bot.

My forum has also been hit with an influx of spammers over the past two or three days. Guess it's time to switch to reCaptcha. :cool:

There is no confirmation at this time that Bots can bypass Image Verification, particular if you have the right settings. However humans can and once they do that they can turn over posting to a Bot.
I understand that, but not hundreds within a few hours time on two completely seperate forums.

I had all settings on except for Random Shapes, I'm unsure about the other board.

I'm not trying to argue if the vB Captcha is broken, it probably was a misconfiguration on our part, I just find it odd that it has stopped many bots in their tracks and then all of a sudden we get flooded with them in one day.

"Question and Answer" has really helped for me. I've found the key is to make it easy, but not something that could be Googled. For example, you could say "In our logo in the top-left corner of the screen, what is the second letter?". Add a variety of questions. This requires that the user actually views your entire page (not just sending a captcha jpg to a porn-surfer), which should help.

Even better, allow us to drop the questions into captcha format (buried in an image with somewhat rough letters). It'll still be easy enough for a human to read and answer, but creates a number of steps for a spammer.

-- Decipher the captcha
-- Understand what it says
-- Look elsewhere on the page for the answer
-- Enter the answer in the box

I realize that the variable length of the question makes the image generation a little more difficult, but it seems to be a pretty good answer for the problem.

Thoughts?

"Question and Answer" has really helped for me. I've found the key is to make it easy, but not something that could be Googled. For example, you could say "In our logo in the top-left corner of the screen, what is the second letter?". Add a variety of questions. This requires that the user actually views your entire page (not just sending a captcha jpg to a porn-surfer), which should help.

Even better, allow us to drop the questions into captcha format (buried in an image with somewhat rough letters). It'll still be easy enough for a human to read and answer, but creates a number of steps for a spammer.

-- Decipher the captcha
-- Understand what it says
-- Look elsewhere on the page for the answer
-- Enter the answer in the box

I realize that the variable length of the question makes the image generation a little more difficult, but it seems to be a pretty good answer for the problem.

Thoughts?

I would personally find that rather annoying and it might discourage me from registering at all. :cool:

The point of Captcha is to make it difficult for non-humans to register while still keeping it easy for humans to do so. I find it annoying enough that I have to decipher sometimes hard-to-decipher strings that are typically only 6 characters or so. If I had to decipher an entire question, and then look around on your page for the answer, and then enter the answer, I would probably just not bother at all.

If I had to decipher an entire question
Sorry for the confusion -- I shouldn't have said "decipher". I imagine this being rather plain text, but in image form. This would make it no harder for humans, but would add an extra step for spammers.


and then look around on your page for the answer
You don't have make them "look around" -- just tell them where to look. I think as more sites start using Q&A, bots will start developing better semantic matching. If you say "What is the third letter in the word HOUSE?" or "What is the sum of 3+1?", they'll be able to interpret that and send back an answer automatically. If you ask a unique (but simple) question, as I showed above, I think it will work for a longer period of time.

reCAPTCHA has been broken, one of my client sites got hundreds of spammers yesterday, I have now changed that to Q & A.

Damn spammers, they are truly the scum of the earth.

This program that got out is about $500, and they are more than happy to pay for it. And the reason is, it's a TINY investment. Because spamming is big bucks. I agree, people who use these scripts and who scam and spam people, very very sad.

Floris, what program are you referring to ?

Floris, what program are you referring to ?

I'm guessing XRumer, but I can't say for sure.

http://en.wikipedia.org/wiki/Xrumer

I recommend to use the Q+A system with unique home-made creative questions:

http://www.vbulletin.com/forum/showpost.php?p=1632238&postcount=4

Here are a few examples ^

I see that it should be possible to have both image validation and Q & A, but how ? I can only select one at a time in the admin ?!

Yes, select the image one, and add your q+a via a custom profile field. At the moment is't only possible to select one of the HV options, but you can make the custom profile field a required during registration option.

I hope this will be changed in the new version, I will try, thanks.

The last 48 hours has been hell, I´ve never seen so many spam registrations...

reCAPTCHA has been broken, one of my client sites got hundreds of spammers yesterday, I have now changed that to Q & A.

Damn spammers, they are truly the scum of the earth.

All other reports I'm hearing says that reCAPTCHA is still not broken (though the vBulletin CAPTCHA is).

I'm finding "recaptcha + profile question" makes for a pretty solid solution (for now).

Oh sorry, I did mean vBulletin CAPTCHA is broken for sure, what a pity, it worked fine for a while.

What vBulletin dev should do, is some kind of collaboration with http://www.stopforumspam.com/, so that all these spammers are registered, that is the only way to avoid human spammers.

Oh sorry, I did mean vBulletin CAPTCHA is broken for sure, what a pity, it worked fine for a while.

What vBulletin dev should do, is some kind of collaboration with http://www.stopforumspam.com/, so that all these spammers are registered, that is the only way to avoid human spammers.
The bot scripts create new users, new emails, using daily updated proxy lists to hide their ip, etc. stop forum spam web site only has reported content, can't predict the future.

Well, the spammers stopped completely after I switched to Questions & Answers - impossible to guess the answers, but of course a human can do it, but I doubt humans would spend so much time cracking the forums than bots do.

I use reCaptcha and the NoSpam Q&A modification from vbulletin.org.

I use reCaptcha and the NoSpam Q&A modification from vbulletin.org.
No need for the mod -- just follow Marco's instructions here:

http://www.vbulletin.com/forum/showthread.php?t=205214

No need for the mod -- just follow Marco's instructions here:

http://www.vbulletin.com/forum/showthread.php?t=205214
The mod is much easier, and I've been using it since I started my forum in Feb... so I don't see the reason to switch ;)

The mod is much easier, and I've been using it since I started my forum in Feb... so I don't see the reason to switch ;)
I can't say for sure which is easier, but I'd agree that there's no need for you to switch if your solution is getting the job done.

reCaptcha at the moment. Also I am using a hack from vB.org which moves new members posts to a hidden forum if found to be containing a http link not leading to my own website or others that are specified in a personal whitelist.
Very useful - because my members won't take ANY notice of spammers anymore.
This has been suggested before and I sure hope for vB 4.0 to see something like this implemented.
It's that easy, have spammers posts all in one forum - they are banned, deleted in seconds.

The reCAPCHA one is the best.

reCaptcha at the moment. Also I am using a hack from vB.org which moves new members posts to a hidden forum if found to be containing a http link not leading to my own website or others that are specified in a personal whitelist.
Very useful - because my members won't take ANY notice of spammers anymore.
This has been suggested before and I sure hope for vB 4.0 to see something like this implemented.
It's that easy, have spammers posts all in one forum - they are banned, deleted in seconds.
Mind linking to said Mod? I could really use this for my 3.6 forum.

The modification certainly isn't perfect as it is, but that's just why I would like the vB developers to make it perfect for 4.0.
http://www.vbulletin.org/forum/showthread.php?t=173490

We recommend everybody on 3.6 to upgrade to 3.7.3 PL1 or newer, per October 31st 3.6 will be going into EOL, and 3.7 offers better captcha and other HV libraries.

Well, the spammers stopped completely after I switched to Questions & Answers - impossible to guess the answers, but of course a human can do it, but I doubt humans would spend so much time cracking the forums than bots do.

That worked for me too.