i have to ask, I have been making a list in vBulletin for blocked IP's, is it a problem if one gets listed twice? I cant go through the whole list and double check...
Spam bots defeat Recaptcha.
Collapse
X
-
-
I have disabled reCAPTCHA as its very hard to read. I need to do something here. Im going to check out IS Bot when I get home.Comment
-
-
I have also got a couple of chinaaccounts, and I have a non english forum.
beijmanli [email protected]
lovebeijgo [email protected]Comment
-
-
Most of these have spammed my board also in the past two days....steven
www.318ti.org (vB3.8) | www.nccbmwcca.org (vB4.2)
bmwcca.org/forum | m135i.net
"I tried to clean this up but this thread is beyond redemption." - Steve Machol
Comment
-
I had a look at the serverlogs.
One thing, that is common to all bot registrations is, that the are quite different to "normal" registrations.
Here are two bot-registrations from the serverlogs:
61.173.43.67 - - [23/May/2008:05:56:30 +0200] "GET /register.php?do=signup HTTP/1.1" 200 17751 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "http://forum.computerbetrug.de"
61.173.43.67 - - [23/May/2008:05:56:31 +0200] "POST /register.php?do=register HTTP/1.1" 200 23960 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "http://forum.computerbetrug.de/register.php?do=signup"
61.173.43.67 - - [23/May/2008:05:56:32 +0200] "GET /image.php?type=hv&hash=e04cd6d3adbcc6d2cf83f0b9caa47c56 HTTP/1.1" 200 14536 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "http://forum.computerbetrug.de/register.php?do=signup"
61.173.43.67 - - [23/May/2008:05:57:28 +0200] "POST /register.php?do=addmember HTTP/1.1" 200 15480 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "http://forum.computerbetrug.de/register.php?do=register"
61.173.43.67 - - [23/May/2008:06:42:23 +0200] "GET /register.php?a=act&u=10848&i=74842131 HTTP/1.1" 200 24245 "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
218.240.13.108 - - [23/May/2008:07:22:34 +0200] "GET /register.php?do=signup HTTP/1.1" 200 17646 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "http://forum.computerbetrug.de"
218.240.13.108 - - [23/May/2008:07:22:37 +0200] "POST /register.php?do=register HTTP/1.1" 200 23855 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "http://forum.computerbetrug.de/register.php?do=signup"
218.240.13.108 - - [23/May/2008:07:22:39 +0200] "GET /image.php?type=hv&hash=a6c3342ed881d2d11e9fa8890a5c6ca8 HTTP/1.1" 200 17554 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "http://forum.computerbetrug.de/register.php?do=signup"
218.240.13.108 - - [23/May/2008:07:25:53 +0200] "POST /register.php?do=addmember HTTP/1.1" 200 15370 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "http://forum.computerbetrug.de/register.php?do=register"
218.240.13.108 - - [23/May/2008:07:26:16 +0200] "GET /register.php?a=act&u=10849&i=7684469 HTTP/1.1" 200 24248 "Mozilla/4.0 (compatible; Windows XP 5.1; MSIE 6)" "-"
218.240.13.108 - - [23/May/2008:16:45:12 +0200] "GET /register.php?do=signup HTTP/1.1" 200 17646 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "http://forum.computerbetrug.de"
218.240.13.108 - - [23/May/2008:16:45:17 +0200] "POST /register.php?do=register HTTP/1.1" 200 23855 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "http://forum.computerbetrug.de/register.php?do=signup"
218.240.13.108 - - [23/May/2008:16:45:25 +0200] "GET /image.php?type=hv&hash=7e2605968c62524a0e9614933758f977 HTTP/1.1" 200 11875 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "http://forum.computerbetrug.de/register.php?do=signup"
218.240.13.108 - - [23/May/2008:16:45:33 +0200] "POST /register.php?do=addmember HTTP/1.1" 200 24670 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "http://forum.computerbetrug.de/register.php?do=register"
218.240.13.108 - - [23/May/2008:16:45:39 +0200] "GET /profile.php?do=editsignature HTTP/1.1" 200 26624 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "http://forum.computerbetrug.de"
218.240.13.108 - - [23/May/2008:16:45:49 +0200] "POST /profile.php?do=updatesignature HTTP/1.1" 200 26933 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" "http://forum.computerbetrug.de/profile.php?do=editsignature"
Probably they got a hook into that MD5-Checksum/Hash of the images (I guess this is a MD5-Checksum). MD5 is quite outdated in some ways. I would propose to change to SHA1 for testing purposes. I am willing to join some tests.
Please Jelsoft-programmers have a look at this issue. I guess there is some trouble ahead that needs to be avoided...Comment
-
-
Comment
-
Comment
-
I got atleast 15 spammers this week. I never had spam before on the board, since vb3.7 these problems apear. First i had normal auth, now i got recaptcha and here they are again. While i had no spam on 3.6.8 or later.. But since vb3.7 spam spam spam all over. I hope this gets fixed, cause this starts to be anoying.Comment
-
They are walking right past all the captcha systems I have tried so far.
Anyway, there is an image mod from v3** that is available and working on v3.7, I am trying that out now and it is called BEFORE the registration fields so it acts as an extra layer.
Users are required to click the appropriate image to be able to proceed to the registration fields.
Miscellaneous Hacks - Enhanced Captcha Image Verification - stop bots from signing up!! vBulletin 3.8 Add-ons
I have increased the default number of images displayed from 4 to 8.
There are instructions in the thread to do this and Jason the coder is looking at makinga new version with ACP controls in the future.Comment
-
Another tool for anyone interested is a huge list of spammers email addresses maintained by my old friend ForumNut at http://forumnutsandbolts.freeforums.org/portal.php mainly phpbb2 stuff there but he keeps up this list which can be used as a blocklist .
The thread is located here.....
( Registration is required)
He gets hate mail from the spammers along with expletives and threats but the list keeps growingComment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment