Spam bots defeat Recaptcha.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Vtec44
    Senior Member
    • Jan 2005
    • 1555
    • 3.7.x

    #31
    Originally posted by Zachery
    Sounds like you had GD SimpleFont and not TrueType 2, which would cause the issue.
    Oops, I meant to say "We used to get like 10 spams a day even with captcha and email verification on with 3.5.2". And you're probably right since TrueType 2 wasn't an option in 3.5.2.
    So Cal Sportbike forum - So Cal Moto - Kawasaki Ninja 250R Forum - Custom vinyl decals - Southern California camping forum

    Comment

    • Zachery
      Former vBulletin Support
      • Jul 2002
      • 59097

      #32
      ImageMagick was, and would have fixed the issue

      Comment

      • Chris-777
        Senior Member
        • Jan 2006
        • 312
        • 5.6.4

        #33
        Originally posted by 5thfoot
        I have had these two as well, checked Google and looks like they have registered on at least 1,500 forums in the last 48 hours. I have email verification and Image verification active.

        beijmanli
        Email Address : [email protected]
        Birthday : January 1, 1980
        Referrer: N/A
        IP Address: 58.17.147.112


        KaiyureBoy
        Email Address : [email protected]
        Birthday : January 1, 1980
        Referrer: N/A
        IP Address: 121.234.239.204



        (and that 1,500 forums are the ones Google bothers to index on a daily basis, real number of infected forums must be vast)
        Both of these registered on my site as well.

        Throwing this one into the list for your banning pleasure:

        [email protected]
        81.199.41.228

        I would very much like to see the option of using MULTIPLE verification methods at once. Eg: Captcha + Q&A. I pay for my site out of pocket, and my site is very busy. I already pay over $250/mo into hosting. I'm not throwing another $600 up for anti-Spam. For vBulletin to include Akismet in their commercial software, Akismet should offer a reasonable rate for vB license holders. Right now Jelsoft is just giving them business for nothing, and in return they're gouging your customers.
        Last edited by Chris-777; Wed 21 May '08, 6:54pm.
        http://www.metalmusicians.org

        Comment

        • Vtec44
          Senior Member
          • Jan 2005
          • 1555
          • 3.7.x

          #34
          Originally posted by Zachery
          ImageMagick was, and would have fixed the issue
          Now I know At least spammers kept my moderators busy.
          So Cal Sportbike forum - So Cal Moto - Kawasaki Ninja 250R Forum - Custom vinyl decals - Southern California camping forum

          Comment

          • Boosted Panda
            Member
            • Mar 2008
            • 48
            • 3.8.x

            #35
            I use ImageMagick and im still getting them.

            Comment

            • AdrianH
              Senior Member
              • Sep 2007
              • 508

              #36
              The Q+A is not working as the "Q" has not changed on my forum, I have made several test users and the "Q" remains the same for each registration , it never changes.

              Last night I increased the span time for the ISBot mod to 20 seconds and went to Image Captcha and all the bots failed to get in, the names are listed on Track Visitors and in the ISBot emails.

              --------------------------------------------


              The following user name with email address was blocked by the Is Bot mod: suilmelia - [email protected] (1 seconds transpired) The IP Address is: 86.121.173.124


              The following user name with email address was blocked by the Is Bot mod: neawdwepe - [email protected] (2 seconds transpired) The IP Address is: 217.20.115.118


              The following user name with email address was blocked by the Is Bot mod: WIEGAND-BRUSSJOSEPH - [email protected] (3 seconds transpired) The IP Address is: 203.162.2.134


              The following user name with email address was blocked by the Is Bot mod: Lundun - [email protected] (11 seconds transpired) The IP Address is: 85.91.81.188


              The following user name with email address was blocked by the Is Bot mod: zonasitesla - [email protected] (6 seconds transpired) The IP Address is: 195.248.184.115
              -----------------------------------------------------

              Failed attempts listed by Track Guest Visistor.




              22nd May 2008, 05:21 Visitor No register 218.240.13.108 Member Registration for lmno705

              22nd May 2008, 03:48 Visitor No register 222.183.128.26 Member Registration for lovebeijgo

              22nd May 2008, 02:35 Visitor No register 58.83.45.91 Member Registration for bobo69011

              22nd May 2008, 00:43 Visitor No register 218.82.5.102 Member Registration for netinfgoo

              21st May 2008, 23:20 Visitor Yes (1) register 195.248.184.115 Member Registration for zonasitesla

              21st May 2008, 21:19 Visitor No register 85.91.81.188 Member Registration for Lundun

              21st May 2008, 21:18 Visitor No register 201.43.188.135 *

              21st May 2008, 21:18 Visitor No register 203.162.2.137 *

              21st May 2008, 20:46 Visitor No register 221.201.208.138 Member Registration for lrdldu

              21st May 2008, 20:44 Visitor Yes (1) register 203.162.2.134 Member Registration for WIEGAND-BRUSSJOSEPH

              21st May 2008, 19:58 Visitor No register 217.20.115.118 Member Registration for neawdwepe

              Comment

              • mikesz
                Member
                • Sep 2006
                • 91

                #37
                The last badguy you got on your list has tried to get onto my site (unsuccessfully) at least five times in the last week. The IP resolves to

                217-20-115-118.internetserviceteam.com

                FYI, I have been tracking this stuff for the last six months and have successfully block 100% of these attacks using a simple filter and IP trap that just does input verification of registration data entry and an IP lookup against a bad guy table that dynamically maintains itself from the badguys it traps.

                These robots are not very smart but they are savvy about "in the box" stuff like captchas and simple questions. They do tend to use the same IP addresses and do stupid things like populating hidden form fields.

                I was using .htaccess for some time to block the IP addresses but the list got too big and the performance on my system started to go to hell so I pulled if off and use a database lookup now with an ejection process that prevents the badguy from coming back with the same IP address.

                So far, its 100% success, though the list of IP addresses is rapidly approaching 10K (I started with a seed of known badguys of about 5000) and I have physical data ( I try to log everything in the database if I can about these freaks ) that I have collected since November that 3500 of these freaks have been blocked from my site.

                By the way, at least one group of Russian spammers have purchased large blocks of Chinese IP addresses (in Shanghai but I don't thinks that matters as the IP address are not geographically specific to there but are in China) which may be why you are seeing a lot of Chinese IP addresses. Though having said that, I have a fair number of attempts coming from Chinese .edu sites as well as real Chinese badguys. With the robots you can't really tell where they originate, however, they tend to grab IP addresses that are available and exposed.

                It is not a pretty story.

                I do have my memberlist protected now so that no one can access it, not even the site admin from any external source. If the incentive is to get to my memberlist, that's a fool's errand on my site.

                I reported here back in 3.6.8 time frame that I was getting spammed and bogus member sign ups even though I had captcha and !NOSPAM enabled but didn't get any good answers that worked. As I recall, I got disbelief like "that's not possible we have the best captcha on the planet" or just ignored. BTW, so this isn't a johnny come lately problem, it has been around some time and perhaps worse than ever. I am guessing that the vb developer who said that it was a "leapfrog" problem is 100% right on and THAT is why vB can not fix the problem. Have the "best" makes it a target for any moron hacker up for the challenge! That number grows with each release of th product and every new feature that is added it it becomes the next project for the hacker. The solution can not be "business as usual" ... The badguys have ready access to all of that technology and are adept enough to smoke any solution before it ever gets off the launch pad. Custom solutions on the other hand are a LOT more difficult to figure out and don't have the problem of exposure to the universe.


                HTH, mikesz
                Last edited by mikesz; Thu 22 May '08, 12:05am.

                Comment

                • TalkPhotography
                  Member
                  • Apr 2006
                  • 62
                  • 3.6.x

                  #38
                  We've had an increase in spammers this past week (3.7).
                  Most resolve to a chinese IP address.

                  We have most things turned on, but theyre still getting through. No big problem though, there are only a few, and theyre quite easy to spot. Here are some more to look out for

                  beijmanli [email protected]
                  KaiyureBoy [email protected]
                  klmn939 [email protected]
                  lovebeijgo [email protected]
                  LRKSFAG [email protected]

                  Only one of these had chance to spam.
                  I noticed the others, because our first custom field (which is a real name) was being filled with the word Array.
                  A quick search on that field led me to the others, and sure as eggs is eggs, theyre spammers.
                  May be something to look out for?

                  Comment

                  • nibb
                    Member
                    • Apr 2008
                    • 34

                    #39
                    In the last 24 hours the 3 registered on my site:
                    [email protected]
                    [email protected]

                    And [email protected]

                    They are all from China, they did not posted anything on the forum so i just deleted them.

                    I dont have recaptcha but normal captcha with email verification.

                    Now the funny thing is that my forum is very new it has maybe 5 topics on it and its not even in english so they must be bots. I suppose another person with a non english forum that has Q&A setting on can confirm this? If they also get the registrations then they are bots. If they where humans i dont think they speak every language in the world.

                    Comment

                    • El Burro
                      Banned
                      • Apr 2007
                      • 166
                      • 3.7.x

                      #40
                      I installed ISBot this morning it's already stopped five bots registering in only a few hours!

                      It certainly seems to work very well. Not sure if it's 100% proof but it's automatic and saves deleting spam.

                      Worth a try if you aren't using it yet.

                      Comment

                      • Chris-777
                        Senior Member
                        • Jan 2006
                        • 312
                        • 5.6.4

                        #41
                        ^ That's working on 3.7?
                        http://www.metalmusicians.org

                        Comment

                        • vord
                          New Member
                          • Mar 2008
                          • 23

                          #42
                          Seems to work on 3.7, though I'd imagine if a lot of people used it the bots would put a time delay in.

                          I've blocked China in htaccess. That seems to do the trick.

                          Comment

                          • renep
                            Senior Member
                            • Aug 2005
                            • 596
                            • 3.8.x

                            #43
                            Originally posted by nibb
                            I suppose another person with a non english forum that has Q&A setting on can confirm this?
                            Same here. [email protected] passed the Q&A on one of my Dutch forums.
                            "The lurking suspicion that something could be simplified is the world's richest source of rewarding challenges"
                            - Edsger Dijkstra

                            Comment

                            • CarterMarkham
                              Senior Member
                              • Apr 2008
                              • 207
                              • 4.0.0

                              #44
                              I have these beji members successfully registering too. I also have a track visitors mod on my 3.7 forum and it shows new registrations, but they don't show up in the members list, and vBulletin says the username was not recognized, so ReCaptcha is doing its job for the most part except for these Chinese people...

                              Comment

                              • Boosted Panda
                                Member
                                • Mar 2008
                                • 48
                                • 3.8.x

                                #45
                                I would like to block all Chinese IP's how would I do that? This spam is rediculous, and more than that I hate WOW and all these spammers are those Chinese Farmers I always hear people at work babbling about.

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...