Anyone else being bombarded lately with Spammers? Suggestions?

My experience has been that they just want access to your members. The two that have sneaked past me immediately started PM'ing all the users offering Viagra, software, stock investments, etc ...

I've just stopped them cold, and it's a simple matter of vB 3.6x having new implementation for the image verification - it seems upgrading doesn't turn the new features on by default, so it may leave the forum open . . . here's the thread:



Turning on the shapes and also using random fonts does the trick - I find it a little hard to read myself sometimes, and I'm human (or was last time I checked . . .) - so my previous comment about agreeing that it might be real humans spamming the forums seems bogus.

I am (almost) glad to hear that it is not just me getting these spammers lately! My guess is that they are most certainly spambots...not people as the language they use is not quite right. I have been running 3.6.0 with image verification and they were still getting through. I updated to 3.6.4 today and will try the varied fonts and shapes to see if that helps.

Dang spammers!!!!!!

Hm, that was the first time I had seen that thread so I turned on all the randomness. Then I tried to register three separate times ... and three separate times I failed. I couldn't make out the letters properly.

So while I'm sure it would stop the bots, I think it would stop people as well.

This isn't an effective solution for me ... sadly ...

IP Clarifications please...

You guys are far, way, far, too advanced for me.

Can you explain:

IP addresses with the * like xxx.xxx.xxx*

Can you explain:

> All I can do for now is block an entire provider.
> I run a whois command on the IP address, find out the
> organization, then ban an entire block of IP addresses
> from that same provider.

How do you block a whole provider?

AND... How do you block whole countries ??

Our blogs are pounded by spammers in Brazil, Amsterdam and Korea --
most recently Palestine and today, a new one in Israel. I suspect they are raising money for terrorist activities.
Who needs readers in those countries, unless you're in those countries?
They could nuke them for all I care.

So how would I block those countries.
My blogs and forums are for the U.S.A., and really no others.

There were some trolls pestering using modem or ADSL lines, so I had to do what I did.

However, since then I found some spam control plug-ins and I have reduced the list of banned IPs significantly. Thanks for finding the common IPs. Just to be on the safe side I put them back to the banned IP list.

Do you know what kind of performance hit I will take with a long banned IP list. Say 300 IP addresses.

Add me to the list of those plagued

Like others here, I seem to be spending a lot of time removing bogus registrations --- mostly Russian. Lots with e-mail addresses that include "cashette." All of my bad registrations show that they live in Eniwetok, a tiny speck of an island in the Marshall Islands --- in the middle of the Pacific. This must be the first listing in the pull-down menu of locations.

Or there are a lot of Russian spammers living on a sandy atoll.

I personally had problems registering on this forum. I think my eyesight (okay, with glasses) is pretty good, but it took five tries for me to finally get the CAPTCHA information right. Strange how the CAPTCHA is befuddling people, but doesn't seem to deter the "bots."

I've just installed the photo verification system. It was easy to install, and it seems to make sense. Now I'm going to sit back and wait to see what happens.

Of course, they may just have a room filled with folks making 18 cents a day sitting in front of an old computer in Siberia handling the registrations individually. I hope the Siberians can't differentiate between a cat and a tree.

Install No Spam! from vbulletin.org and you'll notice a huge decrease in spam if not gone all together like I did.

I switched my forum to Moderate New Members: Yes.

Then I tested it by registering a new name on my forum, and moderation was not required. Is there someplace else besides the VBulletin Options section that I need to set so that new user moderation is activated?

Nope, that's the spot. The only way this would not work is if you installed an add-on or made some other modification to break this.

Spammers are getting sophisticated

Wow this is getting crazy.

I went through this thread and updated what I could.
http://www.vbulletin.com/forum/showthread.php?t=211647 putting every option on under images makes them illegible so that won't work for my users...they have a hard enough time trying to register....

VB needs to create a "Registration Firewall" yes I am coining this term.
Based on Rules, if you post a link or email address in your first 5 posts you become a moderated user...no need to moderate all my users who sign up, the ones who spam have one thing in common (mainly) they want to include a picture, link or email address.. I just don't want them to post.

SO I have AMY K's Forbid users from posting a link if they have less then 15 posts:


Other Useful Spam Fighting Mods:
ISBOT: http://www.vbulletin.org/forum/showthread.php?t=135094 *** This is the most effective Bot protection I have found so far!!! Your forum MUST have this! It catches bots within the first minutes on active forums.
Example:
1. The following user name with email address was blocked by the Is Bot mod: samdeaq - [email protected] (5 seconds transpired)
2.The following user name with email address was blocked by the Is Bot mod: domodonm - [email protected] (7 seconds transpired)
3. The following user name with email address was blocked by the Is Bot mod: Spaniarg - [email protected] (2 seconds transpired)



Ideally spammers only hit with 1 - 5 posts, and if there were a way to moderate the post and the user based on rules
If Registration takes less then x seconds, reject registration
If User has less then x posts and posts a link - Send to Moderation Queue
If User has less then x posts and posts an email address- Send to moderation Queue.

We can spend all the time in the world banning IP Address and email address but the problem is BOT's sometimes are sending their messages from hijacked computers. So your only just setting yourself up to ban a lot of address and it doesn't address the real problem.

We don't want spam to get on our site
I don't want to moderate every user

SO a rules system makes the most sense.
If they do this then this happens.
IF they are from this @hotmail.com domain, and don't post a link in first 5 posts don't moderate
If they are from @hotmail.com domain and post a link within first 2 posts moderate.

Some spammers post once without a link then post a second time with a link...its like testing the waters. So without rules it will be tough to combat this...
Making it harder to register doesn't seem to be fixing appropriately. We want people to register on our forums...ideally not bots but so far we have not found the best solution to stop them, so letting them register but not allowing them to post may be a better option. Then you can flag them and then ban ips or emails afterwards...

Sorry about the rant but just offering a suggestion for VB.com to look into. A registration firewall with rules would be great!

I've been bombarded by spammers lately as well - much more in the past few months. My board is on a pretty specific topic/field, so it seems that spammers are searching for vBulletin installations of any type to spam them.

I've turned on e-mail notifications for new registrations. Many times spammers use strange usernames, and/or they come in with an IP address in Asia or South America, but have a russian e-mail address. They post one or several messages, and then never come back. Sometimes I catch them while they're registering. It's a man vs. spammer kind of 1:1 game at this point.

Someone pointed me to the Akismet extention to vBulletin, but I haven't tried it yet. I try to avoid extentions and hacks wherever possible.

I hope the vBulletin team can put in some better default filtering options for new users, in future versions... such as the suggestions above (if New User with Posts=0 and user is posting one or more URL links, flag for moderation), or: if New User and Posts <= 5 and posting one or more URLs, flag for moderation. These would be cool additions... and a much better solution than having to turn on moderation for all posts by default.

You shouldn't need to set the Image Verification so tight that it is illegible. You might try uploading TrueType fonts from your PC to change things up instead of using the default font. Bots have not cracked the tougher Image Verification in vBulletin 3.6, so your spammer problem is real humans (if you can call them that) who are entering the codes.

I disagree, I believe the bots are sending information directly to the submit form bypassing the image control. I have had the highest image control with GD TrueType enabled, plus I have extra custom fields that you have to have in order to sign up for our site. and email verification turned on.. but if you look at my above post you will see people are registering in less then 5 seconds... they have found a way to directly inject the user variables by passing security protocols. The only way to be sure is for someone to reverse engineer the bot software itself "X-Rumer".

Why do we keep guessing, I am not a coder but if I was I would pull that software apart and see how it works then build my defenses against it...

just my .02

I wrote a tutorial: [How To] Reduce spam on your forum on vBulletin-Faq

After doing this - spam on my forums reduced significantly. They still get through, but its relatively rare.