I am being hit with 50-75 a day too. And I changed it two days ago to moderate new users and the only users getting moderated are legit. The Spammers are by passing the moderate new users option.
Spammers Getting Around Image Verification
Collapse
X
-
-
Can someone who has had spammers bypassing user moderation, please post this into bug tracker so that vbulletin programers can have a look at it because it seems like a major security flaw..Comment
-
If that is the case, there is a major security issue here and an emergency is at hand.
My forum got hit as well, BTW...few got through in my case: 6- 12
I used Akismet, Image Verification and Address Verification.
I just switched to Registration Moderation, reCAPTCHA until we know what's going on.
I fear someone found an exploit and is milking it for all its worth.Comment
-
Just to clarify. Nothing is "bypassed" they can just "read" what the captcha says, it is not a security issue. That said, yes, very frustrating for board owners and changing to the HV Q+A with a home made creative question stops it for 99%Comment
-
.Comment
-
--I also hope that is not true, and that you are having some other issue. So far, I have not seen anything like this. I will certainly report it if I see it. The other thing I wanted to mention is to be careful with signatures. I.e. even if you moderate new users, only give signature create access to fully registered users that you trust are legit. If these creeps register, the first thing they try to corrupt is the signature.Comment
-
Default usergroup: Always moderate? YES
Create a new usergroup: dont-moderate-these-members, with permission to not moderate them.
Create a new promotion for the default usergroup, to upgrade after 2 or 5 posts to additional usergroup you just created.
Then everybody has 0 posts basically that sign up, untill their good posts are approved, every hour the script checks who has the x or more posts, and upgrades them, so future posts wont get moderated.Comment
-
From the few reports I've read in the last 48 hours only 1 user I can not clarify why this happened. No log files are provided either. If this happens to you too, please provide server log files for access_log and error_log in a private support ticket, with details of what user and which IP. So we can see if we can trace the steps back and find out why they could possibly bypass this usergroup.Comment
-
Never ever got spam through sendmessage.php until yesterday
Using different e-mails, IP's are not the same but the first numbers are often identical, sometimes advertisments for movfree or german viagra. They're always sent at night, strangely. Luckily they don't register yet, so I'll disable sendmessage.php for unregistered members.
Edit: Ah, good thread: http://www.vbulletin.com/forum/showthread.php?t=275800Last edited by EWGF; Sat 4 Oct '08, 3:57am.Comment
-
I can say for a fact that they are not humans. I was updating a forum last night that died with a database error. The forum wouldn't work in a browser. It was late and very low activity forum so I let it go. Got up early this morning to fix things up and had a bunch of new user emails!Comment
-
Change to the Human Verifiaction Library : Question & Answers, and set a few unique creative questions.
Bad question: What is 2+2
Good question: If you eat half a dozen of apples, but put one back, how many do you have left?
Bad question: Color of Sky?
Good question: Third letter in the logo of this site? (From the right)Comment
-
Comment
-
I can say for a fact that they are not humans. I was updating a forum last night that died with a database error. The forum wouldn't work in a browser. It was late and very low activity forum so I let it go. Got up early this morning to fix things up and had a bunch of new user emails!
At this time I recommend using the Q&A verification with as many different Q&As as possible which will be randomly applied for each registration.
Meanwhile the Devs are looking at stronger measures but unfortunately when you have a person doing something like this, then there is no easy way to stop this. If you are being hit, you should consider moderating new members.Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment