Hey guys,

Logged on my board this morning and saw that a member had signed up and replied to nearly every thread with a spam message advertising ameteur porn. I banned him, recorded his IP and pruned all of his posts.

Now, all I have is his IP. It didn't resolve to his ISP. How do I go about finding the ISP for which an IP belongs? Any help is appreciated as I would like to report this guy.

Thanks.

http://www.network-tools.com

Enter the IP in the text box at the top. Hit enter...give it about a minute to load full diagnostics...

www.ripe.net (http://www.ripe.net) will give you the IP block owner.

getting it too, I have banned the whole block and suspect its a bot doing it..he keeps trying to post as a guest. A person would see the ip banned message and give up. But this thing is going at me hard.Its been happening on my forum for 10 hours now at least.

getting it too, I have banned the whole block and suspect its a bot doing it..he keeps trying to post as a guest. A person would see the ip banned message and give up. But this thing is going at me hard.Its been happening on my forum for 10 hours now at least.
use .htaccess to ban the person or bot

My forums got hit as well.

It's banned now, and all its posts have been pruned.:)

We have also been hit this morning. Here is the Ip we have 209.21.98.52

203.14.169.19 it's an anonymous proxy FYI, you're out of luck.

209.21.98.52 is also an anonymous proxy.

203.14.169.19 it's an anonymous proxy FYI, you're out of luck.

yep that be the one along with 203.14.169.17

203.14.169.19 it's an anonymous proxy FYI, you're out of luck.
Damn. Thanks nuno. :D

Thanks to the rest of you for helping also. I guess the ban will just have to do. I've also added the other IP's that you guys have mentioned.

One thing I just noticed is that when they did register, in my custom user fields they put a '1' in there. Just FYI... ;)

I had 3 of them. One posted once, another not at all, and one posted in damn near every thread.

Ouch, Aletia Forums/Jaguar PC forums have been hit hard by someone posting these kind of links as well....

Ouch, Aletia Forums/Jaguar PC forums have been hit hard by someone posting these kind of links as well....

Has any of them used yummy or yummie in their username?

Yep the idiot registered on my forum 3 times but we banned him before he was able to post anything


Some of the names

ginaguy18p0r
duem_18
And yummy something or other




What a looser

:rolleyes:

Has any of them used yummy or yummie in their username?
Indeed they did! Yummy-juice25

My forums got hit as well.

It's banned now, and all its posts have been pruned.:)

Maybe I'm just not understanding things right but wouldn't it not work if you have require e-mail activation on? Or does the bot check its own mail?

Damn I have this one too!
duem_18

Moreover does anybody know the HTTP_USER_AGENT of the bot? That would sure make it easy to ban unless they just faked it.

I got spammed this morning too
210.220.73.8.
thats the ip i got how do i
go about banning this ?

Indeed they did! Yummy-juice25
Same username they used on my message board... Why would they even try spamming a board that isn't even really active? I mass-moved all the posts into one thread in the garbage forum. How stupid are these people?

Yea our forum got hit too! I just turned off registration for now

I turned on moderating new users and haven't seen anything yet including anything in WOL.

Can anybody answer my questions? :)

Maybe I'm just not understanding things right but wouldn't it not work if you have require e-mail activation on? Or does the bot check its own mail?
I would think so. It put a random hotmail address in mine. (something along the lines of fdasdfdsadf@hotmail.com)

I had Email validation turned on, but they somehow managed to activate their account.

There was a bug about this that was recently posted, I think.

The same goes for Aletia Forums and Jaguar PC Forums. They both have validation, but it got by it as well.

he's on my forums too.

http://www.vbulletin.com/forum/showthread.php?threadid=62786

There's one. I remember seeing another about bypassing validation... not sure though, since I can't find it anymore.

all i'm saying is something has to be done

Just took a look at that thread should be ok now cuz
its fixed in 2.30 least i think so

if he registers another account on my forums, I'll just disable registrations for a while.

Yep the idiot registered on my forum 3 times but we banned him before he was able to post anything


Some of the names

ginaguy18p0r
duem_18
And yummy something or other




What a looser

:rolleyes:


The same members signed up on my board and posted porn links this morning:

ginaguy18p0r: 200.168.138.38
yummy-juice_25: 208.60.126.2
duem_18: 208.60.126.2

ginaguy18p0r was the only one to post, and i just did a mass delete of all the posts by that user and banned that IP, but the other 2 didn't post.

How is this type of thing possible, and where can they find the board? I have only been using the vb for a month yesterday.

ginaguy18p0r was on my forums too.

The same members signed up on my board and posted porn links this morning:

ginaguy18p0r: 200.168.138.38
yummy-juice_25: 208.60.126.2
duem_18: 208.60.126.2

ginaguy18p0r was the only one to post, and i just did a mass delete of all the posts by that user and banned that IP, but the other 2 didn't post.

How is this type of thing possible, and where can they find the board? I have only been using the vb for a month yesterday.


Lol if u think thats bad i only opened mine last week

Not to get into a showoff of who's forum is newer, but mine launched 3 days ago.:p

http://forums.deffinity.org

Yep the idiot registered on my forum 3 times but we banned him before he was able to post anything


Some of the names

ginaguy18p0r
duem_18
And yummy something or other




What a looser

:rolleyes:
Exactly the same as the 3 users that signed up on mine...

Not to get into a showoff of who's forum is newer, but mine launched 3 days ago.:p

http://forums.deffinity.org



LOLLLLLLLL

well since these are spammers they seem to know what they doing
cuz else they wouldn't be able to exploit the bugs in Vbulletin to spam us
got it all figured with anonymouse proxies and everything

i would be interested to know what region are they hitting
cuz am sure my board does not show up in search engines and things like that

Well my board didn't have any links posted on here, and am unaware of my board being on google or anything (seeing as it has only been at the address it is now for a month).

Seems quite intellegently done.

Is it listed in the vBulletin links directory?

Ahh... yes it is, good point.

I say Jelsoft needs to implement some sort of protection system for the links listed there, perhaps a PHP redirect based on browser, etc.

I say Jelsoft needs to implement some sort of protection system for the links listed there, perhaps a PHP redirect based on browser, etc.

geez, two of those guys (ginaguy and Yummy) did the same to mine. unfriggin believable :(

I say Jelsoft needs to implement some sort of protection system for the links listed there, perhaps a PHP redirect based on browser, etc.


Saying that if its in the Jelsoft Directory that must mean it was only
Vbulletin new boards that were hit
cuz presuming that new boards are listed first it would make some sense
and one off topic note this Wygswith editor is excellent

bit slow to load but excellent:D

I say Jelsoft needs to implement some sort of protection system for the links listed there, perhaps a PHP redirect based on browser, etc.

Would be nice if something was implimented to stop that. It could mean nearly every board listed on the list has had the same thing happen.

I've warned the Jaguar PC boards about this and the potential usernames and IP's. I guess we just wait it out now... @_@

wow - checked those three usernames, and all were on my board signed up today :eek: All banned before posting - thanks guys.

I think Jelsoft should put an announcement about this...

Yep the idiot registered on my forum 3 times but we banned him before he was able to post anything


Some of the names

ginaguy18p0r
duem_18
And yummy something or other




What a looser

:rolleyes:

I got hit by the same three:

ginaguy18p0r IP: 200.206.213.145 - 2 posts. (I caught him in the act and immediately banned)
yummyjuice IP: 210.220.73.8 - 53 posts. (I added the name of his site to my blocked words list)
duem_18 IP: 210.220.73.8 - o posts. (I banned his IP and switched his usergroup to awaiting COPPA registration)

Our board has only been up a little over a month and doesn't have much traffic, so I'm really trying to figure out where this jerk came from.

I'm really trying to figure out where this jerk came from.


I think his mommy went out for the day and left him unsupervised. :)

how many of you are running some sort of archive hack?

how many of you are running some sort of archive hack?

No hacks here...

No archive hacks, but I do have various other hacks installed.

yummy something posted once at my board then got banned.
Very good mods and mega mods with no lives.:p lol
i think it might be some sort of advertiseing bot, i had about 27 of them on as guests last night trying to reply to threads.

A couple affiliate sites of mine got victimized by this "yummy" guy ... but mine hasn't been hit (yet) ... then again, I do have unique email authentication enabled and guest posting disabled, as well as the filtered registration process we have...

I'm running an archive hack by Xenon/Skuzzy...

Our board has only been up a little over a month and doesn't have much traffic, so I'm really trying to figure out where this jerk came from.

DirectPixel made a good point that all our addresses are on the public list here at vBulletin, so more than likley some sort of script/program that just got our addresses from their.</FONT>

Well, it seems to be an auto-registration/posting script of some kind, unless the messages posted in each of those sites were all written differently, which would hint at a user who has a lotta time to burn...

just got another...

bof19_br0
IP 200.206.165.40

Caught before he posted

Well, it seems to be an auto-registration/posting script of some kind, unless the messages posted in each of those sites were all written differently, which would hint at a user who has a lotta time to burn...

how do we add URL's to banned or censored lists? I have never done this before.

just got another...

bof19_br0
IP 200.206.165.40

Caught before he posted

I caught the same one Susan not 15 minutes ago. I banned them before even posting. :mad:

bof19_br0 jsy got this one also
Banned before he could do anything

Everybody needs to install this hack:

http://www.vbulletin.org/forum/showthread.php?s=&threadid=48709

Everybody needs to install this hack:

http://www.vbulletin.org/forum/show...;threadid=48709 (http://www.vbulletin.org/forum/showthread.php?s=&threadid=48709)

That is a sweet hack and will be installed once vb 2.3.0 is final.

And bof19_br0 is now banned on my forums, this is starting to get annoying.

You know I think I know why he's not attacking my forums: I have an extra field that needs to be filled in upon registration ("Where did you hear about WDF from?"). If he's just using a bot then he can't get past the first step.

Hehe, my registration process doesn't even involve the "I Agree" button :)

same here, bof was banned before he posted.

Everybody needs to install this hack:

http://www.vbulletin.org/forum/show...;threadid=48709 (http://www.vbulletin.org/forum/showthread.php?s=&threadid=48709)


I dont want to get into the "installing hacks" thing again - makes upgrading a real pain, especially as we have 2.3.0 on as a release candidate.

Jelsoft really need to act on this officially and quickly. They have seen this thread and the number of people affected - why arent they doing anything about it??

You know I think I know why he's not attacking my forums: I have an extra field that needs to be filled in upon registration ("Where did you hear about WDF from?" ). If he's just using a bot then he can't get past the first step.

I have that too, and it is needed before registration can continue... yet he had three signups on my forums...

EDIT: bof19_br0 just banned too - that makes 4 :mad:

just remove your site from the public list by changing Display in online links system in the members area.

yep the latest incarnation of it again bof19_br0 banned before he made his move lol

I have banned more people on more forums today than I have banned in total up until now

I dont want to get into the "installing hacks" thing again - makes upgrading a real pain, especially as we have 2.3.0 on as a release candidate.

Jelsoft really need to act on this officially and quickly. They have seen this thread and the number of people affected - why arent they doing anything about it??
Would you rather like spammers posting porn on your site, or would you rather like to spend an extra 5 minutes installing that hack.

I don't know about you, but it's an easy decision for me. Since it's your forums, Jelsoft can't really do anything about it. The idea that the vBulletin Links page led to this is just speculation -- they could've just as easily typed in "forum" or "vBulletin" in Google and started form there.

Yummy and now bof19_br0

I just blocked the whole IP range now and also the domain BonBon.net

Would you rather like spammers posting porn on your site, or would you rather like to spend an extra 5 minutes installing that hack.

I don't know about you, but it's an easy decision for me. Since it's your forums, Jelsoft can't really do anything about it. The idea that the vBulletin Links page led to this is just speculation -- they could've just as easily typed in "forum" or "vBulletin" in Google and started form there.

I don't mind installing the hacks; but the thread that you posted is too confusing for me. One person started the thread, then another seemed to hijack it. I'm not sure which hack to install. And I don't want to mess up my registration. Thanks

Yummy and now bof19_br0

I just blocked the whole IP range now and also the domain BonBon.net

Which range did you block?

You know I think I know why he's not attacking my forums: I have an extra field that needs to be filled in upon registration ("Where did you hear about WDF from?" ). If he's just using a bot then he can't get past the first step.

Just added a field like that to mine, to see if it works. :D

This is what I got on my forums:-

yummy-juice_25 | hum-gim25@BonBon.net | 200.206.213.145 (1 post | Banned)
bof19_br0 | bof19217@BonBon.net | 200.206.165.40 (0 posts | Banned)
duem_18 | duem_18a@hotpop.com | 200.206.213.145 (0 posts | Banned)
ginaguy18p0r | fsadfasdfasdfad@hotmail.com | 210.220.73.8 (0 posts | Banned)

The forums are listed here at vB.
Ones that are not listed were not hit.
We are running v2.3.0 with verify email address off

I have now blocked the IP ranges:
200.206
210.220

and email domains:
BonBon.net
hotpop.com

Would you rather like spammers posting porn on your site, or would you rather like to spend an extra 5 minutes installing that hack.

I don't know about you, but it's an easy decision for me. Since it's your forums, Jelsoft can't really do anything about it. The idea that the vBulletin Links page led to this is just speculation -- they could've just as easily typed in "forum" or "vBulletin" in Google and started form there.

according to the hack's read me file you have to " chmod the cache folder to 0777 (read, write and execute)".

How the heck do you do that?

Would you rather like spammers posting porn on your site, or would you rather like to spend an extra 5 minutes installing that hack.

I don't know about you, but it's an easy decision for me. Since it's your forums, Jelsoft can't really do anything about it. The idea that the vBulletin Links page led to this is just speculation -- they could've just as easily typed in "forum" or "vBulletin" in Google and started form there.

If this hack is the answer to the problem, then I expect Jelsoft to implement it as part of their stable product. Hacks are not supported, and while I am competant enough to carry them out, I paid for my forums software so that I wouldnt have to. I used to hack my old UBB board to death, and I'm not going down that road again.

If this hack is the answer to the problem, then I expect Jelsoft to implement it as part of their stable product. Hacks are not supported, and while I am competant enough to carry them out, I paid for my forums software so that I wouldnt have to. I used to hack my old UBB board to death, and I'm not going down that road again.

Excellent point. Anti-Virus companies release emergency fixes for virus's all the time, why can't jelsoft do that for this?

hehe o my we have been busy hehe my email box was full
yeh that guy or gal is pretty annoying

Excellent point. Anti-Virus companies release emergency fixes for virus's all the time, why can't jelsoft do that for this?
Because AV programs are a completely different type of program than a remotely hosting PHP script.

Because this is not a problem that they are obliged to provide a "fix" for.

What's happening is a program is filling out fields on a page, similar to how Gator fills out your passwords. Jelsoft can't really do much about it.

It's not a security bug, and it's not a functionality problem.

I don't believe I have to be unlisted and removed from every page on the internet to not get this kind of abuse. I would not tolerate it, and try my best to report them to the appropiate email addresses. This is unacceptable abuse. Simple as that.

I scanned my database for the usernames/emails/iprange(s) and only one user had the 200.206 range, so I narrowed it a bit down, so he could still login.

I am listed, and we will see what happens.

It's not a security bug, and it's not a functionality problem.
If you have verify email's turned on and the bot or whatever gives a fake addy, how then does it get by the verification if it does not have an exploit?

If you have verify email's turned on and the bot or whatever gives a fake addy, how then does it get by the verification if it does not have an exploit?

good question
and to prevent automated registrations is something that jelsoft should sort out

I for one see no fault in Jelsoft or with the vb software. This sort of thing happens and we as owners and admins have to deal with it...the hack posted above looks to be a good solution, I will install it later.

however if they wanted to add the image verification to part of their released product I will welcome that

If you have verify email's turned on and the bot or whatever gives a fake addy, how then does it get by the verification if it does not have an exploit?
If you go to hotmail.com and register the username "asdfaewradsfawerasdfasdf", it'll look fake, but it's actually a real email address.

This sort of protection if it can be made surley its customer service to make this fix available officially
i mean its not just one of us affected then we could say yes
we as owners have to deal with it
now it has arised some sort of protective measure should be installed
i mean how many ips can u ban

according to the hack's read me file you have to " chmod the cache folder to 0777 (read, write and execute)".

How the heck do you do that?

can someone help me with the above question?

Or you just wait until someone replies that you can type the command man chmod in your shell or read the help file from your ftp client.

Or you just wait until someone replies that you can type the command man chmod in your shell or read the help file from your ftp client.

Not following what you mean.

chmod:

a) If you have shell access, login and type man chmod

b) If you have no shell access, see if your ftp client supports raw commands or the specific chmod command, if either, read how to use that from the manual.

c) doh

chmod:

a) If you have shell access, login and type man chmod

b) If you have no shell access, see if your ftp client supports raw commands or the specific chmod command, if either, read how to use that from the manual.

c) doh

ok so i dont put this 0777 info in there? Sorry this stuff makes no sense to me. Sucks that those of us who dont know this stuff well are S.O.L.

I've probably come across as though I'm bashing Jelsoft, and I dont mean to. This isnt their fault. However, I do think that now the issue has occured, and their software is being exploited, they need to address the situation.

This could be in the form of an announcement, which is what I originally suggested - if it hadnt been for popping into the chit chat forum, I'd have been spammed throughout the night, as these users had registered on my site.

This could also be in the form of a fix - temporary or otherwise.

I just think that some word from them is appropriate at this stage, so we dont feel like we are stranded with a piece of software that is going to become rapidly unusable, like many have found hotmail, ICQ, etc, due to spam. Especially as this is a paid-for product, and other free forum spftware offers protection against this kind of automated sign-up (I think).

sigh
chmod is a command
man is also a command
it means man(ual) chmod .. like help.exe attrib.exe on ms dos.

it will explain how to use chmod on a shell

your ftp client, might explain how to use raw commands, or how to use chmod through ftp client.

FlashFXP i.e. has a right click > chmod > 777 > ok, done.

sigh
chmod is a command
man is also a command
it means man(ual) chmod .. like help.exe attrib.exe on ms dos.

it will explain how to use chmod on a shell

your ftp client, might explain how to use raw commands, or how to use chmod through ftp client.

FlashFXP i.e. has a right click > chmod > 777 > ok, done.

ok i guess i will just have to wait, that still makes no sense to me and i didnt see anywhere in there where it explained how to use raw commands.

oh well.

ask these questions in the hack's thread.

Jelsoft really need to act on this officially and quickly. They have seen this thread and the number of people affected - why arent they doing anything about it??We have been trying to contact the Developers. So we aren't ignoring this. Note that not everyone works on weekends like I do and this problem is beyond my ability to fix.

We have been trying to contact the Developers. So we aren't ignoring this. Note that not everyone works on weekends like I do and this problem is beyond my ability to fix.


Thanks for the update - much appreciated :)

This spammer bot his my boards as well, the username was ginaguy18p0r. :(

Hit mine, my moderator handled it and I implemented a quick system to prevent it from happening again.

What is this 'Quick System' you speak of?...

Thanks Steve, you always seem to be going above and beyond.

My site (www.cystinuria.org (http://www.cystinuria.org)) got hit this morning too. I really don't want to take to drastic measures like banning IP address ranges yet. Do you guys think it's ok just to "remove" them as users? Not really ban anything, but just remove them? That way i can wait to see if anything comes up here like Steve indicated and stil feel better about leaving the forums in the meantime.
Good idea? Sorry, i'm still new at this.
matt

Also, would adding a question like "how did you find us" (like suggested above) really help to prevent this? Could someone point me in the direction of how to go about editing this? I'm assuming it's a template.
Thanks again, and sory for the noob questions.
matt

Hit mine, my moderator handled it and I implemented a quick system to prevent it from happening again.
http://www.macusers.org/forums/register.php?action=register

I'm going to install the advance image verification hack now. I had thought about it earlier, this gives me a good reason for spending a few minutes installing it.

http://www.macusers.org/forums/register.php?action=register
You DO know that your as secure without that as you are with it, don't you?

Look at the source code...

I would think that's relatively secure. Who would spend dozens of extra coding hours just so their bot can work on a small handful of extra sites?

Who would spend dozens of extra coding hours just so their bot can work on a small handful of extra sites?That's exactly what I was aiming at...

Well add me to the list of sites which got hit also! Got all 4 of those usernames also. I actually caught them in the act, banned the accounts and pruned all the postings. It has to be some type of bot because it tried to post for over 2 hours after I had banned it. I don't think an actual person would be that stupid to sit for that long and not realize they couldn't post any more.

yummyjuice_25 managed to make 48 posts and that gina one made 16. The other two haven't tried anything, so I didn't ban them, but guess I'll go ahead and do so now! :mad:

hehe, they visited my site, too.
yummy starte her posting campaign, but it took 15 Posts, until i've blocked the ip, banned the hotmal domain then bonbon domain aand moved those users to the banned group ^^

it was really funny to see yummy on whos online trying to post 10 hours into a thread :D

Yip the suckers have tried to hit my forum too.

Craig

seems to have moved away from my forum today

seems to have moved away from my forum today Maybe they got the point that a majority of the sites have banned them now!

We were hit yesterday as well.Only 1 of them posted (yummy-juice 25)

yummy-juice 25 - IP 200.206.165.40 - email:hum-gim25@BonBon.net

duem_18 - IP 200.171.228.168 - email:duem_18a@hotpop.com

ginaguy18p0r - IP 168.209.98.67 - email:fsadfasdfasdfad@hotmail.com

I've removed them and banned the email addresses.So far no further instances have taken place.

I have issued abuse emails to BonBon.net and Hotmail.com and HotPop.com, and to the host masters of those IP addresses, with a link to this thread they can check out.

They are obviously breaking terms of agreement and we can force those companies to take the appropiate actions.

I have issued abuse emails to BonBon.net and Hotmail.com and HotPop.com, and to the host masters of those IP addresses, with a link to this thread they can check out.

They are obviously breaking terms of agreement and we can force those companies to take the appropiate actions.

Nice work xiphoid. :)

I have issued abuse emails to BonBon.net and Hotmail.com and HotPop.com, and to the host masters of those IP addresses, with a link to this thread they can check out.

They are obviously breaking terms of agreement and we can force those companies to take the appropiate actions.
Did you report it to telesp.net.br? (That's what the IPs resolved to)

Hi, the exact same bot hit my site too. Only the yummy one is banned at the moment, it posted in nearly every forum with the same link. I'd better go ban the others too! :mad:

Everybody needs to install this hack:

http://www.vbulletin.org/forum/showthread.php?s=&threadid=48709
Problem is not all hosts support that, like mine. I would not delay in installing this hack otherwise.

My board was attacked as well this weekend.

yummy-juice_25 hum-gim25@BonBon.net
duem_18 duem_18a@hotpop.com
ginaguy18p0r fsadfasdfasdfad@hotmail.com

That hack has a non-GD option as well.

Ok I will take a look at it again.

I have issued abuse emails to BonBon.net and Hotmail.com and HotPop.com, and to the host masters of those IP addresses, with a link to this thread they can check out.

They are obviously breaking terms of agreement and we can force those companies to take the appropiate actions.

Good Luck. I'd like to know if you have any success. About 2 years ago we had a very bad problem on the forum I worked on at that time. This guy from the Philippines was slandering another member from there. He wouldn't knock it off. We found he had multiple accounts doing this trashing, so we banned him and all the usernames we could find. We had UBB at that time, so couldn't do IP searches. It was all manual drudge work, looking at IPs and trying to match syntax. He was using some kind of service where his IP#s changed constantly.

He didn't take his banning well. Members could display their email addresses if they chose to do so and he first gleaned every one that he could find, as well as staff email addresses. He sent all kinds of slanderous spam to the members, tons of it, from 2 or 3 yahoo email addresses. Worse yet, he hit the staff with porn. It started out soft and quickly led to the hard core stuff. We couldn't do anything about it because our webmaster was out of town for several days and failed to tell us. <cough, another story> None of the staff had server access and UBB was limited with what could be done, banning wise. We asked all our members to foward all this guy's spam mail to Yahoo abuse and we on the staff forwarded every single porn mail to them too. Emailed them constantly every day for a week. They did NOTHING. They wouldn't even ban the accounts he was using!!!!!!!!!!!!!!!! The only reason he quit was because he got tired of it after a few days. :mad:

I got hit as well. Yummyjuice25 or something. I deleted and pruned the posts. There was 3 or 4 of them that registered, but only one got around to posting because i banned them. I caught when he was getting 32 posts in.

Being Monday (GMT of course), a new working week and all, do you think we will be hearing from the devs any time soon on how this thing exploited whatever flaw there is in the registration system allowing it to bypass email verification.

Being Monday (GMT of course), a new working week and all, do you think we will be hearing from the devs any time soon on how this thing exploited whatever flaw there is in the registration system allowing it to bypass email verification.
Yeah i hope so. Maybe vB 2.3.0 fixes that? I am running on 2.2.9....I thought i was the only site with that, then i went to a few other forums and it all had the same user registered so it was a bit fishy.

the next one:
jimyoung19a1
it's getting boring...

the next one:
jimyoung19a1
it's getting boring...
I don't see that name on my forums yet.

hmm, he registred yesterday, then has to wait because of email activation and started posting 5 minutes ago...
3 posts until deletion:
this was the ip:211.28.96.41

hmm, he registred yesterday, then has to wait because of email activation and started posting 5 minutes ago...
3 posts until deletion:
this was the ip:211.28.96.41

Is everyone still seeing the "1" in their profiles like mentioned before?

I got jimyoung19a1 today too, which makes four including the three posted before.

My forums are only about six weeks old and have only about 30 members or so. Until about 10 days ago, I was the only mod/admin there. I added a super mod at that time. This weekend I went out of town and got hit. Nearly 100 posts had to be pruned and three bots banned. My mod was not happy that we'd been hit, but he did a good job cleaning house. I went and banned the IP addys I could find here and on my own site, as well as banning bonbon.net and gamebox.net addresses.

btw, jimyoung19a1 is bouncing between two IP addresses on my site, his info is as follows:

jimyoung19a1
jimyoung19a1@gamebox.net
211.28.96.41 and 211.28.96.9

I got jimyoung19a1 today too, which makes four including the three posted before.

My forums are only about six weeks old and have only about 30 members or so. Until about 10 days ago, I was the only mod/admin there. I added a super mod at that time. This weekend I went out of town and got hit. Nearly 100 posts had to be pruned and three bots banned. My mod was not happy that we'd been hit, but he did a good job cleaning house. I went and banned the IP addys I could find here and on my own site, as well as banning bonbon.net and gamebox.net addresses.

btw, jimyoung19a1 is bouncing between two IP addresses on my site, his info is as follows:

jimyoung19a1
jimyoung19a1@gamebox.net
211.28.96.41 and 211.28.96.9


Thanks Phenom I just added that name to Censored User Titles and put his IP and email in also. :)

@roody: nop, no single profilefield was filled on my board...

also this jimyoungbot alters it's ip every 15 minutes or so.
he alwasy uses 211.28.96.xx nice to see on online.php ^^

@roody: nop, no single profilefield was filled on my board...

also this jimyoungbot alters it's ip every 15 minutes or so.
he alwasy uses 211.28.96.xx nice to see on online.php ^^

So have you chosen to ban that IP string?

Thanks for info on the profile stuff. :)

yes, have banned the string 211.28.96

i think i'll install this hack from above when i got more time.
but it is surely a must have suggestion for vb3 :)

I haven't been hit by the 5th username yet, better stick it on the Censored User Titles list...

to date, I'm seeing the list as:

bof19_br0
ginaguy18p0r
jimyoung19a1
yummy-juice_25
duem_18

I've also added a custom required field for registration, we'll see if that works.

As for the vbulletin.org hack link listed earlier, what does it do? I'm at work and vbulletin.org is firewalled as an "illegal/pirate software" site.

My forums have been hit today:
The Username is: jimyoung19a1
The Email is: jimyoung19a1@gamebox.net
The IP Address is: 211.28.96.41.
The host name is: scf5.wc.optusnet.com.au.

Whats the point? Quite childesh to be honest.

I just got hit by

jimyoung19a1


How are they getting past email confirmation? I hope vB 2.3.0 full fixes this.

I wish I knew if the person running this bot owns the porn sites he is spamming...if so he must be violating his hosts TOS by doing this.


That would be too easy though, because anyone in their right mind wouldnt draw that kind of attention to his site for fear of it getting shut down

Well... I got jimyoung19a1 today :mad:
These bots must be smart because I enabled email verification after the last 3 I got. Guess that doesn't really matter!!!

I got hit by all 5 of them also. but all banned now

um... is this a problem only affecting vb forums?

I was lucky. I was able to get all 5 of them before they started posting.

Well... I got jimyoung19a1 today :mad:
These bots must be smart because I enabled email verification after the last 3 I got. Guess that doesn't really matter!!!

They're probably exploiting a pre-2.3.0 bug.

They're probably exploiting a pre-2.3.0 bug.

it can;t be pre 2.3
cuz i have 2.3 and my board was one of the first to get hit

Hmm... my forums are still unaffected... *crosses fingers*

They hit us too (http://www.uzitalk.com) but fortunately we caught 'em early. No more than 1 or 2 posts each.

There is no exploit in vBulletin that is allowing this to occur. There exists an executable thats sole purpose is to submit data to html forms. As a bonus it can also check email and effectively click on links in the email. That is how this automated process is verifying its registrations.

For the time being, please disable registrations or ban the ip's involved to resolve this problem. We will have a more complete response later.

There is no exploit in vBulletin that is allowing this to occur. There exists an executable thats sole purpose is to submit data to html forms. As a bonus it can also check email and effectively click on links in the email. That is how this automated process is verifying its registrations.

For the time being, please disable registrations or ban the ip's involved to resolve this problem. We will have a more complete response later.
Isn't there an easier way? The spammer bot's have had different ip's, i believe they're behind a proxy. And i don't really want to turn off registration but i guess i will have to. Maybe the vBulletin team can take legal action against this...i hope so.

I never got this member, but since the attack i remove my site off the public listing on the list page here, this maybe is where they are finding all our addresses.

May be the solution untill some more perminent solutions are implimented (ie the gd picture generator hack someone suggested earlier).

How do I remove my site from the public listing?

How do I remove my site from the public listing?
Go into the Members Area, click on the 'Edit' link and change 'Display in online links system' to 'No'.

In the Members area, goto Edit and theirs an option to publically display it or not.

oops, steve managed to post how before me.

You should Email google to remove your site too
and any other site on the internet.

Bots can be programmed to pull data off anything anywhere.

This is just a solution to this problem. Not to the bigger problem.

Hosting providers etc should work harder and more serious about how to treat these kind of ****ers who abuse the internet to sell their services etc.

One email with a log as proof should be enough to disclose their registration details to the victom to start a nice little lawsuit against them, which might end up in a fine or even time in jail.

Bigger punishment will lead to lesser abuse. Now they can do whatever they want, because the hosting masters aren't even going to attempt to take 1 minute time to cancell their account.

The hosts spammed, should be removed from the internet
The hosts used to spam, should cancell those accounts,
and the users involved, should be blacklisted in their country for future registrations.

As a starting point.

You can find ripe.net and arin.com or whatever on the internet to trace host addresses and contact all abuse departments, if they get more then one complaint, they might start to wake up and do something.




Hiding by removing your listing is the same as closing your eyes when you are getting raped.

It looks like the bot is using proxies to hide its real identity. How you guys can catch the real culprit is for you to log the environmental variable 'HTTP_X_FORWARDED_FOR'. This is not a standard variable, but many proxies pass that on to prevent anonymous proxy abuses.

Chances are the bots will use many anonymous proxies and thus you won't catch that variable. But, in its quest to constantly change IPs, it's likely to come across one that does pass it on. When it does, do some comparisons. If they all have the same IP, then you've caught the original host.

Seems we got hit by the "yummy-....." and "ginaguy18p0r" versions of this bot as well, about a dozen posts by the time we banned it.

I have an email on new users, with detailed stuff .. it also has that variable in it. I use it to prevent users hiding behind proxy to sign up for multiple accounts.

Hiding by removing your listing is the same as closing your eyes when you are getting raped.
Bwuh??

Bleh. Our boards got hit with this bot too. Only three usernames though. Luckily, we have a large mod staff so they take care of things like this rather quickly.

I installed the hack that someone mentioned in this thread earlier (the one that supposedly will be a feature in VB 3.0, good to hear that BTW :) ). I haven't gotten any of the newer usernames or posts since.

We were hit yesterday as well.Only 1 of them posted (yummy-juice 25)

yummy-juice 25 - IP 200.206.165.40 - email:hum-gim25@BonBon.net
duem_18 - IP 200.171.228.168 - email:duem_18a@hotpop.com
ginaguy18p0r - IP 168.209.98.67 - email:fsadfasdfasdfad@hotmail.com
I've removed them and banned the email addresses.So far no further instances have taken place.

an update to my original post.
I think we just got another one registered.
Can't remember the exact username because he was removed before i had a chance to see it.
But it was something like Fred (followed by some numbers) @BonBon.net

he didn't post anything,but the fact his email was another BonBon.net one was a good enough reason to remove him.
One question though,i put BonBon.net in my banned emails list,so how come he still managed to register.

YOU NEED TO UPGRADE to fix a bug involving e-mail confirmation that's fixed in 2.3.0.

:rolleyes: That's not the problem.

You're right about the upgrade part, but he's bypassing the banned domain by adding a space before or after the banned email.

I have seen some people posting that they have deleted the user accounts that this bot has created.
Why on Earth would you do this?
It has the capability to bypass email domain banning in compromised versions of vB so it can simply re-register and start over again.
Leave the accounts there and move them into the Banned group or similar no permissions group.

:rolleyes: That's not the problem.

You're right about the upgrade part, but he's bypassing the banned domain by adding a space before or after the banned email.
hmm, then a little edit to register.php can avoid this:

instead of:
if ($HTTP_POST_VARS['action']=="addmember") {
if ($enablebanning and $banemail!="") {

use this:if ($HTTP_POST_VARS['action']=="addmember") {
$email=trim($email);
if ($enablebanning and $banemail!="") {

i think the devs have used the trim function not often enough on vb2, i hope this has changed in vb3 :)

I have seen some people posting that they have deleted the user accounts that this bot has created.
Why on Earth would you do this?
It has the capability to bypass email domain banning in compromised versions of vB so it can simply re-register and start over again.
Leave the accounts there and move them into the Banned group or similar no permissions group.
well, i don't think the bot would reregister with the same username again, especially if the email banning is active ;)

YOU NEED TO UPGRADE to fix a bug involving e-mail confirmation that's fixed in 2.3.0.

I'M USING 2.3.0 !!!:mad::mad:

hmm, then a little edit to register.php can avoid this:

instead of:
if ($HTTP_POST_VARS['action']=="addmember") {
if ($enablebanning and $banemail!="") {

use this:if ($HTTP_POST_VARS['action']=="addmember") {
$email=trim($email);
if ($enablebanning and $banemail!="") {

i think the devs have used the trim function not often enough on vb2, i hope this has changed in vb3 :)

This has beed discussed here (http://www.vbulletin.com/forum/showthread.php?threadid=62786)

This has beed discussed here (http://www.vbulletin.com/forum/showthread.php?threadid=62786)
right, but not everyone knows that ^^
it couldn't hurt to post it in this thread her right? ;)

right, but not everyone knows that ^^
it couldn't hurt to post it in this thread her right? ;)
You could have linked to it.

Yes i have been getting the same spam

I have also banned the ips

Its sad to see a bot or person doing this, but i am glad its not only my forums.

right, but not everyone knows that ^^
it couldn't hurt to post it in this thread her right? ;)
Maybe the entire $_POST and $_GET arrays should be trim()ed when the page loads. I can't really think of any circumstance where you absolutely need that leading/trailing space.

You could have linked to it.
right *shame*
but i'm faster in coding such small things than searching ;)

am i excused enough now? :D

Maybe the entire $_POST and $_GET arrays should be trim()ed when the page loads. I can't really think of any circumstance where you absolutely need that leading/trailing space.
hmm, good idea filburt, maybe you should post it into the suggestions :)

i don't know any point where leading/ending spaces are needed..

right *shame*
but i'm faster in coding such small things than searching ;)

am i excused enough now? :D

Oh... O.K. :rolleyes:

So am i right in presuming the trim function that is already included in 2.3.0 register.php is not solving the problem.

another one

fred15121345

IP: 168.209.98.35

another one

fred15121345

IP: 168.209.98.35

yep thats the same one i posted here

another one

fred15121345

IP: 168.209.98.35

What's the email addy?

nope, it's in the bug forum, so it depends on which version of vb2.3 you use....

it will be solved in the final vb23 release, but if you use the first release candidate maybe it isn't solced...

just look if your register.php has that trim part in or not ^^

What's the email addy?
fred15121345@BonBon.net

nope, it's in the bug forum, so it depends on which version of vb2.3 you use....

it will be solved in the final vb23 release, but if you use the first release candidate maybe it isn't solced...

just look if your register.php has that trim part in or not ^^

Yeah just checked.The trim part is in my 2.3.0 register.php

YOU NEED TO UPGRADE to fix a bug involving e-mail confirmation that's fixed in 2.3.0.


I am running the most recent stable release - 2.2.9, and other people who posted before you stated they were running the release candidate 2.3.0. There is no need to talk to us like idiots either :mad:

It was just said that 2.3.0 final will have this.

It was just said that 2.3.0 final will have this.

So that gives you the right to Shout in your reply does it.I don't think so.

Members want to see sensible replies in this thread,and get answers to what is obviously a serious problem.We have all paid good money for vbulletin and in return we expect to get reasonable support.
So can i suggest you grow up and show a bit of maturity in your replies.

Thank You.

OK, I think we should leave it at that now.
The last thing we need is for this to turn personal and have this thread closed.

It was just said that 2.3.0 final will have this.

I hope that wasnt announced by the same person who confirmed VB3 would be out by xmas :p

Thanks for trying to help anyway - sorry if some of us (me) are a little touchy...

Here's a couple more!

USERNAME: fred15121345
EMAIL: fred15121345@BonBon.net
IP: 168.209.98.35

USERNAME: andrew_p21
EMAIL: andrew_p21@BonBon.net
IP: 168.209.98.35

Here's the info for another one!

USERNAME: fred15121345
EMAIL: fred15121345@BonBon.net (fred15121345@BonBon.net)
IP: 168.209.98.35

That one has been mentioned already, but thank you anyway.
Please, keep adding any new ones you find.

fred15121345 just tried to register on my forums, but apparently could not and moved on.

the IP address of 168.209.98.35 matched the guest attempting to register.

I've banned bonbon.net email addresses and added the modification in register.php, as well as adding a required field in my registration (how'd you hear about us?).

The easiest way to prevent those kind of malicious activities is to simply add a new required field onto your registration process (you can do this onto your Admin CP), for example country, birth date, etc.

That will stop your spammers for good. ;)
This thread made it up to our web site front page (http://www.teckwizards.com/) (as news article), posted by Team Member Xenon.

I've got the image verification hack installed, and so far, not a spam box has signed up.:)

Guys, this spam that you got, did it refer to a website? Was it an affiliate link? If so, forward that to the affiliate manager of the website, i dont know of a single affiliate program that allows spam.

If the posts had an [ IMG] tag, find out the URL, and send an abuse email to who ever hosts that site...

Guys, this spam that you got, did it refer to a website? Was it an affiliate link? If so, forward that to the affiliate manager of the website, i dont know of a single affiliate program that allows spam.

If the posts had an [ IMG] tag, find out the URL, and send an abuse email to who ever hosts that site...
Yes, it does look like an affiliate link.
How to go about finding the affiliate manager's address to report this?

Judging that it's a porn site, chances are, either nothing will happen, or it was the affiliate manager themselves who launched the bot.

Most Porn AM's want to shut down spammers, as they dont have to pay out money for the spammers work (more money in sites pocket!). I would just send off an email to abuse (abuse@ thespammers)@ porndomainname.com. Include the spam recived, including the affiliate user name or ID, as well as a link to THIS thread.

If the AM dosent close down the spammer, or give you a reply, find out who hosts the site, and go after them, you can alteast make the site change hosts...

Good luck, glad i did not get hit with that one! :D

Ah Ha!
Viewing the source, it looks like he is an affiliate with http://www.matrixbucks.com

His affiliate ID is 593465

*Edit*

Some links

http://www.matrixbucks.com/template.php?file=support

support@matrixbucks.com

legal@matrixbucks.com
^ does not exist
link goes to billing@matrixbucks.com

Out of the three sites I mange (all listed in the vb links directory), I've yet to get one signup from this bot. :p

Well, I just tried addind a new required question, so that will hopefully take care of that! I haven't gone as far as banning the domains yet, so we will se how that goes!

the IP that hit us was 211.28.96.9 coming fromscf5-fe0-1.wc.optus.com.au
Optus is an Australian ISP (for those of you who don't know)

Based on the fact that the bots seem to be using numbers in their usernames,this may be another one who just registered.

jimyoung19a1.

The IP is from the same string as the one Gold Wrap just posted. 211.28.96.41

jimyoung19a1@gamebox.net

now he may be totally innocent,but interestingly gamebox.net is hosted by hotpop.com,which is one of the email domains from an earlier bot registration duem_18a@hotpop.com

What legal actions can we take here? Perhaps get the affiliate site shut down by complaining to their ISP/host and tell them the affiliate links are still working and going to their main porn site, and thus they're still profitting from it.

What legal actions can we take here? Perhaps get the affiliate site shut down by complaining to their ISP/host and tell them the affiliate links are still working and going to their main porn site, and thus they're still profitting from it.


I have been hit by all of these so far have caught them in the early stages

but what is VB recommending as a fix or are they working on something
thanks

I really don't want to put the hack in but will if i have to it just does make upgrading a pain

I have been hit by all of these so far have caught them in the early stages

but what is VB recommending as a fix or are they working on something
thanks

I really don't want to put the hack in but will if i have to it just does make upgrading a pain

Since last evening bots have been trying to get into my forums. There's one there right now trying to get in. I base that on guest IP addresses that are matching what's been posted here. I haven't banned those IPs just yet.

I think by adding a required field in registration beyond the default has disabled the bots' ability to register. If you do that, you won't need to install a hack. So far, no bots have gotten in since I added that field.

Since last evening bots have been trying to get into my forums. There's one there right now trying to get in. I base that on guest IP addresses that are matching what's been posted here. I haven't banned those IPs just yet.

I think by adding a required field in registration beyond the default has disabled the bots' ability to register. If you do that, you won't need to install a hack. So far, no bots have gotten in since I added that field.

Im pretty sure Im blind. Can someone point me to where exactly in the Admin CP the required fields area is again? I was just there the other day and now I forgot. :rolleyes:

custom profile fields
there is an option if it's required or not..

but, don't be too sure, required fields can be filled with crap just to be filled without much recoding on the bot, so all you get is a short temporarly outtime..

Another name to add to the list:

billy_mad25 - billy_mad25@GameBox.net :rolleyes:

Jelsoft - are you going to make an official announcement about this to your customers, and come up with a better solution than "disable new registrations"?? You are traditionally poor at keeping customers in the loop - look how the VB3 announcements have(nt) gone down well - please dont make the same mistake with this by keeping quiet and not reassuring your customers that you are busy working on a solution. You need to do more than just reply to this thread with a vague, unofficial response - make an announcement stating your position, and keep up updated. PLEASE.

Official response from me: They are working on it and a solution will be presented when 2.3.0 goes 'final'. Which will probably be soon. (Within the next 48 hours).

But then again, I don't work for Jelsoft.

Has anyone wondered if the person responsible for this is here reading this post and is modifying the bot to get around the fixes?

I ask because, I created a new required registration field last night and already it has gotten around it and has hit me again, along with another forum I mod at.

Is it prudent to close the chit chat down to registered users only?

Has anyone wondered if the person responsible for this is here reading this post and is modifying the bot to get around the fixes?

I ask because, I created a new required registration field last night and already it has gotten around it and has hit me again, along with another forum I mod at.

Is it prudent to close the chit chat down to registered users only?


Yes that same bot hit my forum also and I have that added field in my registration also

I created a new required registration field last night and already it has gotten around it

This was never a fix - the bot just adds a "1" to any required custom fields. This was reported on day one - I dont know where people got the idea that adding a custom field would protect them...

Something has to be done.
I have been fighting these hackers all week and I am getting tired.
I can't get any sleep because they strike in the early morning. I have kids visiting my forums and parents. These persons behind these bot would have been in jail a long time ago in my country. The messages that they post are very offensive and some are suggesting that child porn is behind the link.

I would suggest a campaign to track these persons down and make an example out of them. No matter what we put in place for protection they will sooner or later figure out a bypass to it. I wont hack my board again and again and again. Adding hacks to the registration makes it difficult for real persons who don't know much about forums as yet to join a site. Registering to a forum should be easy.
What next? Will we have to call each new user Awaiting Confirmation for a blood sample? NO!
This ends here.

This was never a fix - the bot just adds a "1" to any required custom fields. This was reported on day one - I dont know where people got the idea that adding a custom field would protect them...


possibly here

http://www.vbulletin.com/forum/show...p;postcount=189 (http://www.vbulletin.com/forum/showpost.php?postid=417246&postcount=189)




but my original question remains, since there has been talk of code modification in this thread, we may be inadvertantly tipping off the person responible to the measures being taken to stop him



Has anyone wondered if the person responsible for this is here reading this post and is modifying the bot to get around the fixes?

Is it prudent to close the chit chat down to registered users only?

but my original question remains, since there has been talk of code modification in this thread, we may be inadvertantly tipping off the person responible to the measures being taken to stop him

Well it depends on which code you mean :)
for example, the trim part could also be seen in bugs forum, and whoever installs the fix is better secured of those bot attacks, the bot author knows that..

in generally, i think we have more than one person behind this attack.
some of the bots haven't appeared on my site...
for example the one which put "1" into profilefields was not here..

but i think, that it should be taken out from chitchat into a real vb discussion forum :)

Greetings everyone...
I administer like 5 vBoards and all were subjected to this attack.

Some other suggestions:

1. Install the "Blank Page Banned Hack from vb.org, and simply assign these names to that usergroup, if you have not already added the 5 names listed here to your "illegal names" field.

2. Moderate registrations so the bot can't post unless/until you approve. This is in addition to the e-mail verification.

3. Enable e-mail notification to the adm of new registrations. This has helped me fend off the attacks very fast- when this first happened, as soon as I saw one of THOSE user names, I added them to the Blank Page Banned cat ASAP.

4. Alert all moderators to keep a close watch on the forums.

Now that we have identified all these "funny" names, all you really need to do for now is add all those names to the "illegal names" area and then keep an eye on this thread for any new ones. We can all help each other to keep these a-holes in check.

Personally, I think vB is the best forums software on the net and my members and me wish to give major props to the vB crew. You guys are great, keep up the good work!!!!

:o I still think the image verification hack is the easiest.

It takes about 10 minutes to install, does not require the GD library, and stops all bots, no matter how complex. So far, after I've got that installed, I've not had a single instance where there has been problems.

This hack really is quite simple, and installing one (extra) hack when upgrading really isn't that big of a deal, is it?

Another name to add to the list:
billy_mad25 - billy_mad25@GameBox.net :rolleyes:


Yep just had the same one on my board

billy_mad25
billy_mad25@GameBox.net
193.188.97.151

:o I still think the image verification hack is the easiest.

It takes about 10 minutes to install, does not require the GD library, and stops all bots, no matter how complex. So far, after I've got that installed, I've not had a single instance where there has been problems.

This hack really is quite simple, and installing one (extra) hack when upgrading really isn't that big of a deal, is it?

So many replies here, I agree, will install it later today. Thanks!!!

To answer the frequent question - yes we are reading this, and yes we are looking at possible solutions for 2.3.0. This is a very complicated process and stopping this bot from within the vB 2.x code is not as easy as everyone thinks. However the Devs are working on this and taking it very seriously.

billy_mad25 just hit my forums. hope this gets fixed its a pain deleting all these and especially when i can't be at the forums to watch it 24/7....

To answer the frequent question - yes we are reading this, and yes we are looking at possible solutions for 2.3.0. This is a very complicated process and stopping this bot from within the vB 2.x code is not as easy as everyone thinks. However the Devs are working on this and taking it very seriously.
This could have been avoided with early intervention you know?
Thread from Aug 2002 ->
http://www.vbulletin.com/forum/showthread.php?threadid=53133

Hindsight is always 20/20. :) As I said, my understanding is that the 'fix' for vB 2.x is rather complicated. However they are looking at ways to stop this.

billy_mad25 just hit my forums. hope this gets fixed its a pain deleting all these and especially when i can't be at the forums to watch it 24/7....

So you got this one as well.

So you got this one as well.

That image verification hack thing still confuses me install wise, didnt find the instructions user friendly at all. As for 2.3.0 I thought the fix wasnt going to be in it? Is it possible it will?

Just wait for 2.3.0 RC2

Hindsight is always 20/20. :) As I said, my understanding is that the 'fix' for vB 2.x is rather complicated. However they are looking at ways to stop this.
Looking forward to see what they do, 6 months ago it was labeled as, and i quote, "Is this really a large problem? and "We are currently not willing to include features that only a minority of our users would be able to take advantage of.", end quote.

Are those quotes from developers?

nuno, that was in reference to the fact that something like that needs to use the GD library.

Now that a version of the hack that doesn't require the GD library is available, I'm sure their position will be different.

yep they registered on ebslive got email registrations where tho' so it didn't hit us

nuno, that was in reference to the fact that something like that needs to use the GD library.

Now that a version of the hack that doesn't require the GD library is available, I'm sure their position will be different.
We don't require hacks to prove to us something can be done. Our position on GD changed as you can see since we now support thumbnails for attachments. The image checking feature we added requires GD and if you don't have it, you will still need to search out a hack.

Part of the reason for this change of heart was the inclusion of the GD library in PHP 4.3.0. It's now reasonable to expect the majority of servers to include GD support, rather than the situation 6 months ago, when servers with GD support were in the minority.

vB 2.3.0 RC2 is now released, including our own image-based verification system.

vB 2.3.0 RC2 is now released, including our own image-based verification system.

Any ideas when you expect this to be stable official code?

Since RC2 was just released it will be at least several days before we know there are no major problems or bugs. I've just tested the new registration system out on my test forums and it worked flawlessly. I'm running PHP 4.2.1.

We'll give it a few days for people to install it and try it out, and if there are no reported problems we'll declare it stable by Monday.

We don't require hacks to prove to us something can be done. Our position on GD changed as you can see since we now support thumbnails for attachments. The image checking feature we added requires GD and if you don't have it, you will still need to search out a hack.

Part of the reason for this change of heart was the inclusion of the GD library in PHP 4.3.0. It's now reasonable to expect the majority of servers to include GD support, rather than the situation 6 months ago, when servers with GD support were in the minority.

vB 2.3.0 RC2 is now released, including our own image-based verification system.
Okay, now i understand, thank you both.

that's a reaction we could have dreamed of :)

good work devs :)

Is the verification system case sensitive?

No it's not.

There's also an option in the Admin CP to disable it if you wanr. All-in-all a nice piece of work from the Devs. :)

No it's not.

There's also an option in the Admin CP to disable it if you wanr. All-in-all a nice piece of work from the Devs. :)
Indeed it is.
Can i resize the image w/o losing any image quality?

I'm pretty sure you can do this by editing the regimage.php file:

// Temp image that creates string
$temp_width = 135;
$temp_height = 20;
// Resized image that blows up string.
$image_width = 201;
$image_height = 61;I haven't tested it out though.

Thank you Steve, replaced 61 by 21 and now the image is being cut off. :(
[edit]Nevermind, it is working now.

Can somebody PM me a link to there forums with the image verification link enabled? I would like to see this before upgrading... thanks! :)

tsk, tsk, no hacking here.

Can somebody PM me a link to there forums with the image verification link enabled? I would like to see this before upgrading... thanks! :)
Joe, try this: http://www.vbulletin.com/forum/register.php ;)

Ohh, spiffy, I didnt think they would already have it in v3 :)

Nuno is right - the vB3 and vB2 systems are practically identical. The vB3 code is a little more adventurous though, as we have more time to test that version.

Nuno is right - the vB3 and vB2 systems are practically identical. The vB3 code is a little more adventurous though, as we have more time to test that version.

im thinking i did something wrong. when i installed this on my test server and registered a test account I never came across any kind of image verifying. :confused:

im thinking i did something wrong. when i installed this on my test server and registered a test account I never came across any kind of image verifying. :confused:

Just out of curosity Kier but is there a non-GD version of the image registration in the to-do list?

I saw another codehack here (forgot who's) but had a Javascript write out a code to confuse the bot.

Just out of curosity Kier but is there a non-GD version of the image registration in the to-do list?

I saw another codehack here (forgot who's) but had a Javascript write out a code to confuse the bot.
There are currently no plans to support a non gd version at this time.

im thinking i did something wrong. when i installed this on my test server and registered a test account I never came across any kind of image verifying. :confused:
Can I have a link to your phpinfo()?

Can I have a link to your phpinfo()?

I actually installed my test server offline.

He hit Blizzforums too...

There has to be a way to grab this guy... this is really annoying.