Bots and clones,spammers etc..

**Wayne Luke** · Sat 31 May '08, 6:05am

Switch to a different human verification system.

Make sure that email validation is on.

Sign up and use the Akismet integration included in the software.

**chrisrixon** · Sat 31 May '08, 9:43am

Is vbulletin looking into this?

Prior to 3.7 no bots. Now lots of bots. A lot of people think 3.7 is vulnerable

Quite a few posters here are fairly sure its an exploit in 3.7

Spam bots defeat Recaptcha. - vBulletin Community Forum

http://www.vbulletin.com/forum/showthread.php?t=272439

**Wayne Luke** · Sat 31 May '08, 9:48am

We haven't seen an increase in spam on this site. There are attempts quite often. Usually only a few posts get through a day and they are handled. The rest are either stopped at registration or through Akisment post scanning.

If there were a vulnerability, this would increase activity on this site as well as it is in no way immune.

Chrisixon, looking at the site linked to your forum account you are still using vBulletin 3.5.0 with simple font GD image verification. This was deprecated in 3.6.4 and completely removed in 3.7.0 due to its ineffectiveness at stopping spambots. You will need to upgrade to 3.7.0 to take advantage of the new Human Verification features that are a lot more effective.

**chrisrixon** · Sat 31 May '08, 10:44am

>We haven't seen an increase in spam on this site. There are attempts quite often.

Well if I was a spammer and bot writer I wouldn't spam this site

>Chrisixon, looking at the site linked to your forum account you are still using vBulletin 3.5.0

We have two licenses, the 2nd is running 3.7.0

>with simple font GD image verification. This was deprecated in 3.6.4 and completely removed in 3.7.0 due to its ineffectiveness at stopping spambots. You will need to upgrade to 3.7.0 to take advantage of the new Human Verification features that are a lot more effective.

The 3.5 forum isn't being attacked

We only got attacked when we upgraded 3.6 to 3.7

People have done measurements making it look like the verification is being sidestepped:

Spam bots defeat Recaptcha. - vBulletin Community Forum

http://www.vbulletin.com/forum/showthread.php?t=272439

I think you need to take this more seriously, this site is not a good indication!

Thanks.

**Steve Machol** · Sat 31 May '08, 4:28pm

The spam controls - if you use them - are significantly stronger in 3.7 than 3.5 or 3.6.

The link talks about ReCaptcha which is a third-party program that we do not control and is one of 3 separate verification options you can use. Personally I use vB's built-in Image Verification.

**chrisrixon** · Sun 1 Jun '08, 12:46am

So you're completely confident there isn't a new exploit introduced in 3.7 ?

Have you seen this post:

Spam bots defeat Recaptcha. - vBulletin Community Forum

http://www.vbulletin.com/forum/showpost.php?p=1568546&postcount=54

I have the Recaptcha system set up and also use the ISBot mod, in the last week I have had 14 spam bots seed the forum member list. these are the last 2 : beijmanli Email Address : [email protected] Birthday : January 1, 1980 Referrer: N/A IP Address: 58.17.147.112 KaiyureBoy Email Address : vbulletinboy@gmail

"Please note that this is really everything they did from the server point of view. The remarkable thing is: there was not a single image loaded, no javascript, no nothing besides the scripts. The bots seem to get directly to the vb-scripts and register the bot-user."

That plus the fact that many many users are saying 3.7 is being spammed where 3.6 wasn't would seem worthy of investigation

In the 3.7.1 announcment you said: "we have been busy squashing the inevitable collection of bugs that get reported after large numbers of customers deploy a new major version to their servers"

It seems very possible that a bug has crept into the human verification code especially as it went such a major overhaul.

Please can you address these points rather than trotting out how great you think 3.7 is ?

**Vtec44** · Sun 1 Jun '08, 1:01am

Maybe it's not a bug, http://people.oii.ox.ac.uk/z/2007/11...olve-captchas/.

Also, read the comment on that post. doh!

**chrisrixon** · Sun 1 Jun '08, 2:16am

Originally posted by Vtec44

Maybe it's not a bug

Did you read the quote in my post: "The remarkable thing is: there was not a single image loaded"

Also I changed to question and answer and it made no difference.

**Steve Machol** · Sun 1 Jun '08, 9:09am

Originally posted by chrisrixon

So you're completely confident there isn't a new exploit introduced in 3.7 ?

Have you seen this post:

Spam bots defeat Recaptcha. - vBulletin Community Forum

http://www.vbulletin.com/forum/showpost.php?p=1568546&postcount=54

I have the Recaptcha system set up and also use the ISBot mod, in the last week I have had 14 spam bots seed the forum member list. these are the last 2 : beijmanli Email Address : [email protected] Birthday : January 1, 1980 Referrer: N/A IP Address: 58.17.147.112 KaiyureBoy Email Address : vbulletinboy@gmail

"Please note that this is really everything they did from the server point of view. The remarkable thing is: there was not a single image loaded, no javascript, no nothing besides the scripts. The bots seem to get directly to the vb-scripts and register the bot-user."

That plus the fact that many many users are saying 3.7 is being spammed where 3.6 wasn't would seem worthy of investigation

In the 3.7.1 announcment you said: "we have been busy squashing the inevitable collection of bugs that get reported after large numbers of customers deploy a new major version to their servers"

It seems very possible that a bug has crept into the human verification code especially as it went such a major overhaul.

Please can you address these points rather than trotting out how great you think 3.7 is ?

If you want to post a bug report, then please do so. I won't stop you.

**Vtec44** · Sun 1 Jun '08, 10:05am

Originally posted by chrisrixon

Did you read the quote in my post: "The remarkable thing is: there was not a single image loaded"

Maybe you missed the title of that thread, but it's "reCaptcha". As Steve pointed out, that's not vB's product.

I'm using vB's builtin captcha, no spam since I upgraded to 3.5.x to 3.7. We used to get at least 10 spams account per day, now 0.

**chrisrixon** · Sun 1 Jun '08, 10:18am

You already posted you have no spam. Good for you. Perhaps they haven't got you on their list.

The point is lots of boards are being spammed. I have been using vB's builtin captcha in fact. The question is are they using humans to bypass it or is it an exploit ...

Bots and clones,spammers etc..

Bots and clones,spammers etc..

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment