Spammers Getting Around Image Verification

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Wayne Luke
    vBulletin Technical Support Lead
    • Aug 2000
    • 73976

    #91
    Originally posted by ascender
    Is there any way that VB could be modified to support multiple questions & answers upon registration?
    There is the No Spam! addon at www.vbulletin.org. You can use that with one of the built-in Human Verification methods to have multiple questions. Also you can simply add required profile fields in the Profile Field Manager. See the following thread for an example:

    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API

    Comment

    • ascender
      Member
      • Feb 2007
      • 58

      #92
      Originally posted by Wayne Luke
      There is the No Spam! addon at www.vbulletin.org. You can use that with one of the built-in Human Verification methods to have multiple questions. Also you can simply add required profile fields in the Profile Field Manager. See the following thread for an example:

      http://www.vbulletin.com/forum/showthread.php?t=205214
      I've been looking at NoSpam! but unfortunately can't get the mod to show on the user registration form. Meanwhile the spammers are rolling on in!

      Comment

      • Steve Machol
        Former Customer Support Manager
        • Jul 2000
        • 154488

        #93
        Just a reminder: How to Reduce Spam and Registration Bots
        Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
        Change CKEditor Colors to Match Style (for 4.1.4 and above)

        Steve Machol Photography


        Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


        Comment

        • birdie
          Senior Member
          • Aug 2004
          • 323

          #94
          I have 5 vB forums; 2 have been getting hit really bad and could not work out why the other 3 were being left alone ... I just put it down to luck.

          HOWEVER, I just worked out that I had the NoSpam! mod from vB.org installed on the 3 that were not getting hit ... I thought I had installed on all 5! ... installed it a couple of hours ago and the flood stopped instantly.

          Comment

          • mikeinjersey
            Senior Member
            • Apr 2005
            • 369

            #95
            I did a simple question and answer thing on all 3 of my forums...and the spam registrations stopped instantly. I wish people would stop posting with the inaccurate replies saying that this doesnt work and that doesnt work without giving it some time..

            Obviously the simpliest question and answer protocol fixes everything instantly....for now.

            so have just installed that No Spam mod, thanks for the links to it.
            I may install it as it seems like the next best method... but maybe vBulletin.com will implement it in their next version ? if so i'll wait.

            Comment

            • kellym
              New Member
              • Feb 2006
              • 29

              #96
              I got hit with 50 or 60 new users yesterday. Usually I get 1 or 2 new users a day. Indeed many use gmail addresses, and almost all come from unique IP addresses often in China, Russia, the Ukraine or the USA.

              Sometimes it's difficult to determine a real user from a spammer. The bots are starting to fill out the User Profile fields, making it look like they are real people. I spent a few hours tracking the attackers and noticed a curious thing: the computers used to register are compromised/hacked machines from all around the world.

              Try a port scan for TCP port 3389 on your newly registered users. I bet dollars to donuts the port is open, and it's a compromised machine. About 90% of the time, the spammers are using Windows Terminal Server to access these compromised computers, they register on Gmail and vBulletin forums and post forum spam. They are likely using the XRumer tool to automate this process, as the tool's authors started boasting recently that they've cracked both Gmail & vBulletin's image verification methods.

              Code:
              nmap -sS -T4 -P0 -p 3389 aaa.bbb.ccc.ddd
              where the aaa.bbb.ccc.ddd is the IP address of the new user.

              I implemented Moderation of all new users, so new spam doesn't hit the public. And since I already have Image Verification enabled, I added a second text-based Human Verification option as discussed in this thread. So far so good.

              kelly
              kelly's red beet factory, www.redbeet.com

              Comment

              • Freddie Bingham
                Former vBulletin Developer
                • May 2000
                • 14057
                • 1.1.x

                #97
                It does appear that a certain spam program has released an update in the last few days that is able to decipher the image captchas of gmail, Invision, PHPBB, and vBulletin. Since gmail is broken, the script can automatically create email addresses for email verification.

                The update for this program states that it hasn't broken recaptcha, though they are surely trying.

                To continue to devise an image captcha, that is increasingly difficult for humans to decipher, leads to a captcha that only a computer can decipher. This is why I built the image captcha to be configurable by the end user.

                If you are using the image captcha, change the fonts and the backgrounds. In your forums/images/regimage directory, you will find a fonts/ and a backgrounds/ directory. Remove all of the default fonts in the fonts directory and add a collection of your own .ttf fonts. You can get freeware fonts all over the web. Pick some that are a bit strange but still readible and stick them in the directory. The backgrounds are 201x61 jpg images. Create your own, I suggest putting some text on them, that will really confuse the script, just do it so that when the captcha text is added to it by vBulletin, it doesn't confuse your registrees. The system will automatically use the fonts and images that you add to the appropriate directories.

                When using the QA system, don't create questions like these:

                What is 2 + 2?
                Please enter the word "brown".

                The nefarious script at work here can most likely handle those questions. You must ask a question that doesn't give the answer in the question. I suspect something like "If you have three apples and eat one, how many do you have left?" would work.

                Adding required fields will also no longer work. The script can handle the "required field missing" errors and resubmit with those fields filled in.

                Comment

                • mikeinjersey
                  Senior Member
                  • Apr 2005
                  • 369

                  #98
                  Originally posted by Freddie Bingham

                  If you are using the image captcha, change the fonts and the backgrounds. In your forums/images/regimage directory, you will find a fonts/ and a backgrounds/ directory. Remove all of the default fonts in the fonts directory and add a collection of your own .ttf fonts. You can get freeware fonts all over the web. Pick some that are a bit strange but still readible and stick them in the directory. The backgrounds are 201x61 jpg images. Create your own, I suggest putting some text on them, that will really confuse the script, just do it so that when the captcha text is added to it by vBulletin, it doesn't confuse your registrees. The system will automatically use the fonts and images that you add to the appropriate directories.
                  Instead of messing around with all that, I was going to try out the ReCaptcha method. But is it confirmed that, thats broken as well ? isnt that a fee based service ?

                  Comment

                  • Floris
                    Senior Member
                    • Dec 2001
                    • 37767

                    #99
                    Originally posted by mikeinjersey
                    Instead of messing around with all that, I was going to try out the ReCaptcha method. But is it confirmed that, thats broken as well ? isnt that a fee based service ?
                    It is not broken (yet); and once it is, surely since it's a service they will try to update reCAPTCHA to fix that.

                    Comment

                    • Freddie Bingham
                      Former vBulletin Developer
                      • May 2000
                      • 14057
                      • 1.1.x

                      Originally posted by mikeinjersey
                      Instead of messing around with all that, I was going to try out the ReCaptcha method. But is it confirmed that, thats broken as well ? isnt that a fee based service ?
                      As I said in my post
                      The update for this program states that it hasn't broken recaptcha
                      Recaptcha is free.

                      Comment

                      • natbaines
                        New Member
                        • Feb 2008
                        • 8
                        • 3.7.x

                        i changed to recaptcha after the recent problems and have gone from over 50 spammers in 12 hours to none.

                        I am however anxious that Freddie believes recaptcha will also be broken soon, but if it works for now im happy for now!

                        Comment

                        • Freddie Bingham
                          Former vBulletin Developer
                          • May 2000
                          • 14057
                          • 1.1.x

                          Originally posted by natbaines
                          i changed to recaptcha after the recent problems and have gone from over 50 spammers in 12 hours to none.

                          I am however anxious that Freddie believes recaptcha will also be broken soon, but if it works for now im happy for now!
                          If vB owners change to recapctha in mass, then the script programmers will shift more resources to breaking it. I'm sure the recaptcha team can adjust it but it becomes an ongoing game.

                          Comment

                          • Mike Vollmer
                            New Member
                            • May 2008
                            • 8
                            • 3.7.x

                            Same here, IP addresses are all over the world, most common locations Russia, Latvia, Mexico. I turned on new user moderation to block them from posting before I ban them, but it hasn't slowed down the registrations.

                            Comment

                            • Ohiosweetheart
                              Senior Member
                              • Dec 2005
                              • 1965
                              • 3.8.x

                              GAWD how I wish we could delete members en masse, much the same as we can delete threads, by checking boxes, rather than one at a time.
                              What a PITA.
                              Peggy
                              ~ normal is overrated ~

                              One Buzy Mama!

                              Comment

                              • wutthehell
                                New Member
                                • Jun 2008
                                • 6

                                I was getting close to 50 an hour trying to register. I enabled the reCatcha, and the secondary verification question.... not a single one since, it seems to have worked. Thanks for the info on here guys/gals.

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...