1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Crazy vBulletin SPAM

Discussion in 'vBulletin' started by Tekime, Feb 13, 2011.

  1. #1
    Has anyone else been getting huge amounts of vBulletin bot registrations and spam posts lately?

    Apparently now reCAPTCHA is hacked and nothing is holding people back.

    Aside from manual registration approval, I found a few threads that helped:

    http://www.vbulletin.com/forum/showthread.php/359107-How-to-Reduce-Spam-and-Registration-Bots

    http://www.vbulletin.com/forum/show...the-registration-to-prevent-bot-registrations

    Adding the extra questions to profiles seemed to help a LOT compared to everything else, I would highly suggest it to anyone dealing with this...
    SEMrush
    That said, still looking for more ways to deal with this so any ideas, please share!
     
    Tekime, Feb 13, 2011 IP
    SEMrush
  2. Brandon Sheley

    Brandon Sheley Illustrious Member

    Messages:
    9,719
    Likes Received:
    609
    Best Answers:
    2
    Trophy Points:
    420
    #2
    Brandon Sheley, Feb 15, 2011 IP
  3. cazort

    cazort Peon

    Messages:
    276
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Banning IP's and IP ranges can be effective. I get a lot of spam at my sites but most of it comes from a very small number of7 IP's. None of these IP's are in the US or western Europe.

    There are lots of other techniques to use. Having a dynamically-changing signup URL is a huge deterrent to spammers because most spammers just store the URL. You can have a CRON daemon run a script daily or even more often which moves the file and updates the link so that when people click "sign up" it takes them to a different page. Most spammers just use scripts and even though it would be relatively easy for them to evade techniques like them, they'd have to write their own script to do so and it's probably not worth it for a single site.

    Another technique is to write your own script that asks a math question or something else. If you write your own script, even if it's easy to hack, the point is, a spammer will then have to write their own solution, because there won't be a pre-made hack like for RECAPTCA. Each spammer has to do this individually.

    I'm seeing more and more of these sorts of things..."how many letters are in the third word of this sentence?" and questions like that; you can even get creative and make them dynamically generated in tricky ways so that they are very easy for a human to do but very hard to outsmart. Better yet, generate the sentence, put it into an image, perhaps add a little visual distortion...you can write a script like that in minutes, if you're experienced, but no one is going to spend the hours necessary to intelligently hack a system like that...especially if they know their IP range is going to get banned at the first sign of spam.

    Honestly though? Between CAPTCHA's and IP bans I'm totally on top of my spam problem now.
     
    cazort, Feb 17, 2011 IP
    Tekime likes this.
  4. Tekime

    Tekime Well-Known Member

    Messages:
    773
    Likes Received:
    44
    Best Answers:
    0
    Trophy Points:
    140
    Digital Goods:
    1
    #4
    Brandon - Well aware of what search is for, but I was hoping for some opinion on recent stuff. Thanks for the links though.

    cazort - great ideas! I have more or less gotten it under control with CAPTCHA, human verification questions like "what's the first letter of the fifth month of the year", and also banning all the major IPs slamming our server. Dynamically changing signup URL is a new one though - and I've read quite a lot on this subject over the years. :)

    EDIT: LOL, I got an infraction for starting this thread in the wrong category? Wow someone must be really grumpy today. I've only been a law-abiding member for 6 years now. Now I'll probably get an infraction for editing my post too. :rolleyes:
     
    Last edited: Feb 27, 2011
    Tekime, Feb 27, 2011 IP
  5. >>Oxygen<<

    >>Oxygen<< Peon

    Messages:
    29
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Should start using Q&A
     
    >>Oxygen<<, Mar 7, 2011 IP
  6. JPMiddleton

    JPMiddleton Well-Known Member

    Messages:
    1,728
    Likes Received:
    18
    Best Answers:
    0
    Trophy Points:
    115
    #6
    I had the same problem a few weeks ago, the Q&A option eradicated it instantly.
     
    JPMiddleton, Mar 10, 2011 IP
  7. Mister.Bingo

    Mister.Bingo Peon

    Messages:
    56
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #7
    there is a mod for it, i have installed it from vb forums
     
    Mister.Bingo, Mar 10, 2011 IP
  8. Mister.Bingo

    Mister.Bingo Peon

    Messages:
    56
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #8
    oh, its name is ghost anti spam by the way
     
    Mister.Bingo, Mar 10, 2011 IP
  9. AFAIK

    AFAIK Peon

    Messages:
    7
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #9
    Free KeyCAPTCHA has never been passed by any bot.
    Try live demo at keycatcha.com

    Available from
    vbulletin.org/forum/showthread.php?t=257294

    This plugin is backward-compatible for all previous versions of vBulletin

    Plugins for other CMSs are available from keycaptcha.com
    One can even make his own captcha from his own images with their online designer

    Sorry, I can't post links
     
    AFAIK, Mar 17, 2011 IP
  10. hyutars

    hyutars Member

    Messages:
    190
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    28
    #10
    You should use random question mod [​IMG] It's your custom question so no bot could get through [​IMG]
     
    hyutars, Mar 19, 2011 IP
  11. grhawkins

    grhawkins Well-Known Member

    Messages:
    74
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    106
    #11
    Hey Tekime,

    I'm fairly new to using vBulletin, but was having your problem as well. I know you posted this a while back, but if you're still looking for a solution I know how frustrating it can be.

    I installed this mod http://www.vbulletin.org/forum/showthread.php?t=236117 and it's blocked everything thus far. It was very simple to install..just follow the instructions.
    I was getting 100-200 spam accounts registered a day. Adding a question feature during the registration process is the best way to prevent them. I also started blocking the IPs that were associated with the spam accounts.
     
    grhawkins, Apr 2, 2011 IP
  12. giorgioarmani

    giorgioarmani Well-Known Member

    Messages:
    2,609
    Likes Received:
    39
    Best Answers:
    0
    Trophy Points:
    160
    #12
    Most effective is to charge for membership...
     
    giorgioarmani, Apr 2, 2011 IP
  13. Brandon Sheley

    Brandon Sheley Illustrious Member

    Messages:
    9,719
    Likes Received:
    609
    Best Answers:
    2
    Trophy Points:
    420
    #13
    Than why did you start a new thread when other more active ones have been around.
    A quick search on google brought up even more threads and discussions ;)
    There was no reason to start a new thread, do you think forum spam is new?..hehe

    Anyways, glad the links helped. Hope you got your spam problem taken care of now.
     
    Brandon Sheley, Apr 3, 2011 IP
  14. IProx

    IProx Well-Known Member

    Messages:
    1,749
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    130
    #14
    As mentioned in some other threads here, the stopforumspam plugin is a great tool to use if configured so it doesn't create false positives. Blocking proxy servers and Tor is also a must. It's also a good idea to block any countries which may be the source of spam but this will vary on certain forums. BlockScript is an excellent solution if you need to eliminate proxies and/or countries from accessing or registering on your forum.

    Of course, the old fashioned forum moderator is the last line of defense.
     
    IProx, Apr 9, 2011 IP
  15. vnairp11

    vnairp11 Well-Known Member

    Messages:
    725
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    138
    #15
    What works for us at techadmirer.com is question and answer registration method! For example: what is is 8 + 4 ? I haven't seen a single bot so far..
     
    vnairp11, Apr 9, 2011 IP
  16. IProx

    IProx Well-Known Member

    Messages:
    1,749
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    130
    #16
    True, however, there are several types of bots that do several different things and registering an account may not be required if your site is being scraped or your content is being stolen. Real users behind proxies will have no problem defeating a captcha or a question.
     
    IProx, Apr 9, 2011 IP
  17. Hecky

    Hecky Like a Dungeon Dragon!

    Messages:
    5,656
    Likes Received:
    284
    Best Answers:
    1
    Trophy Points:
    0
    #17
    I had the same problem, my captcha wasn't working and subsequently my host closed my forum because of all the spam. Today I re-opened the forum after about 2 or 3 months of it being offline, and within 5 minutes I've had 4 spammy registrations. I've changed it to the question/answer verification with questions relating to my website topic. They're simple questions, but it would be a hassle for someone who doesn't know about the topic to find out.
     
    Hecky, Apr 11, 2011 IP
  18. JPMiddleton

    JPMiddleton Well-Known Member

    Messages:
    1,728
    Likes Received:
    18
    Best Answers:
    0
    Trophy Points:
    115
    #18
    Your host closed your forum because of spam? What type of spam was it? Who is your host?

    The Q and A is all about preventing bots from signing up, not really human spammers.
     
    JPMiddleton, Apr 15, 2011 IP
  19. Hecky

    Hecky Like a Dungeon Dragon!

    Messages:
    5,656
    Likes Received:
    284
    Best Answers:
    1
    Trophy Points:
    0
    #19
    I didn't check the forum for a while and I had about 10,000 signups with about 30,000 posts pretty much all spammy. The reason for the closure was that it was sending too many emails.
     
    Hecky, Apr 15, 2011 IP
  20. ExcelFox

    ExcelFox Greenhorn

    Messages:
    56
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    16
    #20
    I had 4-5 spammers almost daily, and then I used Q&A instead of captcha, and I haven't had any spam yet
     
    ExcelFox, Apr 21, 2011 IP