Crazy vBulletin SPAM

Has anyone else been getting huge amounts of vBulletin bot registrations and spam posts lately?

Apparently now reCAPTCHA is hacked and nothing is holding people back.

Aside from manual registration approval, I found a few threads that helped:

http://www.vbulletin.com/forum/showthread.php/359107-How-to-Reduce-Spam-and-Registration-Bots

http://www.vbulletin.com/forum/show...the-registration-to-prevent-bot-registrations

Adding the extra questions to profiles seemed to help a LOT compared to everything else, I would highly suggest it to anyone dealing with this...

That said, still looking for more ways to deal with this so any ideas, please share!

 

reCAPTCHA was hacked MONTHS ago
there are several ways to prevent spam, the #1 that will be suggested in the Q&A
also, you might use the search button next time...
http://forums.digitalpoint.com/showthread.php?t=590184
http://forums.digitalpoint.com/showthread.php?t=1485760
http://forums.digitalpoint.com/showthread.php?t=1003722

are just a few I found on the first page
I know there are a few long threads around as well..

 

Banning IP's and IP ranges can be effective. I get a lot of spam at my sites but most of it comes from a very small number of7 IP's. None of these IP's are in the US or western Europe.

There are lots of other techniques to use. Having a dynamically-changing signup URL is a huge deterrent to spammers because most spammers just store the URL. You can have a CRON daemon run a script daily or even more often which moves the file and updates the link so that when people click "sign up" it takes them to a different page. Most spammers just use scripts and even though it would be relatively easy for them to evade techniques like them, they'd have to write their own script to do so and it's probably not worth it for a single site.

Another technique is to write your own script that asks a math question or something else. If you write your own script, even if it's easy to hack, the point is, a spammer will then have to write their own solution, because there won't be a pre-made hack like for RECAPTCA. Each spammer has to do this individually.

I'm seeing more and more of these sorts of things..."how many letters are in the third word of this sentence?" and questions like that; you can even get creative and make them dynamically generated in tricky ways so that they are very easy for a human to do but very hard to outsmart. Better yet, generate the sentence, put it into an image, perhaps add a little visual distortion...you can write a script like that in minutes, if you're experienced, but no one is going to spend the hours necessary to intelligently hack a system like that...especially if they know their IP range is going to get banned at the first sign of spam.

Honestly though? Between CAPTCHA's and IP bans I'm totally on top of my spam problem now.

 

Brandon - Well aware of what search is for, but I was hoping for some opinion on recent stuff. Thanks for the links though.

cazort - great ideas! I have more or less gotten it under control with CAPTCHA, human verification questions like "what's the first letter of the fifth month of the year", and also banning all the major IPs slamming our server. Dynamically changing signup URL is a new one though - and I've read quite a lot on this subject over the years.

EDIT: LOL, I got an infraction for starting this thread in the wrong category? Wow someone must be really grumpy today. I've only been a law-abiding member for 6 years now. Now I'll probably get an infraction for editing my post too.

 

Should start using Q&A

 

I had the same problem a few weeks ago, the Q&A option eradicated it instantly.

 

there is a mod for it, i have installed it from vb forums

 

oh, its name is ghost anti spam by the way

 

Free KeyCAPTCHA has never been passed by any bot.
Try live demo at keycatcha.com

Available from
vbulletin.org/forum/showthread.php?t=257294

This plugin is backward-compatible for all previous versions of vBulletin

Plugins for other CMSs are available from keycaptcha.com
One can even make his own captcha from his own images with their online designer

Sorry, I can't post links

 

You should use random question mod It's your custom question so no bot could get through

 

Hey Tekime,

I'm fairly new to using vBulletin, but was having your problem as well. I know you posted this a while back, but if you're still looking for a solution I know how frustrating it can be.

I installed this mod http://www.vbulletin.org/forum/showthread.php?t=236117 and it's blocked everything thus far. It was very simple to install..just follow the instructions.
I was getting 100-200 spam accounts registered a day. Adding a question feature during the registration process is the best way to prevent them. I also started blocking the IPs that were associated with the spam accounts.

 

Most effective is to charge for membership...

 

Than why did you start a new thread when other more active ones have been around.
A quick search on google brought up even more threads and discussions
There was no reason to start a new thread, do you think forum spam is new?..hehe

Anyways, glad the links helped. Hope you got your spam problem taken care of now.

 

As mentioned in some other threads here, the stopforumspam plugin is a great tool to use if configured so it doesn't create false positives. Blocking proxy servers and Tor is also a must. It's also a good idea to block any countries which may be the source of spam but this will vary on certain forums. BlockScript is an excellent solution if you need to eliminate proxies and/or countries from accessing or registering on your forum.

Of course, the old fashioned forum moderator is the last line of defense.

 

What works for us at techadmirer.com is question and answer registration method! For example: what is is 8 + 4 ? I haven't seen a single bot so far..

 

True, however, there are several types of bots that do several different things and registering an account may not be required if your site is being scraped or your content is being stolen. Real users behind proxies will have no problem defeating a captcha or a question.

 

I had the same problem, my captcha wasn't working and subsequently my host closed my forum because of all the spam. Today I re-opened the forum after about 2 or 3 months of it being offline, and within 5 minutes I've had 4 spammy registrations. I've changed it to the question/answer verification with questions relating to my website topic. They're simple questions, but it would be a hassle for someone who doesn't know about the topic to find out.

 

Your host closed your forum because of spam? What type of spam was it? Who is your host?

The Q and A is all about preventing bots from signing up, not really human spammers.

 

I didn't check the forum for a while and I had about 10,000 signups with about 30,000 posts pretty much all spammy. The reason for the closure was that it was sending too many emails.

 

I had 4-5 spammers almost daily, and then I used Q&A instead of captcha, and I haven't had any spam yet