I'm having a spambot explosion of lates

In the last month i'm getting nearly 1000 spambots register a day on my site. Most don't pass human verification thankfully, But i am getting around 20 a day that get through.

I've got ReCaptha and email verification, as well as a "skill testing questioN" and yet they're getting through, then posting anywhere from 1 to 100 posts in the span of minutes with their nonsense links and gibberish.

I cannot monitor the queue enough to manually approve all users and the site isn't really big enough that it has regular new registrations.

But i need a solution for this. Being higher up in the search rankings is important for the business, But I can't have these issues with spambots.

Is there any solution?

Are you running on vB 3.8.x or 4.x?

This mod is the endemol of all spam bots. Nothing else touches it. Instructions in thread for v4 compatibility. This should be a standard feature of vBulletin.

https://vborg.vbsupport.ru/showthread.php?t=135094

i'm in 4.x if that helps

i'm in 4.x if that helpsThe Mod I linked is easily adjusted for all versions of vB4. Here's a stat - since I installed that Mod last October, it has caught over 2,000 spam bot registrations and stopped them and has interfered with exactly zero humans.

The Mod generates a email to you each time, detailing what username they tried to register with, what IP it came from, and what email they tried to use. VERY useful information for donating to Project Honey Pot! It's a must-have Mod.

I do pretty much the same thing as that mod at server level and ban the IP in iptables (drop with no reponse) so their computer hangs while their system waits for a response from my server.

Turn about is fair play in my book. :)

I do pretty much the same thing as that mod at server level and ban the IP in iptables (drop with no reponse) so their computer hangs while their system waits for a response from my server.

Turn about is fair play in my book. :)The Mod can be set to autoban, but I don't ban IPs, it's not necessary with that Mod. It just stops them, and reports them - also without giving the human botnet operators any clue as to why. It just gives them the standard vBulletin "The administrator has disabled registration" phrase. It lies.

...This should be a standard feature of vBulletin.

There's one problem with that - no doubt it would be trivial to program a bot to get past it, so if it were a standard feature it would most likely be useless.

FWIW at my site we use question and answer human verification and that Spam-O-Matic thing that looks up info at stopforumspam.com (and submits to it if you want), and between them they stop hundreds a day. We end up getting 5-10 registrations per day and I'm pretty certain those are actual humans. Anyway, I have no idea how it would compare to the one Max Taxable linked to - maybe we'll try that one out some day.

The Mod can be set to autoban, but I don't ban IPs, it's not necessary with that Mod. It just stops them, and reports them - also without giving the human botnet operators any clue as to why. It just gives them the standard vBulletin "The administrator has disabled registration" phrase. It lies.

That works :)

But, I don't even want to waste the PHP processing power to give them a reason. They aren't worth a nanosecond of PHP time to me. Let the server itself and firewall handle them and hang their system waiting for a reply from my server until their end times out with an error that the web site can't be found.

To date.. zero spam on my site. (now watch me get hammered)

There's one problem with that - no doubt it would be trivial to program a bot to get past it, so if it were a standard feature it would most likely be useless.

FWIW at my site we use question and answer human verification and that Spam-O-Matic thing that looks up info at stopforumspam.com (and submits to it if you want), and between them they stop hundreds a day. We end up getting 5-10 registrations per day and I'm pretty certain those are actual humans. Anyway, I have no idea how it would compare to the one Max Taxable linked to - maybe we'll try that one out some day.The whole point of using bots is speed. Therefore the botnet admins never going to adjust bots to make them take their time registering. This is if they ever figure out time is the issue.

I use the Q&A verify as well, but with a twist - the answer is identical to the very LONG question, which is instructions to copy and paste the question into the answer box!

I definitely agree a mufti-tiered system is best. There's no magic bullet - but there's sure some good ones!That works

But, I don't even want to waste the PHP processing power to give them a reason. They aren't worth a nanosecond of PHP time to me. Let the server itself and firewall handle them and hang their system waiting for a reply from my server until their end times out with an error that the web site can't be found.

To date.. zero spam on my site. (now watch me get hammered) For many people though, a handy-dandy ready-made xml product file is near the ceiling of their abilities!

Thank you Max, I just installed your mod. In the last 10 minutes since activating it, I have received 23 emails for blocked registrations attempts

Seriously. my board isn't big at all. in fact, spambots have killed it off nearly completely (I want to try bumping it back up).

What may have started this off. My board wasn't huge, it wasn't heavily spidered. it doesn't appear at the top of any search engine for typical keywords. But the spambots do not end.

Is there a tip or key to get them to leave you alone? other than just these passive means to prevent their registration?

Thank you Max, I just installed your mod. In the last 10 minutes since activating it, I have received 23 emails for blocked registrations attempts

Seriously. my board isn't big at all. in fact, spambots have killed it off nearly completely (I want to try bumping it back up).

What may have started this off. My board wasn't huge, it wasn't heavily spidered. it doesn't appear at the top of any search engine for typical keywords. But the spambots do not end.

Is there a tip or key to get them to leave you alone? other than just these passive means to prevent their registration?They flock where the botnet admins have found weakness. Over time, they will become a sparse phenomenon as you become Fort Knox..

"Ban Spiders By User Agent" is another good Mod. First custom entry on that should be, "Baidu."

You have to win that spam fight because it will definitely kill a board.

also, is there away to stop the emails? (don't want to screw with the code yet and break it now that it's working). cause i've received over 100 since installing!

also, is there away to stop the emails? (don't want to screw with the code yet and break it now that it's working). cause i've received over 100 since installing!Yes in the thread where that mod was downloaded from, they explain how to turn the emails off. But what I did was just send them to a email acct I don't use for anything else.

I think you want the emails for two things - to collect statistics and, to be able to make sure this Mod is still working.

try vB Badbahvior
them will help you to reduce your spam bot :D
i have tested it on my forum