There is the No Spam! addon at www.vbulletin.org. You can use that with one of the built-in Human Verification methods to have multiple questions. Also you can simply add required profile fields in the Profile Field Manager. See the following thread for an example:
Spammers Getting Around Image Verification
Collapse
X
-
Translations provided by Google.
Wayne Luke
The Rabid Badger - a vBulletin Cloud demonstration site.
vBulletin 5 API -
There is the No Spam! addon at www.vbulletin.org. You can use that with one of the built-in Human Verification methods to have multiple questions. Also you can simply add required profile fields in the Profile Field Manager. See the following thread for an example:
http://www.vbulletin.com/forum/showthread.php?t=205214Comment
-
Just a reminder: How to Reduce Spam and Registration BotsSteve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
-
I have 5 vB forums; 2 have been getting hit really bad and could not work out why the other 3 were being left alone ... I just put it down to luck.
HOWEVER, I just worked out that I had the NoSpam! mod from vB.org installed on the 3 that were not getting hit ... I thought I had installed on all 5! ... installed it a couple of hours ago and the flood stopped instantly.Comment
-
I did a simple question and answer thing on all 3 of my forums...and the spam registrations stopped instantly. I wish people would stop posting with the inaccurate replies saying that this doesnt work and that doesnt work without giving it some time..
Obviously the simpliest question and answer protocol fixes everything instantly....for now.
so have just installed that No Spam mod, thanks for the links to it.Comment
-
I got hit with 50 or 60 new users yesterday. Usually I get 1 or 2 new users a day. Indeed many use gmail addresses, and almost all come from unique IP addresses often in China, Russia, the Ukraine or the USA.
Sometimes it's difficult to determine a real user from a spammer. The bots are starting to fill out the User Profile fields, making it look like they are real people. I spent a few hours tracking the attackers and noticed a curious thing: the computers used to register are compromised/hacked machines from all around the world.
Try a port scan for TCP port 3389 on your newly registered users. I bet dollars to donuts the port is open, and it's a compromised machine. About 90% of the time, the spammers are using Windows Terminal Server to access these compromised computers, they register on Gmail and vBulletin forums and post forum spam. They are likely using the XRumer tool to automate this process, as the tool's authors started boasting recently that they've cracked both Gmail & vBulletin's image verification methods.
Code:nmap -sS -T4 -P0 -p 3389 aaa.bbb.ccc.ddd
I implemented Moderation of all new users, so new spam doesn't hit the public. And since I already have Image Verification enabled, I added a second text-based Human Verification option as discussed in this thread. So far so good.
kellykelly's red beet factory, www.redbeet.comComment
-
It does appear that a certain spam program has released an update in the last few days that is able to decipher the image captchas of gmail, Invision, PHPBB, and vBulletin. Since gmail is broken, the script can automatically create email addresses for email verification.
The update for this program states that it hasn't broken recaptcha, though they are surely trying.
To continue to devise an image captcha, that is increasingly difficult for humans to decipher, leads to a captcha that only a computer can decipher. This is why I built the image captcha to be configurable by the end user.
If you are using the image captcha, change the fonts and the backgrounds. In your forums/images/regimage directory, you will find a fonts/ and a backgrounds/ directory. Remove all of the default fonts in the fonts directory and add a collection of your own .ttf fonts. You can get freeware fonts all over the web. Pick some that are a bit strange but still readible and stick them in the directory. The backgrounds are 201x61 jpg images. Create your own, I suggest putting some text on them, that will really confuse the script, just do it so that when the captcha text is added to it by vBulletin, it doesn't confuse your registrees. The system will automatically use the fonts and images that you add to the appropriate directories.
When using the QA system, don't create questions like these:
What is 2 + 2?
Please enter the word "brown".
The nefarious script at work here can most likely handle those questions. You must ask a question that doesn't give the answer in the question. I suspect something like "If you have three apples and eat one, how many do you have left?" would work.
Adding required fields will also no longer work. The script can handle the "required field missing" errors and resubmit with those fields filled in.Comment
-
If you are using the image captcha, change the fonts and the backgrounds. In your forums/images/regimage directory, you will find a fonts/ and a backgrounds/ directory. Remove all of the default fonts in the fonts directory and add a collection of your own .ttf fonts. You can get freeware fonts all over the web. Pick some that are a bit strange but still readible and stick them in the directory. The backgrounds are 201x61 jpg images. Create your own, I suggest putting some text on them, that will really confuse the script, just do it so that when the captcha text is added to it by vBulletin, it doesn't confuse your registrees. The system will automatically use the fonts and images that you add to the appropriate directories.Comment
-
It is not broken (yet); and once it is, surely since it's a service they will try to update reCAPTCHA to fix that.Comment
-
The update for this program states that it hasn't broken recaptchaComment
-
If vB owners change to recapctha in mass, then the script programmers will shift more resources to breaking it. I'm sure the recaptcha team can adjust it but it becomes an ongoing game.Comment
-
Same here, IP addresses are all over the world, most common locations Russia, Latvia, Mexico. I turned on new user moderation to block them from posting before I ban them, but it hasn't slowed down the registrations.Comment
-
GAWD how I wish we could delete members en masse, much the same as we can delete threads, by checking boxes, rather than one at a time.
What a PITA.Comment
-
I was getting close to 50 an hour trying to register. I enabled the reCatcha, and the secondary verification question.... not a single one since, it seems to have worked. Thanks for the info on here guys/gals.Comment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment