I totally blame this on software like Xrumer or whatever new crapware is coming out helping these spammers spam en masse without regard for the forum alerting to them it is profitable to be low lives instead of trying to find a real job that pays them for an honest days work.

I would never complain without offering a solution to this problem and I have searched and searched and no one seems to be able to effectuate this very simple solution that I already have implemented to a certain degree; I need help finishing this off for all Vbulletin owners.

For about a year or so I have added into my registration process a question, in my case, "WHAT YEAR DID YOU START DOING XYZ?"

I've seen some websites ask, WHAT IS 12 + 13 = ?

Or what is the capital of Russia = ?

And based on the answer webasmters can easily tell if this registrant is a bot or human.

In my case, spam bots ALWAYS answer by repeating their NICKNAME instead of a year.

So the only recourse I could take based on this question being incorrect was to go into my SQL and sort them by those who do not answer with a year. The first time I did a mass pruning of these low lives through my SQL I simply zeroed in on them, and deleted the entire row of their USER entry. This seemed to do the trick except, I did not realize by deleting user 84888 would move user 84889 into its place, totally screwing with the "GOOD" members posts, and creating a big big problem. Of course this was the wrong way to go about it.

And mass pruning just simply does not do the trick, please don't suggest it either.

All I ask, which has been asked before and no one stood up to write something to finish this off, is that someone recommend simply that this CUSTOM USER FIELD with the question of WHAT YEAR DID YOU START be in a column during the List Users Awaiting Moderation page where we all can ACCEPT, DENY, or IGNORE new registrants.

I GUARANTEE you this will all but eliminate the SPAM BOT problem by allowing we honest webmasters to see before these fraudsters can join who answers this field as a human or a bot. I've tried to peek into the PHP and this type of programming is beyond me... trust me I have tried.

I'm not mad at vbulletin or anything, I love this software, I just can't put up with these spam bots a single more day. It's taking over my forum despite all the CAPTCHA mods and other preventative measures offered both here and on vbulletin.com.


So to sum up: How can we add a CUSTOM USER FIELD column to the USERS AWAITING MODERATION page, where we see USER NAME, EMAIL, IP ADDRESS already.

Thank you for your help.

-Mike

I read your post and I see what you're asking for. I don't have an answer, but I just want to point out that using "question and answer" human verification with a few simple questions (like you suggested) instead of using reCAPTCHA seems to be working for most people. I know on our site we use that and we get 5-10 spammer registrations a day (almost all putting links in their profile as opposed to posting spam), and I'm convinced that they're all humans. I came to that conclusion because I logged all responses to the questions for a few days and I saw no sign of random guessing or anything like that.

Anyway, just FYI.

I have no spam problem at all. Thousands try, none succeed. And completely without any need for me to moderate it.

I merely make the answer the same as the question in the Q&A, making the question a LONG instruction to copy and paste the question into the answer box. There are three of these, all worded differently but are the same thing.

Bots cannot read, comprehend instructions or copy and paste. Their registration fails.

Why would you need anything other than this? Why do you want to do all the busy work of moderating new registrations?

Thanks KH99 and Max I appreciate your help.

I wish I had no spam or as little spam as you guys received, we just seem like we're marked for SPAM like Steven Segal was "Marked for Death"

Ok, so, let me do what you guys suggested before making any modifications.


I always enjoyed moderating users one by one until I started getting 100's of new registrations each day, 90% or more being bots, checking one by one became a monotonous task.

Then I looked in the Whos Online, and leaving spiders out, I would see dozens of "guests" and registered users all in the same IP range like, 220.3.139.X - X being 1-999, and when I blocked them via Htaccess, my server load went down tremendously and in a few days the spammers caught on and switched up the IPs they used and it continued.

Not exactly what Im asking of here in my original post, but it goes to the heart of the matter, someone has zeroed in on my forum to be a spammers paradise and Im just trying to fight back whatever way I can.

The common denominator for all these spammers turned out being that they would join, and whatever software they are using is very good, bypassing every single type of CAPTCHA method I employ, except for not expecting this extra user field I require at sign up that requires a date, instead, they simply repeat their Nickname which is some crap like XjhiaDADHJAS, total gibberish, in the YEAR STARTED field. So its just the easiest way I can tell that someone that is not a human being at a computer trying to register. What you recommend cuts them off before it even gets to that step, which is even better! I agree.

So, even though some Vbul Webmasters ask for a question that needs to be uniform for someone to join i.e., 2+2 always equals 4, my question allows for many different answers like 2002, 2003, and so on, so it is not a uniform answer that is a yes no result blocking their entry, rather, its for me to see after they have tried to join if its a bot or a human that took the 2 seconds to say, i started in this year which also serves a dual purpose in the members' socializing with other members during their time on our site.



So Max, let me ask you. What setting within the Admincp would block someone from joining if the answer to your question(s) is incorrect? How is this effectuated because I will abandon the way I am doing it and adopt yours if it really works that well. I swear on everything holy these people are using bots, which in turn use hundreds of proxy ip's that make it all but impossible for me (one human) to block them one by one; you seem to have the right way to do it.

Thanks a bunch.

Since we went to just Q&A (with a couple of questions that are very specific to the site), we get maybe 1 successful spam registration a month - before, we were getting about 5-10 a week. I also use Calorie's Is Bot mod which when I first installed it was catching 90 bots a day (have no idea how many now since I removed the feature that sends an email everytime it catches a bot).

edit: Wow, I turned back on the emails and got 20 about users that were stopped in the last 3 hours! I'm turning it back off. :/

So Max, let me ask you. What setting within the Admincp would block someone from joining if the answer to your question(s) is incorrect? How is this effectuated because I will abandon the way I am doing it and adopt yours if it really works that well. I swear on everything holy these people are using bots, which in turn use hundreds of proxy ip's that make it all but impossible for me (one human) to block them one by one; you seem to have the right way to do it.

Thanks a bunch.I must confess I have another tool I am using which really does most of the bot stoppage (https://vborg.vbsupport.ru/showpost.php?p=2224715&postcount=14) - I do not allow IE6 and older to view the site. This is because most of the bots are IE6 or older computers that are compromised and are now zombie computers in botnets.

However, in your human verification settings you choose which actions must be verified before they are allowed to proceed. (See Attachment)

Not sure how it is your human verified actions when not passed still allow you to moderate them. That's another setting I suppose. (You probably have "Moderate New Members" set to "yes" in User Registration Options - I do not.)

I also have an extensive list of known bad IP ranges installed in my .htaccess file which are blocked there. They get an error page when they visit. In addition, I have the Proxy Blocking hack (https://vborg.vbsupport.ru/showthread.php?t=242357) installed, (set to allow browsing but not registering by proxy users) I have found these in combination stop most of the human spammers.

There's really not one "magic bullet" for this, it's a combination of bullets in multiple guns you need.

Again, I know for sure I get thousands of spambot registry attempts per month, none ever make it through. Occasionally, once or twice a month, a human spammer does get in. He is very limited on what he can do by a couple of other good hacks such as, advanced permissions based on post count, signature based on post count, etc. BirdOPrey5 (https://vborg.vbsupport.ru/member.php?u=258922) has several really good hacks he's released, for limiting the damage a newly registered human spammer can do. (Including keeping them from using the private message system until they reach a preset post count.)

It all depends on how much you want to install in order to block spam.

Here's a short example of what you need in .htaccess to block IP ranges:

<Limit GET HEAD POST>
order allow,deny
# Country: CHINA
# ISO Code: CN
# Total Networks: 3,414
# Total Subnets: 331,630,848
deny from 1.0.1.0/24
deny from 1.0.2.0/23
deny from 1.0.8.0/21
deny from 1.0.32.0/19
deny from 1.1.0.0/24
deny from 1.1.2.0/23
deny from 1.1.4.0/22
deny from 1.1.8.0/21
deny from 1.1.16.0/20
deny from 1.1.32.0/19
deny from 1.2.0.0/23
deny from 1.2.2.0/24
deny from 1.2.4.0/22
deny from 1.2.8.0/21
deny from 1.2.16.0/20
deny from 1.2.32.0/19
deny from 1.2.64.0/18
deny from 1.3.0.0/16
deny from 1.4.1.0/24
and so on
and so on
and then

allow from all
</Limit>I have literally millions of IP ranges from known bad sources blocked, this short list is for example only.

I realize I am pretty militant on this, but the results speak volumes. I am committed to a spam free board, with as little effort on my part and on the part of my volunteer moderators as possible. You either are serious about blocking the garbage, or you are not in my view.

Good luck, please keep us posted on what you do and how it works. There's always more to learn out here.

I've just come across Xrumer since we've been attacked for the last few days...

What I'm noticing is that the idiot spam bot master is inserting the same sequence of strings in certain fields each and every time, which makes it so simple to identify the spam bot registrations.

In our specific case, the spambot master is inserting the email address into our telephone number field - under no other circumstance has anyone else ever done this, nor should they (given it's supposed to be only digits in a tel number - or certainly at least there should never be an '@' symbol in a telephone number), so to identify spambot registrations it's as easy as searching for '@' in the specific field and then updating the usergroupid to the id of the banned usergroup for any user that meets that criteria on registration.

I've written a very simple plugin to do this, I couldn't see anything that is sophisticated enough to do what I needed to do (ironically it's a very simple thing that needs to be done, but of course from one botnet master to another the way that they choose to complete a registration form will differ, so this is only a 'hack' really short of someone writing a more complete plugin which includes customizable fields=>strings to search on). The closest I saw was this:

https://vborg.vbsupport.ru/showthread.php?t=239307&highlight=xrumer

which works by searching for the existence of certain email addresses and/or IP addresses (and maybe one other criteria) in a registration and blocks them when it finds them, but it doesn't allow for the kind of custom search that I (or generally anyone else that is attacked by Xrumer will) need to perform in order to adequately defend against the attack.

I appreciate this thread is over a year old, but it seemed to be the most suitable thread relating to Xrumer attacks I could find, maybe this will help someone else... this is the plugin code (read 'hack'! :p) that I wrote:


/*
hook location: register_addmember_complete
After a user has subscribed, check to see if a certain string is in one of the custom fields
and ban the user if it is.

The reason for this is that Xrumer (automated bot registration application) attacks often use
the same sequence of characters in certain sign up fields that are pretty much guaranteed to be
unique just to bot signups, so by searching for these strings we can ban them before they can
create any spam posts.

*/

// Email of admin to send notification to (leave empty to not send email):
$admin_email="foo@bar.com";

// Usergroup ID of banned user group:
$bangroupid=16;

// array of fields=>strings to search for:
$fields=array(
// idiot spambot always puts email addresses in the telephone field...
"field14"=>"@",
);

// this sql does what we want the plugin to do, basically ban any user with an @ in field 14:
// update user set usergroupid=16 where userid in (select userid from userfield where field14 like "%@%");

// something like this the sql needs to look like:
// update user set usergroupid=$bangroupid where userid in (select userid from userfield where field14 like "%@%" and userid=$userid)";
$sql="UPDATE user SET usergroupid=$bangroupid WHERE userid IN (SELECT userid FROM userfield WHERE (";

$parts=array();
foreach($fields as $fieldname => $regexp){
$parts[]="$fieldname LIKE \"%$regexp%\"";
}
// join up all the sql 'WHERE' clauses with an 'OR' operator:
$sql.=join($parts, " OR ").") AND userid=$userid)";
// *MUST ADMIT i DIDN'T TEST THIS!!! CAREFUL IF YOU USE MORE THAN ONE SEARCH CLAUSE!*

$rc=$db->query_write($sql);

// if we 'hit' a spammer, report it via email:
if( $db->affected_rows()==1 && isset($admin_email) && !empty($admin_email) ){
$message="The following user was banned by the Bot Registration Banning plugin:\n\n";
$message.="Username: $username\n";
// CHANGE THIS:
$message.="Admin Panel: http://path.to.your.forum.com/board/admincp/user.php?do=edit&u=$userid";
vbmail($admin_email, "Bot registrant banned on TGT", $message, true);
}


To use it you need to add a new plugin in the admin panel, set it to hook into the register_addmember_complete hook location (on the 'add plugin' page), obviously set it active and then modify the config variables $admin_email and $bangroupid. If you leave admin email empty it just won't send out any emails (I think?). The bangroupid can be found by looking at the usergroup.php page and seeing what the numeric ID is of your banned user group.

The path to your forum also needs changing in the code if you want to receive notification emails when it bans anyone.

Re the logic of the code itself... hopefully it's fairly self explanatory but it WILL no doubt need changing for your own forum and I can't really explain how you do that, it all depends on what common factor the Xrumer botmaster uses in his attack against your forum, all I can say is to check your bot registrations, look for a common pattern/string that's used consistently and then modify the code to search for that pattern. I can try and help but really the only way is to have direct access to your forum db to check it/test it.

Anyway... HTH. :)

PS the code is working on our VB4 board (sorry for posting in the vb3 board but like I say above this seems to be the place where xrumer is discussed most (maybe the thread can be moved?) and if I'm honest I don't really want to maintain this code... it's really just a quick 'hack' after all and if it were to be published properly it should really have a configuration screen where you can customize what strings to grep for etc)... anyway it should work OK on vb 3 and 5 as well.

If anyone wants to modify it and turn it into a 'proper' plugin with a decent config screen etc then that is fine with props.

Cheers.

I've just come across Xrumer since we've been attacked for the last few days...Wow, it's been so long since I posted in this thread, much has changed.

Get this modification (https://vborg.vbsupport.ru/showthread.php?t=289463), and end all autospam immediately. It's up for Mod of the Month, really works great. It uses the SPEED of the bots against them. 100% reliable and fool proof, and also won't ever be defeated, since the whole point of bots is speed, and load time is a variable they can't program.

I was beta testing this for about a year before the release, it's never failed and has never interfered with a human. I've since uninstalled or disabled all of my other anti-spam tools.

Cheers, have installed that now, belt and braces and all that (in fact that bot blocker acts before my hack does... ho hum).

Interesting though - the Xrumer software must have been manually programmed to automatically answer all of our human verification questions because since I've enabled the bot blocker plugin to block any registrations that take less than 15 seconds, it has been working (ie the bot is answering our HV questions so must be programmed since the questions are impossible to answer by a bot (well, ours are anyway due to the way they are worded in colloquialism and such that a bot would be unable to answer)).

Well... that or the HV system has a hole in it. ;)

Cheers, have installed that now, belt and braces and all that (in fact that bot blocker acts before my hack does... ho hum).

Interesting though - the Xrumer software must have been manually programmed to automatically answer all of our human verification questions because since I've enabled the bot blocker plugin to block any registrations that take less than 15 seconds, it has been working (ie the bot is answering our HV questions so must be programmed since the questions are impossible to answer by a bot (well, ours are anyway due to the way they are worded in colloquialism and such that a bot would be unable to answer)).

Well... that or the HV system has a hole in it. ;)I have tested the latest version of XRumer, and saw no settings for the Q and A test. They say it's done by "averaging" whatever that is, the same way they defeat the CAPTCHAs. However, it is worth noting that before I used the time based test, my Q&A was always long worded instruction to copy/paste the question into the answer box. No bots ever got past that, since they cannot copy/paste.

Of course now that I have the time based test, I don't use any or the other human verification options. They're obsolete now.

NOTE: Please be sure to vote for "Spammers Suck" as mod of the month, here: https://vborg.vbsupport.ru/showthread.php?t=289983

I'm not convinced, I reckon they must have added some functionality because our HV questions are quite obscure things like:

what number is green on a roulette wheel?

Which I can't believe a bot would be able to answer without being programmed... there are other questions as well that are equally as 'confusing' for a bot (how many legs does a cow have with one leg short comes to mind hehe :)).

I'm not convinced, I reckon they must have added some functionality because our HV questions are quite obscure things like:

what number is green on a roulette wheel?

Which I can't believe a bot would be able to answer without being programmed... there are other questions as well that are equally as 'confusing' for a bot (how many legs does a cow have with one leg short comes to mind hehe :)).And yet somehow, they were getting through.

That's all over now, however.

Get this modification (https://vborg.vbsupport.ru/showthread.php?t=289463), and end all autospam immediately. It's up for Mod of the Month, really works great. It uses the SPEED of the bots against them. 100% reliable and fool proof, and also won't ever be defeated, since the whole point of bots is speed, and load time is a variable they can't program.
I installed this a few hours ago and am very happy. The bot accounts were coming in fast and furious, despite a pool of 10 topic-specific questions. I had to resort to manually moderating every new account in an attempt to weed out the spam before giving them access.

I enabled the email function so I can get a feeling of how it is working, and it has denied access to 42 attempts in 5 hours. I might turn off new member moderation.

The bot accounts were coming in fast and furious, despite a pool of 10 topic-specific questions.

I'm glad you got it worked out, but I have a question for you: when you go to the admicp options, under Human Verification Options, did you have the "Register" box checked?

I'm not convinced, I reckon they must have added some functionality because our HV questions are quite obscure things like:

what number is green on a roulette wheel?

Which I can't believe a bot would be able to answer without being programmed... there are other questions as well that are equally as 'confusing' for a bot (how many legs does a cow have with one leg short comes to mind hehe :)).

A bot can't answer but a spamming program can try the 100 most popular Q&A answers and I'm sure 2 is a super common answer.

Avoid answers that are:
Any number under 20
Any basic color
etc...

I'm glad you got it worked out, but I have a question for you: when you go to the admicp options, under Human Verification Options, did you have the "Register" box checked?

Yes, I have Register, Contact Us, and Recover Lost Password checked.

In the past 20 hours, there have been 135 blocked attempts. The majority of the times are still below 2 seconds, but a couple were edging up towards the 15-second mark.

This morning, I increased the time difference to 30 seconds. A few minutes ago, one blocked attempt had a time difference of 16 seconds:

A registration was prevented by bot blocker; visitor information below.

Time Difference: 16 second(s)

Username: mastermindabacus
Email: mastermindabacus@live.com
IP: 117.196.217.118
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML,
like Gecko) Chrome/23.0.1271.64 Safari/537.11

I hope some of the bots are not catching on and intentionally adding a delay to the process in an attempt to get past the time limit. Am I giving them/it too much credit?

As much as I like the email notices, I am going to see if I can modify the code to add a PHP function that writes the information to a log file. I have never programmed in PHP, but I used to be good at C several decades ago.

Yes, I have Register, Contact Us, and Recover Lost Password checked.

In the past 20 hours, there have been 135 blocked attempts. The majority of the times are still below 2 seconds, but a couple were edging up towards the 15-second mark.

This morning, I increased the time difference to 30 seconds. A few minutes ago, one blocked attempt had a time difference of 16 seconds:



I hope some of the bots are not catching on and intentionally adding a delay to the process in an attempt to get past the time limit. Am I giving them/it too much credit?

As much as I like the email notices, I am going to see if I can modify the code to add a PHP function that writes the information to a log file. I have never programmed in PHP, but I used to be good at C several decades ago.The entire point of using bots is speed. I would be a little surprised if botnet admins started programming long delays between filling out the form and clicking submit. It sort of defeats the purpose of using bots.

It would have to be a pretty long delay - page load times are a factor in this, and sometimes with some of the really bad proxies these bots are on, page load time can be really slow. Add to that, there is no way for the botnet admin to determine what your time differential setting is.

I'll be curious to see if your 30 second setting catches any humans, I fear it might. Please update us with that. Increasing the time is far preferable to reducing it - reducing it only helps the bots.

The entire point of using bots is speed. I would be a little surprised if botnet admins started programming long delays between filling out the form and clicking submit. It sort of defeats the purpose of using bots.

Agreed. After posting, I realized that we are likely being hammered by armies of bots instead of one persistent bot, so the likelihood that one would be determined is probably small.

It would have to be a pretty long delay - page load times are a factor in this, and sometimes with some of the really bad proxies these bots are on, page load time can be really slow. Add to that, there is no way for the botnet admin to determine what your time differential setting is.

Perhaps not a bot, but a frustrated person not paid by the hour might take a keen interest in probing the defenses. However, as stated earlier, time is money and we are but one of millions of potential victims.

I'll be curious to see if your 30 second setting catches any humans, I fear it might. Please update us with that. Increasing the time is far preferable to reducing it - reducing it only helps the bots.

I'll likely adjust the time downward when I see more reporting times. As with any countermeasure, there must be a balance between preventing an unwanted event and not allowing a wanted event. Unfortunately, it is unlikely that I will know if a human was denied registration (unless they use the "Contact Us" process to complain), but I will certainly know if the bots breach the walls.

Agreed. After posting, I realized that we are likely being hammered by armies of bots instead of one persistent bot, so the likelihood that one would be determined is probably small.



Perhaps not a bot, but a frustrated person not paid by the hour might take a keen interest in probing the defenses. However, as stated earlier, time is money and we are but one of millions of potential victims.



I'll likely adjust the time downward when I see more reporting times. As with any countermeasure, there must be a balance between preventing an unwanted event and not allowing a wanted event. Unfortunately, it is unlikely that I will know if a human was denied registration (unless they use the "Contact Us" process to complain), but I will certainly know if the bots breach the walls.This can be determined by looking at the bot reports, you can usually tell by the username choice and the email address used if it's spammy... Or a human.

I have no doubt that as the time based test becomes more popular, botnet admins and botnet software designers will try to do a workaround. Problem is, they won't be all that aware of all the variables involved. Your individual setting, variable page load times - they would almost have to program in a 60 second delay in their bots, REALLY going against the whole reason to use bots to start with.

It will be interesting to see what the response is, if their ever is one. Spam fighting is a constant and ever changing war, heh.

The entire point of using bots is speed. I would be a little surprised if botnet admins started programming long delays between filling out the form and clicking submit. It sort of defeats the purpose of using bots.

I disagree. The point of using bots is automation.

You set the bot to run and you go one about your day. Whether it takes 5 minutes or 5 hours is of no real concern to the person spamming links across forums.

Yes it will take longer when the bots start adapting, but they will because there is still much money to be made with spamming links.

While the time-lock method is a good method it is still going to be better to have some sort of captcha type challenge easy for humans but impossible for bots, long term, IMO.

That said no reason not to install the bot-time-check for now.

- My 2 cents.

I disagree. The point of using bots is automation.

You set the bot to run and you go one about your day. Whether it takes 5 minutes or 5 hours is of no real concern to the person spamming links across forums.

Yes it will take longer when the bots start adapting, but they will because there is still much money to be made with spamming links.

While the time-lock method is a good method it is still going to be better to have some sort of captcha type challenge easy for humans but impossible for bots, long term, IMO.

That said no reason not to install the bot-time-check for now.

- My 2 cents.And of which, slower bots mean less money, long term.

The time test is just another arrow in the quiver.

I have no doubt that as the time based test becomes more popular, botnet admins and botnet software designers will try to do a workaround. Problem is, they won't be all that aware of all the variables involved. Your individual setting, variable page load times - they would almost have to program in a 60 second delay in their bots. Multiply that times let's say, 10,000 bots in a botnet and that is ALOT of lost minutes.

I disagree. The point of using bots is automation.

It's speed and automation. If they have to wait 15 seconds per account, that's 4 per minute, 240 per hour. That sounds like a lot, but these guys are trying to reach thousands of forums. So it does slow it down a bit. Not enough to stop them though. They can probably just run more instances.

I am still getting spam this morning and have timer set to 18 seconds.

It's speed and automation. If they have to wait 15 seconds per account, that's 4 per minute, 240 per hour. That sounds like a lot, but these guys are trying to reach thousands of forums. So it does slow it down a bit. Not enough to stop them though. They can probably just run more instances.

I am still getting spam this morning and have timer set to 18 seconds.Human spammers are going to pass the time test. This is why you still need other tests.

There's not alot that can be done about humans spamming.

--------------- Added 1353515210 at 1353515210 ---------------

For those getting spam hammered have you tried blocking known spam user agents?

This Mod by Simon Lloyd is handy for that, (https://vborg.vbsupport.ru/showthread.php?t=264932) can cut spam both automated and human, drastically. Chiefly, put early versions of MSIE into the list... versions 2-6 especially. You'll be surprised how much it helps.

The thread contains lists of blocked user agents myself and others provided.

Yet another arrow in the quiver too...

This is not spam lol.

why not use a free account at CloudFlare.

my host pointed me to them, i can see counties, IP's and its linked to a few sites where you can click on their information and it shows you what sites they have been spamming and what it is they are dropping on there.

im down to approximately 2 per day from a few hundred when i first migrated to the site.

have not implemented anything other than question/answer and CloudFlare.

that to me tells me that the 2 - 3 that get through are actually human.

This is not spam lol.

why not use a free account at CloudFlare.

my host pointed me to them, i can see counties, IP's and its linked to a few sites where you can click on their information and it shows you what sites they have been spamming and what it is they are dropping on there.

im down to approximately 2 per day from a few hundred when i first migrated to the site.

have not implemented anything other than question/answer and CloudFlare.

that to me tells me that the 2 - 3 that get through are actually human.I used CF for about a year. Downtime was a recurring issue with it, so I discarded it. It made no difference at all for spam on my site, due to the tests I already had. It also didn't really help my speed much, wasn't doing anything, really.

What will stun you is, when you install the time based test we're talking about (https://vborg.vbsupport.ru/showthread.php?t=289463), just how many autospam bots that it will catch and report, even though you're on CF.

Be amazed.

It's speed and automation. If they have to wait 15 seconds per account, that's 4 per minute, 240 per hour. That sounds like a lot, but these guys are trying to reach thousands of forums. So it does slow it down a bit. Not enough to stop them though. They can probably just run more instances.

I am still getting spam this morning and have timer set to 18 seconds.

You're assuming the software waits for one forum to finish before moving on to another. There is no logical reason they couldn't hit 100 forums at once and even if they wait 30 seconds, that is 100 forums * 2 a minute * 60 minutes = 1200 an hour. Slowing down the time it takes to register is a trivial change that will have a negligible impact in the long run.

You're assuming the software waits for one forum to finish before moving on to another. There is no logical reason they couldn't hit 100 forums at once and even if they wait 30 seconds, that is 100 forums * 2 a minute * 60 minutes = 1200 an hour. Slowing down the time it takes to register is a trivial change that will have a negligible impact in the long run.This is all assuming they will track their failures and take the time to determine the source of the failure. Figuring out it's time based is the first challenge. Then figuring out what delay to set is the other. Variables there include page load time, and the setting of the timeout for each individual site. They would almost have to program a 60 second delay between the time the registration form loads, and clicking "submit," to bypass all those variables.


They don't know your time setting and..
They don't and can't know what kind of pageload times they're going to see.

I have no doubt that as the time based test becomes more popular, botnet admins and botnet software designers will try to do a workaround. Problem is, they won't be all that aware of all the variables involved. Your individual setting, variable page load times - they would almost have to program in a 60 second delay in their bots. Multiply that times let's say, 10,000 bots in a botnet and that is ALOT of lost minutes. And time IS money for these creeps.

What "All variables" though? As you just said a 60 second delay would completely defeat the time checks, every time.

So they program a 60 second delay- It still doesn't stop anything in the long run because you are attacking forums in parallel, not in series.

Really the only way this mod is a long term solution is if it doesn't become popular.

What "All variables" though? As you just said a 60 second delay would completely defeat the time checks, every time.

So they program a 60 second delay- It still doesn't stop anything in the long run because you are attacking forums in parallel, not in series.

Really the only way this mod is a long term solution is if it doesn't become popular.Let's find out!

It's still a 60 second delay each time, for each board - whether they have the time check or not.

This mod isn't any be all end all, it's just yet another arrow in the quiver. Just another hoop for them to have to jump through. Time will tell if it gets defeated.