Spammers Getting Around Image Verification

**purplesage** · Wed 1 Oct '08, 8:14pm

They have certainly slowed the bots down. The humans maybe not.
Ive also added a question. 65 spammers on one site 30 on another.
5 legit registrations since the switch No spammers yet knock wood.

Add an extra question to the registration to prevent bot registrations - vBulletin Community Forum

http://www.vbulletin.com/forum/showthread.php?t=205214

**Chippie** · Wed 1 Oct '08, 8:36pm

Wow, I thought I was the lucky one!

I typed russia in the seach on this forum and got this thread right away.

I have been getting hammered also, deleting them as they happen.

What I noticed that was constant is the time zone in the user area once they joined. (GMT - 12:00) Eniwetok, Kwajalein this was on every single one so that's how I sorted the good from the bad.

I just added the extra question so we will se how that goes.

**natbaines** · Thu 2 Oct '08, 12:15am

Originally posted by Chippie

Wow, I thought I was the lucky one!

I typed russia in the seach on this forum and got this thread right away.

I have been getting hammered also, deleting them as they happen.

What I noticed that was constant is the time zone in the user area once they joined. (GMT - 12:00) Eniwetok, Kwajalein this was on every single one so that's how I sorted the good from the bad.

I just added the extra question so we will se how that goes.

Same here! Is there any way of filtering out registrations from this time zone??

**JarrahBark** · Thu 2 Oct '08, 12:33am

I followed Steve's instructions and my spam attack has dropped from 10-20 per hour to nil. Thanks Steve

**natbaines** · Thu 2 Oct '08, 12:35am

Have just changed human verification from image to recaptcha. I will let you know how it goes!!

**RobAC** · Thu 2 Oct '08, 3:36am

Adding the extra question worked for me.

**Photics** · Thu 2 Oct '08, 4:16am

Originally posted by Wayne Luke

Was your question: What is 2 + 2?

You need to ask decent questions.

Obviously I made my question harder than 2+2=4 but I didn't make it too hard. Otherwise, real people are going to have trouble registering. I don't think it's a good idea to ask for the first hundred digits of Pi.

If this a human assisted attack, isn't the extra question meaningless?

**Jobe1986** · Thu 2 Oct '08, 4:33am

On my relativly quiet (few to nobody post) forum, I had 5 registrations yesterday, 2 today, of the ones yesterday, 1 completed registration and posted. The others are yet to post.

**jawatkin** · Thu 2 Oct '08, 5:21am

This actually started for me about a week ago... Not sure if we're allowed to post links to vB modification on vB.org, but this one has stopped them in their tracks... Make 10 or so questions and they'll have a very hard time getting through. Haven't had a single one in since I implemented this..

NoSPAM! for vbulletin

Miscellaneous Hacks - NoSpam! for vBulletin 3.7 - vBulletin.org Forum

http://www.vbulletin.org/forum/showthread.php?t=183329

Miscellaneous Hacks - NoSpam! for vBulletin 3.7 vBulletin 3.7 Add-ons

**Charlie_Brown** · Thu 2 Oct '08, 5:59am

This just started for me (yesterday) as well I added a few mods to try to eliminate this as well as making required profile fields too today. I'll see if this works, most of these porn spammers all have the same ip except a number or 2 numbers different. I had 20 sign up just yesterday for the record and I have the image verification was on too.

**Murdoc** · Thu 2 Oct '08, 7:34am

i would like to know, has VB security been breeched... and will there be a urgent update for this, there must be a way to stop this without having, 20 plug-in's

first what i tried was this, as i would like to stay with as little plug-ins as possible.

I've tried this

How to Reduce Spam and Registration Bots - vBulletin Community Forum

http://www.vbulletin.com/forum/showthread.php?t=275800

i did all what that post says the only thing that is stopping them is that i have to approve them.

i also installed some plug-ins, but i would like to know will VB releasing a security update ???

as i would like to limit the amount of plug-ins on my forums ???

and im really worried because on BV.org some owners are stating that when they start adding the plug-ins and what you guys suggested, they where been hacked ...

Here is some posts http://www.vbulletin.org/forum/showp...0&postcount=79

Originally posted by moonbase

We have had none until yesterday. They say "Man" in the Bio and "Test" in the user name.

These two IP addresses are almost always attached to them:

142.163.3.122 - bad search bot?

200.63.42.75 - Hacker?

I know of a few boards that had this and then a attack on the Site Admin password/log-in and the sites were hacked.

There is something going on. We all need to find help for this.

**Charlie_Brown** · Thu 2 Oct '08, 7:40am

Even turning on admin to approve member has been bypassed by some registrations according to vb.org as well.

vBulletin.org Forum - View Single Post - Spammers

http://www.vbulletin.org/forum/showpost.php?p=1635619&postcount=86

This is a discussion forum powered by vBulletin. To find out about vBulletin, go to http://www.vbulletin.com/ .

**Herzog** · Thu 2 Oct '08, 8:38am

Originally posted by Charlie_Brown

Even turning on admin to approve member has been bypassed by some registrations according to vb.org as well.

http://www.vbulletin.org/forum/showp...9&postcount=86

Same here.

We had over 30 spam users sign up and verify yesterday on two separate forums that we operate. The first thing we did was turn on "Moderate new users" and they were somehow bypassing that as well. Changed the verification from Captcha to reCaptcha and the registrations stopped, but that was around the time that registrations seemed to die off for everybody. I'm not so sure that what we did is the final solution by any means.

Something happened yesterday and the flood gates opened up. 80% of our spammers were coming from fake gmail.com addresses. I think blocking gmail helped as well. Rumor has it that spammers have broken gmails verification too, anybody confirm?

I say it's spammer hunting season. Lock & load... lol

**Charlie_Brown** · Thu 2 Oct '08, 8:45am

I would ban gmail on my forum but I have a lot of users that will leave if I make it where you can't use it so can I ban gmail accounts and still allow those having one currently registered to keep it?

**Doodad** · Thu 2 Oct '08, 8:52am

Originally posted by Herzog

Same here.

We had over 30 spam users sign up and verify yesterday on two separate forums that we operate. The first thing we did was turn on "Moderate new users" and they were somehow bypassing that as well. Changed the verification from Captcha to reCaptcha and the registrations stopped, but that was around the time that registrations seemed to die off for everybody. I'm not so sure that what we did is the final solution by any means.

Something happened yesterday and the flood gates opened up. 80% of our spammers were coming from fake gmail.com addresses. I think blocking gmail helped as well. Rumor has it that spammers have broken gmails verification too, anybody confirm?

I say it's spammer hunting season. Lock & load... lol

I sat and watched two join this morning with moderation turned on. The legit user that joined later was in the moderation cue. Also, I think they removed the banned users list as it is empty and I know I banned a bunch yesterday.

Spammers Getting Around Image Verification

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment