Regarding Captcha

Discussion in 'Support & Feedback' started by sweetfunny, Nov 25, 2008.

Thread Status:
Not open for further replies.
  1. #1
    Just thought i'd mention, that Xrumer (the spam tool) is able to bypass the currently implemented captcha system so it won't prevent what happened the other day from reoccurring.

    At the moment reCAPTCHA is the only one it can't break, although that might change with the Xrumer update today. It also bypasses those maths questions, and the mass PM spam feature got "enhanced" today so there will be more of that too.

    My board got nailed with this current captcha, about 1k threads in 5 minutes

    Just a heads up, feel free to lockaroo. :)
     
    sweetfunny, Nov 25, 2008 IP
  2. sachin410

    sachin410 Illustrious Member

    Messages:
    6,422
    Likes Received:
    573
    Best Answers:
    0
    Trophy Points:
    410
    #2
    Can Xrumer bypass something like NoSpam?
     
    sachin410, Nov 25, 2008 IP
  3. sweetfunny

    sweetfunny Banned

    Messages:
    5,743
    Likes Received:
    467
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Yes, it has character recognition and math solving. Also with todays Xrumer update it has:

    Self learning, so even if the site runs an obscure captcha system it won't take much to train the tool.

    Seems pretty hard to stop.
     
    sweetfunny, Nov 25, 2008 IP
  4. sachin410

    sachin410 Illustrious Member

    Messages:
    6,422
    Likes Received:
    573
    Best Answers:
    0
    Trophy Points:
    410
    #4
    character recognition and math solving abilities aren't a problem for NoSpam.

    If the forum is using multiple questions, the spammer has to manually go and answer questions on individual forums.
     
    sachin410, Nov 25, 2008 IP
  5. sweetfunny

    sweetfunny Banned

    Messages:
    5,743
    Likes Received:
    467
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Not sure you understand, once it sees a question and answer once the character recognition knows and can then detect it and answer it every time.

    So even if you have 50 questions, it won't take long at all to teach the tool the answers to them all. Even if you have 200 questions and only teach the tool 50, at the rate it can post even getting 1 in 4 correct it will still do a ton of damage.

    NoSpam is no different to the Human Verification Manager built in to vB 3.7.X as default, see this. That was before todays update to Xrumer, which is far more advanced.
     
    sweetfunny, Nov 25, 2008 IP
  6. Stroh

    Stroh Notable Member

    Messages:
    3,482
    Likes Received:
    292
    Best Answers:
    0
    Trophy Points:
    200
    #6
    How about what is the value of pi, that way the bot will do the math and then fail cause it overworks itself trying to find the exact value of pi :D :D
     
    Stroh, Nov 25, 2008 IP
  7. Cheap SEO Services

    Cheap SEO Services <------DoFollow Backlinks

    Messages:
    16,664
    Likes Received:
    1,318
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Or.....getting it to find out what would win between a snake and a piecost!!!
     
    Cheap SEO Services, Nov 25, 2008 IP
  8. Stroh

    Stroh Notable Member

    Messages:
    3,482
    Likes Received:
    292
    Best Answers:
    0
    Trophy Points:
    200
    #8
    lol that'd do it for sure :D

    Or who has the most goats on Digital Point :rolleyes:
     
    Stroh, Nov 25, 2008 IP
  9. sweetfunny

    sweetfunny Banned

    Messages:
    5,743
    Likes Received:
    467
    Best Answers:
    0
    Trophy Points:
    0
    #9
    Ok i'll bight, what's a pie... Nah just joking. :D
     
    sweetfunny, Nov 25, 2008 IP
    deluxdon likes this.
  10. Cheap SEO Services

    Cheap SEO Services <------DoFollow Backlinks

    Messages:
    16,664
    Likes Received:
    1,318
    Best Answers:
    0
    Trophy Points:
    0
    #10
    That's too easy...the answer is Buffalo!!!
     
    Cheap SEO Services, Nov 25, 2008 IP
    deluxdon likes this.
  11. gemini181

    gemini181 Well-Known Member

    Messages:
    2,883
    Likes Received:
    134
    Best Answers:
    0
    Trophy Points:
    155
    #11
    Was your board also, VB?

    ~1 month ago there was a fascinating thread on http://community.mybboard.net/ about the newer versions of VB being overly prone to spam, while the free MyBB is not.
    They linked to a thread on the VB forums which had people talking about all the recent attacks.

    The mods at MyBB ended up closing the thread to be 'respectful' to VB. :)

    ## Is it possible that the current versions of VB are overly exposed to spam attacks, (YES), and a free alternative is better? (Maybe) :D
     
    gemini181, Nov 25, 2008 IP
  12. sweetfunny

    sweetfunny Banned

    Messages:
    5,743
    Likes Received:
    467
    Best Answers:
    0
    Trophy Points:
    0
    #12
    I think it's more to do with target audience, the amount of vB pages on the net compared to MyBB is likely to be 1,000s to 1.

    The registration, and thread creation process are similar with both boards so Xrumer will spam to one just as well as the other. It's just spammers run queries like "niche + Powered by vBulletin" because it's a popular software that will pull a lot of results.
     
    sweetfunny, Nov 25, 2008 IP
  13. Stroh

    Stroh Notable Member

    Messages:
    3,482
    Likes Received:
    292
    Best Answers:
    0
    Trophy Points:
    200
    #13
    Not in the slightest, I bet you can use some of the exploits from an older version of vBulletin on MyBB, remember who copied who ;)
     
    Stroh, Nov 25, 2008 IP
  14. Dehisce

    Dehisce Peon

    Messages:
    234
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #14
    Get rid of the captcha images plz

    They are highly annoying
    Don't protect from spam
    And you need to refresh it a million times to read the dam thing, almost
    Almost highly unfair on the visually impaired
     
    Dehisce, Nov 26, 2008 IP
Thread Status:
Not open for further replies.