Spammers Getting Around Image Verification

Please explain its use a little further with examples in the future releases.

Not wanting to tempt fate but so far these bots have failed to gain access to my forum.

I use the image captcha with random font/size/color/slant , this is combined with No Spam http://www.vbulletin.org/forum/showthread.php?t=183329 and a large selection of questions,plus "Stop the Registration bots" http://www.vbulletin.org/forum/showthread.php?t=183917 with its hidden fields,(make sure that you change the codes!!!!)

I added some extra required fields to my registration page,1) because I wanted to get the information and 2)many of the humans seeding the forums do not speak english/other languages,they copy paste info from a script and do not know what to do with lots of extra boxes.

For those manual spammers (I have only had 2 in the last month) I use One Touch Ban and Clean up http://www.vbulletin.org/forum/showthread.php?t=183917

Setting registration to email verification at least stops many from coming back ,and depending on your forum useage you can ban whole IP ranges and email domains.

The Q+A system is available in the Human Verification section of your ACP.

Set questions and answers to be given by new registrants, this is explained in the vB manual.

thanks for the Q&A advice which I've just implemented. We are a small local group who meet up regulary so the forum is only open to these people. Just spoken to the membership coordinator and we've set up a code to input as an answer that gets emailed to new members before they sign up.

What I don't understand is, we have no link from our main site to the forums and I've never found it on Google when searching so how have our forums been found?

edit: scrub that last bit, I've just googled and its suddenly appeared in 2nd place, not the case the other day

That's covered in this link: How to Reduce Spam and Registration Bots

Another chime in - human verification was AWESOME ... and then it wasn't. They're baaaack ... I'll try the stuff in this thread. The time when Human Verification worked was so sweet I want to go back to that!

The spammers don't get access to my forums at all, because I personally manually tiresomely send every new registratant an email asking an innocuous question related to the hobby the site features, and only approve those who respond. (Except registrants deleted forthwith based on illogical usernames.) However, some legit hobbyists don't register with their real email address and never respond, and I know I miss approving some number of them.

I use email verification and human verification to cut down on the registrants I must mess with. Bad registrants are added to the ban list. This site http://www.theodora.com/country_digraphs.html helps the ban list stop registrations from locations where the hobby does not exist.

Daily I have far more spam registrations than real ones.

It would be wonderful if registrants could be presented with the simple question that could have broad-ranging answers while they are registering, and I could see the answers (or part) on the "Moderate Users" page along with their email addys. That would make manual approval just as effective, less time-consuming, faster and more effective for the real users, and I wouldn't be missing real hobbyists who don't share real emails.

I saw how to add the profile field ... where is the random Q&A located? How does one accept different legit answers? thx!

I agree jail time is too good for spam senders who are a black hole for time and resources gaurding against them.

Q+A is available in vB ACP Human Verification or with the mod NO Spam.

If you want to add questions to your registration you do that with Custom Profile Fields and set the questions to "Required". You can then ask prospective users your questions and the answers are shown on the notification email you receive.

If your forum is for a private group and you don't want/need it to be indexed then set all forums/categories to member only and turn off indexing in the forum manager.

For a totally private forum password protect your public_html folder and make sure that members are the only ones with the password

THANKS!

I added these two products to my forum today, and after having turned off new registrations for a few days - I went and turned registrations back on. Holy Crap!

In less than 5 minutes, the bots were at it. I could see them in the "Who's On Line" area, attempting to register. All IPs from RIPE, APNIC and LACNIC. I keep watching them try, but they have yet to get in! Some of the IPs they are using right now are 121.150.175.24, 200.63.42.95, 93.174.93.196, 195.60.174.21.

I can only assume that they have been trying all along but since I had registration turned off, nothing was happening. I find it amazing that they care so much about my little forum that gets very little traffic.

I guess they will eventually make it through these new implimentations, but for now they seem to be held at bay. Still, it's a real crock, if you ask me.

So far so good. No problems today. It nice and clean.

Thank you Steve for the info. I am still learning much with VB

There is another mod available that would be really effective if everyone used it.

>> vbStopForumSpam - known spammer lookup for new registrations : http://www.vbulletin.org/forum/showthread.php?t=176481 <<

I added this yesterday and overnight it blocked 12 known spammers from joining.(Most,if not all would have been stopped by the other mods I use but I often see failed registration attempts on the guest list and only get a name and IP address,this vBStop mod logs all details )
Sign up for an API key and you can add spammers to the database too.
Yes I know it will not catch the latest bots first attempts but if everyone used this and reported bot/spammer details as they got them the spammers progress would be killed in hours.

I unnstalled that as its not worth it. Too many false positives (ie legit members blocked) due to the nature of the database used to identfy the IP addresses (it blocked an AOL IP address at one stage!) ... better off implementing the other solutions in this thread.

You have the choice of which items to check on the database, set the mod to check username and email address and there is no issue, IP addresses used by spammers are irrelevant as the bots pick up any IP available,look at the lists of spammers and you will see the same username and email against many IP's,one case is username "kathy" which I have logged on 7 seperate attempts each from a different IP address and country of origin.

This system does work very well if used correctly. As to yoour AOL address, why do you beleive that spammers do not use AOL?

Maybe that AOL address was spamming? Did you configure the plugin properly so that old spamming IP addresses are ignored? Did you configrue the mod so that it didnt scan IP addresses? Hmm, No? My board has gone to zero spambots without a false positive.

My forum is getting nailed too and I thought I was targetted but now I see it's just because I run VB. I am gonna start installing different add-ons and see what works. This kind of stinks having to spend the time to do this. Damn those spammers. I hope a version is released where these spammers can be stopped.