bots bypassing moderation queue in 3.7.2 pl2

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • spring
    New Member
    • Jul 2005
    • 24
    • 3.0.7

    bots bypassing moderation queue in 3.7.2 pl2

    for the past 24 hours i have been dealing with bots/users bypassing the moderation queue. Some of the new users go straight to the 'users awaiting email confirmation' usergroup, while others do appear in the moderation queue. This is a sustained attack, with a new one every 20 minutes or so.

    i have re-applied the 3.7.2 pl2 upgrade, checked my logfiles on the server and made sure nobody but me has admin rights, not sure what is the cause of this, but it's a new one for me..

    is this even possible?
  • Steve Machol
    Former Customer Support Manager
    • Jul 2000
    • 154488

    #2
    That has never been the case with any version of vB I'm aware of. This may be due to an add-on. Since 3.7 is end-of-life and no longer supported, I suggest upgrading to at least 3.8.6.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    Comment

    • Project-Buckfast
      Senior Member
      • Jul 2006
      • 259
      • 4.0.0

      #3
      Try adding a custom field to the registration form. E.g 7+7 = ?
      UniteTheCows - File Sharing & Digital Media Resource

      Comment

      • spring
        New Member
        • Jul 2005
        • 24
        • 3.0.7

        #4
        yes it's happening alright, and it's a new thing in the last 72 hours - i never had this problem in years..

        example: this morning i awake to 10 emails telling me i have new members, yet only 3 of them are waiting in the moderation queue!

        could be an addon? well nothing has changed in years bar 1 addition, and that was 6+ months ago.. i will disable it and see if that makes a difference.
        [edit] - tried that - made no difference, again with the bypass just now.. will now disable all addons, despite the fact they have been in use for many years trouble-free.

        [edit 2] - disabled all addons, made no difference, still bots are bypassing the moderation queue.

        change to custom field in registration? that would make no difference - the point is all new members are supposed to be placed in the moderation queue, and this is now failing 70% of the time.

        in the HOME summary of the admin CP, it lists 'new users today' as 2 - this is at odds with not only the number of new users in the queue (3) but with the total since midnight (7).. whatever way you look at this, it's a bit odd..

        ok, upgrade to 3.8.x - this site's license has expired, and the last time i looked at upgrading to 3.8.x, there didn't appear to be an option to upgrade before 4.x, it looked like i would have to go to ver 4, which i don't want to do. i do have a license from a defunkt site for Vb which allows 3.8.x that that i am not using anymore - i will edit it's details and upgrade to it later today - i hope that is allowed.
        Last edited by spring; Wed 5 Jan '11, 3:08am.

        Comment

        • spring
          New Member
          • Jul 2005
          • 24
          • 3.0.7

          #5
          i changed from 'recaptcha' to 'image verification' in the human verification options and the flow of bots bypassing the moderation queue has stopped now.

          so, however they were doing it, it may have had something to do with this.. i changed nothing else, bar toggling the addons, which are all back as they were now.

          i misread the license status on the other licenses i own, it was actually 3.6.x one of them was entitled to, so i haven't upgraded anything past 3.7.2 pl2, and from reading the (many angry) posts about the latest upgrade policys, it's highly unlikely i will be paying for a 4.x license just to get to 3.8.x - although there is so much posted about this and so many conflicting opinions, i will have to do alot more reading yet before i make a call on it. I do hope it's possible to extend my license to allow me to move to 3.8.x eventually, i'd be very dissapointed if i was forced to ver 4.x..

          Comment

          • Steve Machol
            Former Customer Support Manager
            • Jul 2000
            • 154488

            #6
            You do not have to purchase vB4. We have a maintenance option for this circumstance:



            To access this option, log into the members area here:



            Click on the 'Upgrade/Renew' for our vB 3.x license. Choose the '3.x - 3 months Maintenance Pack' option, then click on 'Continue and follow the rest of the instructions to complete this purchase.
            Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
            Change CKEditor Colors to Match Style (for 4.1.4 and above)

            Steve Machol Photography


            Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


            Comment

            • spring
              New Member
              • Jul 2005
              • 24
              • 3.0.7

              #7
              Oh, OK, that sounds much more like a plan.. good job, i will do this, thanks Steve..

              Comment

              • spring
                New Member
                • Jul 2005
                • 24
                • 3.0.7

                #8
                OK, just to update on this - the change of HV did make a big difference, but the bots are STILL getting past the moderation queue, only at a much.much reduced rate..

                So, problem still exists.. Bots are able to bypass the moderation queue on 3.7.2 pl2

                Comment

                • Private_Ale
                  New Member
                  • Nov 2007
                  • 20
                  • 3.8.x

                  #9
                  Hi there,

                  I could be completely incorrect, but seeing how I also use the moderation queue, I do believe I can give some insight.

                  Some of the new users go straight to the 'users awaiting email confirmation' usergroup, while others do appear in the moderation queue
                  Are you using both email confirmation and moderation queue? If you are, the process goes like this:
                  User Registers >> User Actives via Email >> User gets put in Moderation Queue
                  IF you are using both, then what you are experiencing is completely normal. All it means is that the user [or bot] hasn't confirmed their email yet. If they don't confirm their email, they do not get put into the moderation queue.

                  You're also not alone, the bots have been going crazy in 2011. I'm lucky to have several spam-happy administrators on duty.

                  Comment

                  • spring
                    New Member
                    • Jul 2005
                    • 24
                    • 3.0.7

                    #10
                    Mmm.. thats an interesting thought, but i don't think it's happening for all of them.. I should elaborate a bit on saying some of them going straight to the '...awaiting' usergroup - Like this morning - 10 new users, all bots, 3 appearing in the queue, yet only 2 listed as 'new members' at the top of the admin CP, and 7 that bypassed the queue & appear as members, but *ALL* were in the 'awaiting email confirmation' usergroup.. In fact i could prune them real easy using that trait.

                    So, for the 3 queued and 7 bypassers this morning, i get an email for each saying a new member has registered, i go looking for them in the moderation queue and the 7 are not in it - it's as if someone has approved them, meanwhile 3 _were_ caught waiting to be moderated. I'm 95% that all members since i engaged the moderation queue have had to be moderated before now, so there is something new & fishy going on, maybe.

                    since changing from recaptcha to image i have had only 1 bot register in ~8 hours and it jumped the queue..

                    Also: it's entirely possible i may be loosing my mind.

                    Comment

                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...