May 2014: Flood of spammer registrations

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Jeff Hitchcock
    New Member
    • Dec 2007
    • 24
    • 4.2.X

    May 2014: Flood of spammer registrations

    In the past several days, beginning around May 2, my site has seen a flood of forum spammer registrations. I've had three kinds of human verification processes in place: image verification, ReCapcha, and custom question and answer. The spammer registrations continue regardless, even with new Q&As created.

    Are others seeing this?

    Has there been some kind of compromise that is allowing spambots to bypass registration and directly create accounts?

  • donald1234
    Senior Member
    • Oct 2011
    • 1953
    • 4.1.x

    #2
    If you think people (or bots) are bypassing your antispam measures, test them by trying to sign up yourself bypassing the antispam.

    Comment

    • Jeff Hitchcock
      New Member
      • Dec 2007
      • 24
      • 4.2.X

      #3
      That's not it -- I cannot bypass registration with the web form without completing the human verification process.

      StopForumSpam.com is showing a massive flood beginning around May 2 also.

      Comment

      • donald1234
        Senior Member
        • Oct 2011
        • 1953
        • 4.1.x

        #4
        If you can't bypass it, neither can any one else unless they are completing the form correctly, do you have a link to your forum so we can see how strong your antispam is?

        Comment

        • Jeff Hitchcock
          New Member
          • Dec 2007
          • 24
          • 4.2.X

          #5
          Sure:
          Sign up for our newsletter CWD News Challenges in Flattening the Post-Meal Spike People often say that managing diabetes is so difficult because you can eat the same thing every day, take the same dose of insulin, and have different blood sugars on each day. This can be so frustrating and make people feel like […]


          I just changed it to ReCaptcha.

          Comment

          • donald1234
            Senior Member
            • Oct 2011
            • 1953
            • 4.1.x

            #6
            I don't see a question and answer field, just recaptcha and the bots have got that sussed!

            Comment

            • Jeff Hitchcock
              New Member
              • Dec 2007
              • 24
              • 4.2.X

              #7
              Changed back to Q&A

              Comment

              • donald1234
                Senior Member
                • Oct 2011
                • 1953
                • 4.1.x

                #8
                That question is no use, you don't want an answer thats a number or a colour or yes or no, bots just keep guessing until they get it right. Use a question that's specific to your niche.

                Comment

                • Jeff Hitchcock
                  New Member
                  • Dec 2007
                  • 24
                  • 4.2.X

                  #9
                  OK ... updated questions to be specific to our topic (type 1 diabetes). Do they look more challenging?

                  Comment

                  • donald1234
                    Senior Member
                    • Oct 2011
                    • 1953
                    • 4.1.x

                    #10
                    Yes, the Q about what city was insulin discovered is way too hard for a bot to guess (as long as it's not a really common city like London or NY) and I guess people like me that don't know the answer will be able to google it.

                    Comment

                    • Jeff Hitchcock
                      New Member
                      • Dec 2007
                      • 24
                      • 4.2.X

                      #11
                      With the new Q&A in place, the spammer registrations have stopped.

                      What must have happened is that the previous questions, which were also related to diabetes, were somehow solved and added to the bot software database. Take away for me is that the questions have to be changed every three months or so.

                      Comment

                      • donald1234
                        Senior Member
                        • Oct 2011
                        • 1953
                        • 4.1.x

                        #12
                        The question you had previously was a simple maths question about apples, I believe the answer was 3. The bots are programmed to try numbers between 0 and 9 plus other common answers like yes and no, they can't however work out questions or look up google so you should be ok.

                        Comment

                        • Zachery
                          Former vBulletin Support
                          • Jul 2002
                          • 59097

                          #13
                          You should have more than one question. Only one question will ever been shown at a time, but anytime a page is loaded or a question is failed, a new question is presented.

                          We recommend at least 5, with 10-20 being far more optimal.

                          Comment

                          Related Topics

                          Collapse

                          Working...