Is there a way of getting the newer recaptcha for vB3.8 just to give you an idea what it looks like, this might be a pretty nice little feature for upcoming versions.

http://www.google.com/recaptcha/intro/index.html

It will be defeated like any other CAPTCHA. These gadgets always are.

All tools to defeat spammers will be defeated, eventually. Its an arms race. Use the best you can when you can.

It will be defeated like any other CAPTCHA. These gadgets always are.

You can't know that yet though, it's something brand new. Maybe it actually helps, although you can never battle real human registrations who spam.

You can't know that yet thoughYes we can, and no it is not brand new. Google is about 5 years behind on human verification even with this "new" gadget..

Good compilation of spam stopping tools here.

The Era of Big Spam is Over (http://ozzmodz.com/showthread.php/506-The-Era-Of-Big-Spam-Is-Over)

All tools to defeat spammers will be defeated, eventually. Its an arms race. Use the best you can when you can.

Thank you, Zachery. Nicely said with that. Sometimes or at times reCaptcha doesn't do what it's told when configuring and whatnot with that part...I saw other mods for older versions, which is why I thought I would request the newest one.

--------------- Added 1417636983 at 1417636983 ---------------

Yes we can, and no it is not brand new. Google is about 5 years behind on human verification even with this "new" gadget..

Good compilation of spam stopping tools here.

The Era of Big Spam is Over (http://ozzmodz.com/showthread.php/506-The-Era-Of-Big-Spam-Is-Over)

Max Taxable, this is what I am talking about.

https://vborg.vbsupport.ru/external/2014/12/4.gif

Max Taxable, this is what I am talking about.I know exactly what it is and watched its development in google. It is a LUA - legitimate user annoyer. It will be defeated.

This stuff is about five years behind the curve, as I was saying.

If you want the latest and best spam stopping mods for vBulletin, visit the link I provided. We are miles ahead of these trinkets and gadgets.

I know exactly what it is and watched its development in google. It is a LUA - legitimate user annoyer. It will be defeated.

This stuff is about five years behind the curve, as I was saying.

If you want the latest and best spam stopping mods for vBulletin, visit the link I provided. We are miles ahead of these trinkets and gadgets.

Miles away from those now? I'll look at the link you provided.

Miles away from those now? I'll look at the link you provided.You'll see what I mean.

You'll see what I mean.

Just installed the Spambot Stopper by kh99. Let's see how this works out.

Just installed the Spambot Stopper by kh99. Let's see how this works out.We recommend the entire package listed, the more bullets in the gun the better. There's not any one magic bullet.

Sent you a PM at Ozz's place.

I don't see anything added to 3.x
Maybe 4.x but I really doubt it too..

It may be added to 5.x but no one uses that pile of junk ;)

I don't see anything added to 3.x
Maybe 4.x but I really doubt it too..

It may be added to 5.x but no one uses that pile of junk ;)

Lol, maybe something a lot down the line, we hope.

Why would someone add something that is defeated?

There's no way to defeat real human though.

For a very long time I haven't faced such things called robots, all of them are human. They might be paid to do this, and we can never stop them completely.

As the new technology of google is preventing robots to spam, nothing new.

There's no way to defeat real human though.Sure there is. It's been done and it's done every day.

Also it is just plain annoying. Why rely on something that can and will be defeated, if it is not already. :)

Also it is just plain annoying. Why rely on something that can and will be defeated, if it is not already. :)

That is true, yes. I wouldn't rely on this, but I would like to see one do a mod for it or something. Just to see how it turns out and whatnot.

But, why?

1) It is annoying
2) It is useless as programs like XRumer probably have it defeated.
3) There are other un-annoying, un-defeated ways to stop spammers.

But, why?

1) It is annoying
2) It is useless as programs like XRumer probably have it defeated.
3) There are other un-annoying, un-defeated ways to stop spammers.

Okay, you have a point there. I'll leave it at that. :P

Just pointing this out ozzy, once your current "stop spam" methods get popular enough, xrummer, and other bots will build defenses around them, and then they'll be useless too.

Not if you stay on top of it, and update it as things are defeated. Once they defeat one layer, change it and add a different layer. :)

Not if you stay on top of it, and update it as things are defeated. Once they defeat one layer, change it and add a different layer. :)

So, you mean the same arms race that recapcha/etc is all under?

Nope, there in no captcha In anything I use, as it has been defeated for years.

Just pointing this out ozzy, once your current "stop spam" methods get popular enough, xrummer, and other bots will build defenses around them, and then they'll be useless too.Actually there is no way a defense against the registration timer will ever be done. Because first, you can't guess the timer setting, so you make the delay 60 seconds at least for your botnet. This greatly cuts into the production. Secondly, false fields exist in the timer mod. Bots always put gibberish in odd fields. Third, there's also a maximum time setting you gotta figure on.

XRumer currently has nothing in it that even allows for time delays. I'm a paid license holder and get all the updates.

And this is just the timer mod. The other mods we recommend involve targeted blocking of known spammer hostnames, user agent strings, and spammy emails that use dots and other punctuation in the username of the email addresses.

And none of them give any hint whatsoever that any human verification is being used, and don't give "gotcha" messages when a spammer fails the checks. And as a package, they provide alot of bullets in the anti-spam gun.

Keywords "currently".

Bots never had the ability to defeat recapcha, then it got popular, then it got defeated.

Honeypots are stupidly old, and became unpopular, because bots were programmed to defeat them.

Timers are also old, and once again they can be user annoyers. Because I don't know anyone who can't fill out a registration in less than 60 seconds. Chrome auto fills these for me, I can register in under 5 seconds. If the minimum is 60, guess I can never register another account again.

Your silver bullets will eventually corrode and be useless.

Edit: Hostnames, and user agents can easily be countered to be valid user agents too. These people have more incentive to break down your walls than you currently have to build them. Your walls take months/weeks to build, and they can break them down in hours.

Your silver bullets will eventually corrode and be useless.Defeatism.

Tell me how they're going to defeat all the checks.

Botnets rely on speed and high volume. Programming even a short delay means potentially a million fewer stabs a week. Delay can't really be programmed, because you have to make it long enough to defeat minimum time, short enough to pass the check for maximum time. No way to know the settings site to site.

False fields - botnets are programmed to put SOMETHING here. And they do.

Dots, dashes and other punctuation in email usernames - this mod has settings too. How many dots are allowed? Commas? Semicolons, underscores? There is no way to know these settings.

The targeted lists - these are not honeypots. These are lists of guaranteed known bad user agent strings and hostnames. Not IP addresses.

This "new" reCaptcha - the "new" thing about it is a checkbox. Defeated years ago, the bots check the "I have read the rules" box already. They will quickly adapt to this "new" one that is at least 5 years behind the times.

These games, puzzles, captchas, Q&A and such, are just GADGETS that annoy legitimate people and have been long defeated.

We believe we are smarter, more creative, better looking, and just overall superior to any botnet admin, spammer supervisor, or spammer alive. This is why they are bottom feeders to start with. The era of Big Spam is over.

I said back on the first page, you should use the tools that do the job today. You just can't claim they'll always work.

Once they're popular, they're targeted. Once they're targeted they can be defeated.

Edit:I've got a lot more to write i'm just in the middle of something else atm.

Timers are also old, and once again they can be user annoyers. Because I don't know anyone who can't fill out a registration in less than 60 seconds. Chrome auto fills these for me, I can register in under 5 seconds. If the minimum is 60, guess I can never register another account again.Haven't seen these problems yet. Have you personally? Or is this just a theory?

Edit: Hostnames, and user agents can easily be countered to be valid user agents too. These people have more incentive to break down your walls than you currently have to build them. Your walls take months/weeks to build, and they can break them down in hours.The hostnames and UA strings CAN be spoofed. Question is, will they ever be in wide use basis.

I'll tell you what Zachary, if this new capcha is the way to go, as everything else is defeated as you say, code up the mod, and make it so it can only run if the re is no other form of spam protection on the sites. Not any other mod, Q&A or anything.

Then we will see if sites stop getting spam. :)

You just can't claim they'll always work.And.... Nobody quite made that claim.

I've merely made the case for why these solutions are far better than toys.

We just don't accept the dogma of defeatism.

Here is a screenshot of the bots, spammers that have been blocked from my site using current methods.

We're promoting vBorg anti-spam mods for vBulletin, over a "new" captcha toy, and the Zacharys of the world are aghast.

Correct, recaptch is far more likely to be defeated as it is most certainly going to be used by many many major sites.

While the botnet admins are less likely to spend wasting their time, on some mod that works with vBulletin, which in a global sense of the sites using or not using recaptcha is small.

Correct, recaptch is far more likely to be defeated as it is most certainly going to be used by many many major sites.

While the botnet admins are less likely to spend wasting their time, on some mod that works with vBulletin, which in a global sense of the sites using or not using recaptcha is small.And right, the Zacharys of the world do have one legitimate point - the most popular anti-spam methods do get the most attention. Right now the stuff we recommend is just a tiny nuisance in the big picture of the internet.

Fortunately for us, vBulletin simply isn't really a platform worth working on if you're a spammer, anymore. Thanks IB!

Oh dear, this thread went and forth on this. :eek:

Oh dear, this thread went and forth on this. :eek:It's educational and informative though.

It's educational and informative though.

It is a bit, yes. I will agree with that, but in someways it looks like arguing. :(

It is a bit, yes. I will agree with that, but in someways it looks like arguing. :(Healthy debate between two guys who daily work on anti-spam, and Zach.

No there is no arguing, it is just difference of opinions. :)

Maybe I should go back to working on this new style I am going to release hoping tomorrow and see how this all turns out with the Recaptcha debate. :)

the Recaptcha debate. There really is no such debate. It is a tired old, defeated toy.

You would get more accomplished releasing a style on here, that trying to figure out how to add the " new " recaptch to your site. :)

And by the way I have been beta testing a mod that stops the human spammers too - it is SO effective I allow unregistered users to post, and have had ZERO spam get through in the year I have been running it..

Spam CAN be stopped, you simply have to win the internal, nattering nabob of negativism and defeatism battle in your own head first, to pull it off. And eschew all the games, puzzles, gadgets and other such nonsense.

I don't use any of those spam stoppers you guys are talking about and I have been using recaptcha now since 2008 ... in the last year and some months I have had (0) ZERO... that's right zero spam accounts on my site ...

How have I accomplished that? IP blocks from countries that are know for spamming ... I don't need anyone from these countries on my site to begin with ... yes I might be blocking some players and gamers from accessing my site, but the numbers are minimal and not worth my site and forums getting hit by spammers and the sacrifice is worth it ....

I used to have Kunena forums before and I had a forum spam stopper running on that ... the amount of spam accounts being created was just insane! ... I look at my error logs maybe 3-4 times a week on my cPanel and I take note of the new IPs that hit my site's register.php file ... now I did use BOP5S Rename register.php by BOP5 mod and since then not only has my site gotten faster in loading, but I have also seen less spiders and bots hitting my site's resources and I haven't seen a single attempt on my new register.php file after I changed it's name ...

I posted in another thread that scripts that are made to battle spammers might actually invite more spammers to your site because of keywords used in the script that spammers and hackers look for in such scripts to battle and protect against them ... so far my theory on my site has proven that I am onto something ...

I used spam o matic when it first came out and the day after I installed that on my site the number of hits by spammers and bad bots more than tripled ... I was just setting up my new vb forums so I uninstalled it and while I made the changes to my new theme, added a few mods here and there and some custom work on my site in general , it took me maybe 3 weeks to a month .. after than I never used anything to fight against spam except for the recaptcha and I have been fine ...

What works for me might not work for everyone ... but I also do spend a couple of hours each day monitoring my site and forums and that is probably the biggest reason why I don't get spammers hitting my site like other people do ...

I also use reCAPTCHA on my forum (700k+ posts), Cloudflare, and not a single anti-spam plugin. I encouter maybe 1 bot registration each 1-3 months.

Well how did you two add the recaptcha to your sites? I would be interested in checking it out.

Well how did you two add the recaptcha to your sites? I would be interested in checking it out.

I'm using the old reCAPTCHA, the one which comes with vBulletin.

Ahh, yeah this was about their newest release.

I'm also curious if anyone has added the new ReCaptcha successfully. Many of us would like to know how. ^^

This doesn't look like it should be very difficult. I'll try to throw something together if no one else is working on it. It might be a little more difficult to integrate it with the existing human verify system, but it shouldn't be difficult to just add it to registration.

Yeah Kevin that would be cool, as I don't have time to work on it. :)

Yeah Kevin that would be cool, as I don't have time to work on it. :)

Ok, yeah, you didn't sound too excited about it. Well, maybe until that last post.

Thanks a bunch mate. As always I appreciate the stuff you do around here for us not-so-knowledgeable people. ^^

I don't use any of those spam stoppers you guys are talking about and I have been using recaptcha now since 2008 ... in the last year and some months I have had (0) ZERO... that's right zero spam accounts on my site ...

How have I accomplished that? IP blocks from countries that are know for spamming ... I don't need anyone from these countries on my site to begin with ... yes I might be blocking some players and gamers from accessing my site, but the numbers are minimal and not worth my site and forums getting hit by spammers and the sacrifice is worth it ....

I used to have Kunena forums before and I had a forum spam stopper running on that ... the amount of spam accounts being created was just insane! ... I look at my error logs maybe 3-4 times a week on my cPanel and I take note of the new IPs that hit my site's register.php file ... now I did use BOP5S Rename register.php by BOP5 mod and since then not only has my site gotten faster in loading, but I have also seen less spiders and bots hitting my site's resources and I haven't seen a single attempt on my new register.php file after I changed it's name ...

I posted in another thread that scripts that are made to battle spammers might actually invite more spammers to your site because of keywords used in the script that spammers and hackers look for in such scripts to battle and protect against them ... so far my theory on my site has proven that I am onto something ...

I used spam o matic when it first came out and the day after I installed that on my site the number of hits by spammers and bad bots more than tripled ... I was just setting up my new vb forums so I uninstalled it and while I made the changes to my new theme, added a few mods here and there and some custom work on my site in general , it took me maybe 3 weeks to a month .. after than I never used anything to fight against spam except for the recaptcha and I have been fine ...

What works for me might not work for everyone ... but I also do spend a couple of hours each day monitoring my site and forums and that is probably the biggest reason why I don't get spammers hitting my site like other people do ...The anti-spam goodies we recommend are all home grown here at vBorg, and are for the average folks out there who might not be as technically sagacious as yourself.:D

Right, and banning countries or IP blocks might not work for everyone. A site such as this, can not use that. :)

Hey guys, just wanting to pop in and add to the discussion. I'm from FunCaptcha, a team dedicated to providing an alternative to the traditional text based CAPTCHAs.

Our lead designer actually goes into minute detail on the very topic you guys have been discussing here (https://www.funcaptcha.co/2014/12/04/killing-the-captcha-with-black-boxes-and-false-positives/). It's a good read and should bring to light a few concerns people currently have with the ReCAPTCHA changes.

Any and all feedback is welcome!

OK, I've posted a version here: https://vborg.vbsupport.ru/showthread.php?t=315960 but it's for vb4. I was part way through working on this in vb4 before I realized that the original request was for vb3. But vb3 looks to be the same except for the template, so I'll just need to work on that and I should be able to have a version later today.

Meanwhile if anyone wants to try out the vb4 version, let me know how it goes.

The vb3 version is ready (I hope): https://vborg.vbsupport.ru/showthread.php?t=315964

I had a really long written response for this thread, but I'd really just like to comment on a few things.

Keep working towards beating spam, its the only way we'll ever stay ahead of them.
However, for however many man hours we can devote to beat them, they can devote 100x more than we can.
Solutions always work for a while, and they'll continue to work until such a time they get too popular, esp if they're stagnant (not evolving, not pushing forward).

I had a really long written response for this thread, but I'd really just like to comment on a few things.Less trouble than trying to answer my earlier questions I guess. I'll re-post them:

Tell me how they're going to defeat all the checks.

1.) The timers: Botnets rely on speed and high volume. Programming even a short delay means potentially a million fewer stabs a week. Delay can't really be programmed, because you have to make it long enough to defeat minimum time, short enough to pass the check for maximum time. No way to know the settings site to site.

2.) False fields - botnets are programmed to put SOMETHING here. And they do. And always will.

3.) Dots, dashes and other punctuation in email usernames - this mod has settings too. How many dots are allowed? Commas? Semicolons, underscores? There is no way to know these settings.

4.) The targeted lists - these are not honeypots. These are lists of guaranteed known bad user agent strings and hostnames. Not IP addresses.

So please. How are these genius spam purveyors going to defeat all of these checks? Specifically.esp if they're stagnant (not evolving, not pushing forward).You just defined recaptcha. The "new" part of it is, a checkbox. Big whoopie. The native vB checkbox was defeated long ago as are all the ones used by yahoo, hotmail, and others. This is about five years behind.

The key to stopping spam is many booby traps. Not just one "magic bullet" that doesn't exist anyway.

I think you guys actually agree that multiple methods is the right idea, that way all sites aren't using exactly the same setup.

The "new" part of it is, a checkbox. Big whoopie. The native vB checkbox was defeated long ago as are all the ones used by yahoo, hotmail, and others. This is about five years behind.

It's actually not just a checkbox. In fact I believe the checkbox isn't something to help defeat bots, but something to make it less annoying for users. The claim is that it will somehow recognize real people so that most of the time they will only have to check the box. But in any case it will be interesting to see if the new recaptcha actually works. If a user doesn't have js then it still falls back to just showing an image, so I don't know how that's different than the old one, because obviously bots aren't going to run the js part to help it work better. (There may be differences that I don't understand - I'm not an expert on how it all works).

I think you guys actually agree that multiple methods is the right idea, that way all sites aren't using exactly the same setup.



It's actually not just a checkbox. In fact I believe the checkbox isn't something to help defeat bots, but something to make it less annoying for users. The claim is that it will somehow recognize real people so that most of the time they will only have to check the box. But in any case it will be interesting to see if the new recaptcha actually works. If a user doesn't have js then it still falls back to just showing an image, so I don't know how that's different than the old one, because obviously bots aren't going to run the js part to help it work better. (There may be differences that I don't understand - I'm not an expert on how it all works).We'll know if it works when we start seeing less spammer email addresses from gmail, right? Since presumably, google itself is now using this "new" captcha.

It's the exact same thing as the old recaptcha ..only difference is that you have the box to check first where it says "Im not a robot" and it has the check box ...then you still have to verify the two word phrase just like the old one ....you can also do an audio one ....


https://vborg.vbsupport.ru/external/2014/12/29.jpg

It's the exact same thing as the old recaptcha ..only difference is that you have the box to check first where it says "Im not a robot" and it has the check box ...then you still have to verify the two word phrase just like the old one ....you can also do an audio one ....


https://vborg.vbsupport.ru/external/2014/12/29.jpg

The audio bit has been there before. There is stuff going on behind the scenes when you check the checkbox. It appears to rely on a lot more javascript which is a lot harder for bots to deal with.

The audio bit has been there before. There is stuff going on behind the scenes when you check the checkbox. It appears to rely on a lot more javascript which is a lot harder for bots to deal with.

I never said the audio was not there before...I guess I should of said that it has an audio default widget to use instead of the image one ...

https://vborg.vbsupport.ru/external/2014/12/28.jpg

And I never said anything negative about recaptcha, on the contrary I swear by recaptcha as it has never let me down in the past ... I know exactly how "people" not "bots" have "cracked" recaptcha and I will continue to support and approve the use of recaptcha and recommend it's use to all my customers when I build them websites and they need some type of human verification ...heck ..its the only one I use lol ..

OK, I've posted a version here: https://vborg.vbsupport.ru/showthread.php?t=315960 but it's for vb4. I was part way through working on this in vb4 before I realized that the original request was for vb3. But vb3 looks to be the same except for the template, so I'll just need to work on that and I should be able to have a version later today.

Meanwhile if anyone wants to try out the vb4 version, let me know how it goes.

About to install this on my forum. Nice work with it, kh99. :)