Spam bots defeat Recaptcha.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • snoopy5
    Senior Member
    • Sep 2004
    • 184
    • 3.6.x

    #76
    Hi

    since 21.5.2008 I have also all the mentioned spammers on my different forums. All vb forums. Version 3.68, 3.6.10 and 3.7. More then 10 forums.

    I have always captcha on (GD true image), I have always e-mail verification on and I have always at least one mandatory field for a profile question (select option box).

    So this is not a version issue.

    Surprisingly, I have under the same "roof" also other forums with a different software (discusware.com). No spam attack there at all!

    So these guys have obviously focused on vb only.

    The way how they behave is always the same. They register on one board, then they do nothing for 1-2 days. After that they start posting.

    They do not register on all of my forums at the same time. The same username does it on one day on forum 1, on the second day on forum 2 etc. All forums are under one roof and are linked to each other.

    I have Englisch and German forums, so the language seems not to be a criteria.


    Now there are 2 very serious problems, noone in this thread mentioned before:

    1. These accounts are able to post, although the exact same IP was banned one day before

    2. These accounts are able to post, although all gmail e-mail addresses are blocked (also for old users) one day before.


    How is this possible? And how to fix this asap?
    Last edited by snoopy5; Mon 26 May '08, 1:53am.

    Comment

    • copiertalk
      Senior Member
      • Oct 2005
      • 851
      • 3.7.x

      #77
      I got the two in the original post.
      www.Copiertalk.com - Everything Copier , Printer, Fax

      Comment

      • hbr
        New Member
        • Sep 2006
        • 28
        • 3.7.x

        #78
        Originally posted by snoopy5
        Now there are 2 very serious problems, noone in this thread mentioned before:

        1. These accounts are able to post, although theiexact same IP was banned one day before

        2. These accounts are able to post, although all gmail e-mail addresses are blocked (also for old users) one day before.


        How is this possible? And how to fix this asap?
        If the ban doesn't work it really seems to be a security problem in this case. AKA "bug".
        I banned the whole chinese networks on the server level so they can't even access vb. This helped. No bot-registrations since then.

        Comment

        • steven s
          Senior Member
          • Jul 2004
          • 3722
          • 3.8.x

          #79
          I don't think banning email addresses or entire ip blocks is the answer.
          Some of you get too worked up over this.
          Spam is here to stay. I don't believe they are bots doing it providing you confirm email addresses and use CAPTCHA.

          I think by far the best mod (and should be included with vB) is
          Prevent Spam Posts


          I've added additional keywords to prevent our latest fiends from posting.
          I don't care that I need to delete and ban a few people each week.
          I'm just glad their posts are not visible.

          And I don't believe askimet is of any use.
          Look how much spam gets posted to vb.com.
          ...steven
          www.318ti.org (vB3.8) | www.nccbmwcca.org (vB4.2)
          bmwcca.org/forum | m135i.net
          "I tried to clean this up but this thread is beyond redemption." - Steve Machol

          Comment

          • David Grove
            Senior Member
            • Apr 2008
            • 3507
            • 5.5.x

            #80
            Originally posted by sockwater
            Do you think this would be a good tactic? Add a hidden form field to the registration form, and then when it's submitted, if there is anything in it, then deny registration? Would there be any chance of false positives?
            Any opinions on this?

            Just got a new one, hasn't posted yet, but look at the email.

            username: loveumaryii
            email: [email protected]
            sig: self-trust is the first secret of success.
            ip: 222.183.121.201
            Last edited by David Grove; Mon 26 May '08, 5:17am.
            ~~~~~

            Comment

            • renep
              Senior Member
              • Aug 2005
              • 596
              • 3.8.x

              #81
              Originally posted by sockwater
              Do you think this would be a good tactic? Add a hidden form field to the registration form, and then when it's submitted, if there is anything in it, then deny registration? Would there be any chance of false positives?
              I've used that trick in some hand-coded form handlers (outside of vB). It worked fine for a while, but a couple of months ago new spam started to pass this test.

              I guess any trick that can be beaten by an if-then-else statement is worthless.

              I don't see how you could get false positives though.
              "The lurking suspicion that something could be simplified is the world's richest source of rewarding challenges"
              - Edsger Dijkstra

              Comment

              • BrotherX
                New Member
                • Sep 2007
                • 26
                • 3.6.x

                #82
                Ditto here also.

                Two of them, both posted few similar posts, both I banned few seconds after they posted comments.




                Names:
                1. KevinFlys
                2. lovebeijgo
                Gmail email, under location (which is obligation on my forum) they put location number "1" and registered like that? lovebeijgo registered today, KevinFlys I was ban before few days, he return today and log inside forum, than I was edit his account and change mail and password.

                Forum Registration Config.
                Image verification registration with verification email send back for all newly registered users.
                Last edited by BrotherX; Mon 26 May '08, 1:30pm. Reason: a

                Comment

                • pete2007
                  New Member
                  • Jan 2008
                  • 27

                  #83
                  Over the past week I have had to ban several users for spamming.

                  This is the first time since I have owned the forum.

                  The members are:

                  beijmanli - [email protected] - 58.17.147.112
                  jklm895 - [email protected] - 59.173.226.84
                  joshnjob - [email protected] - 122.194.25.28
                  KaiyureBoy - [email protected] - 222.187.236.142
                  KevinFlys - [email protected] - 220.178.42.42
                  lovebeijgo - [email protected] - 222.183.122.18
                  loveumaryii - [email protected] - 222.183.121.201

                  The letter/text image is on, and I have now activited email variation.

                  Comment

                  • lapsetur
                    Member
                    • Nov 2005
                    • 46
                    • 3.5.x

                    #84
                    I could only stop them by using "Human Verification" System. Even I ban them they come with different mail and different user name.

                    I used Question / Answer in my native language. Now they can not register

                    I guess this is useless for an English Spoken Forum


                    KaiyureBoy vbulletinboy @ gmail.com
                    stuv502 edgdrgdrg @ 21cn.com
                    uvwx698 lmy416 @ gmail.com
                    Last edited by lapsetur; Tue 27 May '08, 6:09am.

                    Comment

                    • pete2007
                      New Member
                      • Jan 2008
                      • 27

                      #85
                      Originally posted by pete2007
                      Over the past week I have had to ban several users for spamming.

                      This is the first time since I have owned the forum.

                      The members are:

                      beijmanli - [email protected] - 58.17.147.112
                      jklm895 - [email protected] - 59.173.226.84
                      joshnjob - [email protected] - 122.194.25.28
                      KaiyureBoy - [email protected] - 222.187.236.142
                      KevinFlys - [email protected] - 220.178.42.42
                      lovebeijgo - [email protected] - 222.183.122.18
                      loveumaryii - [email protected] - 222.183.121.201

                      The letter/text image is on, and I have now activited email variation.
                      Just got another one:

                      cdef904 - [email protected] - 125.83.36.197

                      Comment

                      • BrotherX
                        New Member
                        • Sep 2007
                        • 26
                        • 3.6.x

                        #86
                        THOSE SPAM NICKNAMES ARE NOT LISTED IN FORUM MEMBERS LIST, even they are registered!

                        I get today one more.

                        None of them.

                        Comment

                        • thebigman87
                          New Member
                          • Nov 2007
                          • 2
                          • 3.6.x

                          #87
                          I've too had trouble with these Bots (Name above) but was visiting Vbulletin.com for a seperate issue, However back to the issue, it's a shame that these Bots can get through but more surprising to me is how they have been able to span such large amounts of sites.

                          Comment

                          • Firen
                            New Member
                            • Jan 2007
                            • 7
                            • 3.6.x

                            #88
                            Yup, add my two sites to the list of vB forums that have been hit by these 'people'. EXACT same names. Coincidentally, both of my sites have recently been upgraded to 3.7.0. Before the upgrade, we very rarely had spammers. I have better things to do that spend my day deleting these members!

                            Comment

                            • CKDexterHaven
                              New Member
                              • May 2007
                              • 4

                              #89
                              The site I run has also been hit with spammers over the past two weeks. I've deleted at least 5 or 6 of the names mentioned above--KevinFlys I just pitched out a few minutes ago. And last week, I also tossed out vbulletinboy (cheeky much).

                              It got so bad that we added an approval step to the registration process--I just google each registrant's information to make sure he/she isn't a spammer before I activate the account. Even so, one or two with no prior spamming history have gotten through and posted spam before I banned them. Maybe those will show up on google as "banned" registrants, so other admins will have some warning about them.

                              Incidentally, I'm running 3.6.8 and have rarely had spamming problems until the past two weeks.

                              Comment

                              • Boosted Panda
                                Member
                                • Mar 2008
                                • 48
                                • 3.8.x

                                #90
                                The problem is some of these are people as well as bots

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...