Spammers Getting Around Image Verification

**spiceplace** · Sat 4 Oct '08, 9:30am

I was wondering the other day, when I was getting a flood of signups, if the imagehash on the vb capcha was unique to each board.

This was the link to the image generation on the verify page:
image.php?type=regcheck&imagehash=d47dd74a5f12b99d 1d5a3fde6236aedd

If not unique to each board, then anyone with access to the vb source could rip through a few billion iterations of the function call, store the hash and the code that the user keys. Once you have enough of them, then you don't need to see, you have a db of hash and response. That was my thought on how they're getting by the human verification. A per board seed would prevent this, should that be the root cause.

**spiceplace** · Sat 4 Oct '08, 9:59am

Originally posted by Steve Machol

We have had confirmation from one forum that a human registered, then turned over the Q&A info to a bot which then rapidly added new registrations to began spamming.

Steve, I have a log file of one of the signups. The accesses are 1 second apart and it took several tries to get the captcha key. I can provide the log to someone there if you want to see it. It's only about 12 lines. PM me if you want the log.

**Steve Machol** · Sat 4 Oct '08, 10:01am

No need. As I said this has already been confirmed. There is very little you can do to stop a human from registering and then turning over things to a bot.

**spiceplace** · Sat 4 Oct '08, 10:48am

Originally posted by Steve Machol

No need. As I said this has already been confirmed. There is very little you can do to stop a human from registering and then turning over things to a bot.

But I installed recaptcha Thursday evening and the bots have been stopped. If it were a human, they certainly would be able to read the two words and type them in.

**Steve Machol** · Sat 4 Oct '08, 11:01am

I did not say that every instance of spammers is being done by humans. Some are and some aren't.

By the way the staff is brainstorming some ideas that look promising.

**fatal1980** · Sat 4 Oct '08, 11:23am

I'm pretty sure my post got deleted, but xrumer is most likely the cause of the spam.

**Floris** · Sat 4 Oct '08, 11:25am

Originally posted by fatal1980

I'm pretty sure my post got deleted, but xrumer is most likely the cause of the spam.

I do not see a deleted post in your profile. And yes, it's xrumer most likely due to it's recent release.

**fatal1980** · Sat 4 Oct '08, 11:31am

Ah. I might have posted on the vbulletin.org then

Thanks!

**hotshot** · Sat 4 Oct '08, 3:30pm

Same problem here, my forum is getting hammered with new registrations of spammers. Vbulletin appears to be in denial, TOO MANY people are being compromised for this to be human.

Most of the email addresses are @gmail.com

**Floris** · Sat 4 Oct '08, 6:37pm

If you read this thread you'd see we are not in denial.

**hotshot** · Sat 4 Oct '08, 6:48pm

What would be really cool is if we could use something like this http://www.maxmind.com/app/city and restrict registrations from certain countries etc.
When I see the word RIPE I know it is trouble.

**stoneaccents** · Sat 4 Oct '08, 7:51pm

Recent upgrade now Porn spam

I just upgraded VB last week and now I am getting slammed by porn spammers. I have a digital scrapbook site I have had about 100 porn spams in the last 2 days. I have heard that a lot of other scrapbook sites have been hit this week also. All of my settings are right. It seems kind of odd that as soon as I upgrade the spams start. What do I need to do to stop this????

I tried to change the adminpc folder and the config.php folder like VB support said and I got page not found when I tried to go to the forum, what could I have done wrong, I named the admin folder the same thing as I named
$config['Misc']['admincpdir'] = 'admincp';

**beishe8** · Sat 4 Oct '08, 8:06pm

Originally posted by beishe8

I'll try it.

Nospam is temporarily disabled.
I'm using only Q&A with the harder to break option.
So far I do not have any unwanted registrations.

Thanks for the explanation,Freddie.

**Dozman** · Sat 4 Oct '08, 8:09pm

I also had Spammers and Porns posting with 3.6.8 and I just upgraded to 3.7.3 and saw Steve post about reCaptcha. I have register and added it to my site and then beefed up some setting. I have mine that when they post. I have to confirm it first. Then if I see something that look wrong. I had there IP and name to the Ban list.

**Steve Machol** · Sat 4 Oct '08, 8:13pm

I also recommend using the Q&A profile field option.

Spammers Getting Around Image Verification

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment