Spam bots defeat Recaptcha.

**Sparky-s** · Sat 24 May '08, 7:46am

Got a new one today

There is a new user, 0523jk

Email Address : [email protected]
Birthday : January 1, 1980
Referrer: N/A
IP Address: 218.240.13.108

How you heard about us? : 1

**neal007** · Sat 24 May '08, 8:27am

I'm having fun with this mess too since upgrading to vB 3.7! Using recaptcha, require birthday, require profile fields, etc. It also "seems" as if the flood posting time limit is being bypassed, I don't know how they shotgun so many posts in such short time with a 30 second flood check! I think someone at vB needs to re-evaluate some of these security issues OR figure out how these china attackers are exploiting vB 3.7.

**Mrs Take 2** · Sat 24 May '08, 9:03am

I am having the same spam people sign up as well. I have recaptua and email verification turned on but when I registered as a test user I never got the email verification. I'm not sure why the email verification is not working if it is enabled.

**JasonWilliams** · Sat 24 May '08, 1:01pm

Originally posted by CareyCrew

They are walking right past all the captcha systems I have tried so far.

Anyway, there is an image mod from v3** that is available and working on v3.7, I am trying that out now and it is called BEFORE the registration fields so it acts as an extra layer.

Users are required to click the appropriate image to be able to proceed to the registration fields.

Miscellaneous Hacks - Enhanced Captcha Image Verification - stop bots from signing up!! - Page 19 - vBulletin.org Forum

http://www.vbulletin.org/forum/showthread.php?p=1529848#post1529848

Miscellaneous Hacks - Enhanced Captcha Image Verification - stop bots from signing up!! vBulletin 3.8 Add-ons

I have increased the default number of images displayed from 4 to 8.

There are instructions in the thread to do this and Jason the coder is looking at makinga new version with ACP controls in the future.

Hey guys, I am working on this as we speak, just waiting for a little help from the guys over @ vb.org, but in the meantime, the mod for 3.6.x does work on 3.7 - it has been tested and I have tested it myself, there is a little guide on how to increase the number of images, it's worth doing until I'm able to release the official 3.7 version.

HTH

Jason

**hbr** · Sat 24 May '08, 1:37pm

There is even spam here:

vBulletin Community Forum

http://www.vbulletin.com/forum/showthread.php?t=272964

I'd bet a fortune this 'user' came from .cn

It's time to get some countermeasures going...

**neal007** · Sat 24 May '08, 1:43pm

It's only happening on vBulletin is it not? I haven't seen this on other boards I have friends with. I never had this happen until 3.7. I am blocking China IP ranges at my firewall. People without a firewall may want to use vBulletin's censorship options as an alternative.

**hbr** · Sat 24 May '08, 1:45pm

This surely happens with other boards, too.

I have no doubt that the Jelsoft-staff will find the way how this happens and then will bring this to a stop.

**steven s** · Sat 24 May '08, 2:34pm

Originally posted by Sparky-s

Got a new one today

There is a new user, 0523jk

Email Address : [email protected]
Birthday : January 1, 1980
Referrer: N/A
IP Address: 218.240.13.108

How you heard about us? : 1

My board also.
same ip 218.240.13.108
May 24, 2008 at 4:28

**Vtec44** · Sat 24 May '08, 3:24pm

So far so good on my end ever since I upgraded to 3.7. I used to get like 10+ spams a day, now I haven't gotten one for like a month.

**Mrs Take 2** · Sun 25 May '08, 6:16am

I'm still not sure why my email verification is not working even though it is turned on. I even have members telling me they don't get an email when they get pm's or when they are subscribed to a thread.

**steven s** · Sun 25 May '08, 6:51am

lovebeigo just hit my board.

**David Grove** · Sun 25 May '08, 12:24pm

Do you think this would be a good tactic? Add a hidden form field to the registration form, and then when it's submitted, if there is anything in it, then deny registration? Would there be any chance of false positives?

**magmf** · Sun 25 May '08, 1:15pm

Originally posted by Sparky-s

Got a new one today

There is a new user, 0523jk

Email Address : [email protected]
Birthday : January 1, 1980
Referrer: N/A
IP Address: 218.240.13.108

How you heard about us? : 1

hahaha i got those too

0523jk [email protected] 23-05-2008 24-05-2008 0
080522jk [email protected] 22-05-2008 23-05-2008 0

**Toivo1037** · Sun 25 May '08, 7:33pm

Narrow access drastically?

I have been getting these ones too, about 5-6 different ones in the last week.

I ban the register, then ban their IP,(xxx.xxx.xxx.*) but it is not enough for me. Time to get tougher. I am 99.9% sure that everyone I want to reach is located in North America. How can I completely shut off access to everywhere except North America? (I know that they can work through a more local computer, but this should at lease slow them down.)

I will start keeping a list of these spammers, and IPs to help out.

Thanks,
-Neil

**Toivo1037** · Sun 25 May '08, 7:48pm

Here are my 2 that I didn't see before on this thread

dreamath [email protected] 116.234.4.127 Birthday : January 1, 1980

KevinFlys [email protected] 220.178.42.42 Birthday : January 1, 1980

FYI, I ask 2 questions for the profile, and they are being filled with "1"

Spam bots defeat Recaptcha.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment