vb.org Archive
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   SpamBots xRummer et al, bypass validate code?? (https://vborg.vbsupport.ru/showthread.php?t=287672)

pattycake 10-25-2012 09:52 PM
Well,... I just installed a demo version of xRumer and ran it, using my website as a test. The "demo" version of the program uses an email address of:
xrumeremailYOYYY@maildomainJJKUJ.com
Username: XRumerYGQYY

Obvioulsy, this is an invalid email address.

Guess what??? It got signed up.... no validation email, no "vaidation code"... and yet there he was, a new member at my site.

Max Taxable 10-25-2012 10:30 PM
Did you have settings in that demo for a delay?

--------------- Added [DATE]1351210745[/DATE] at [TIME]1351210745[/TIME] ---------------

Okay... I did what you did. Got the XRumer demo, and then disabled ALL anti-spam and human verifications on my board, except for the email verification, and let it rip.

Nothing happened. Registration failed, although in the logfile XRumer THINKS it successfully registered.

So, I'm starting now to think your scripts are somehow compromised making it a one-board problem.

pattycake 10-26-2012 12:24 AM
Nope... no "settings for delay" in demo version. I wonder if it's in the real-mc-coy paid versions?

what version do you have?

Max Taxable 10-26-2012 12:37 AM
Quote:
Originally Posted by pattycake (Post 2376011)
Nope... no "settings for delay" in demo version. I wonder if it's in the real-mc-coy paid versions?
You asserted it was:
Quote:
Originally Posted by pattycake
the time between registering has long since been defeated by XRumer. They even have a setting of waiting 5, 10, 15, 20, and 30 seconds.
Quote:
Originally Posted by pattycake
ok... whatever, I'm just telling you that the new XRumer has an option to use the delay. YMMV
And my assertion is, the time delay is SO relatively new and SO underused, they likely don't even know about it. Not trying to be snarky, just trying to discover the truth of the matter.

Interestingly, with all of my anti-spam and human verification active, XRumer reported it did successfully register (it did not) and said it was logged in and "probably" posting. BUT - it said there were "extra protections on this forum."
Quote:
what version do you have?
It says "5.0 palladium" and the file version is 5.0.0.747

pattycake 10-26-2012 01:01 AM
ditto here... if I activate my spam code, it stops xRumer... I had to disable all of that to run the test above. As yours, the logs shows "extra protections on this forum".

I am going to put a sniffer on the line and watch the process to see what it is sending.

btw: I did install "IsBot" and it's definitely doing a job. I added a few calls to a database so I could keep track of failed (and "allowed in") attempts. I have a several log entries showing a time of: (1350415378 seconds transpired). All are the exact same "1350415378". I wonder if thats their fix? I changed the name of the vars to something else and haven't seen an entry like that since.

Max Taxable 10-26-2012 01:06 AM
Quote:
Originally Posted by pattycake (Post 2376019)
ditto here... if I activate my spam code, it stops xRumer... I had to disable all of that to run the test above. As yours, the logs shows "extra protections on this forum".

I am going to put a sniffer on the line and watch the process to see what it is sending.

btw: I did install "IsBot" and it's definitely doing a job. I added a few calls to a database so I could keep track of failed (and "allowed in") attempts. I have a several log entries showing a time of: (1350415378 seconds transpired). All are the exact same "1350415378". I wonder if thats their fix?
Wait, perhaps I misunderstand. You were telling us the XRumer registered anyway, bypassing the email validation and indeed, a new account was showing up on your forum. Am I misunderstanding?

Also, IsBot is obsolete as of three days ago - I commissioned a coder here to update it with AdminCP controls and more features, find that here for vB3.x.x:

Bot Blocker 3.x.x

And for v4:

Bot Blocker 4.x.x

pattycake 10-26-2012 01:17 AM
Correct... isBot and my own custom "spam killers" were already stopping xRumer but I wanted to get to the bottom of this so I disabled isBot and all of my custom scripts... then I ran xrumer and, it did indeed create a new account.

After I confirmed that it created the new account, I re-enabled isBot and my custom scripts.

Tomorrow I will install the sniffer and then we'll see exactly whats going on.

Quote:
Also, IsBot is obsolete as of three days ago - I commissioned a coder here to update it with AdminCP controls and more features, find that here for vB3.x.x:
awesome... I'll give it a try. thanks for the heads up.

Max Taxable 10-26-2012 01:18 AM
Quote:
Originally Posted by pattycake (Post 2376024)
Correct... isBot and my own custom "spam killers" were already stopping xRumer but I wanted to get to the bottom of this so I disabled isBot and all of my custom scripts... then I ran xrumer and, it did indeed create a new account.

After I confirmed that it created the new account, I re-enabled isBot and my custom scripts.

Tomorrow I will install the sniffer and then we'll see exactly whats going on.
I would be checking my vB folders and files for something amiss...

pattycake 10-26-2012 01:41 AM
Quote:
Originally Posted by Max Taxable (Post 2376026)
I would be checking my vB folders and files for something amiss...
the only thing different from the original installation is some coding I did in register.php to disallow certain email hosts. Other than that, all code is the original, all folders are the same, etc. It's a clean install.

No worries, the sniffer will show everything.... everything coming in, and everything going out.

Max Taxable 10-26-2012 01:44 AM
Well, I'm not really worried, since I verified I don't have this issue. Just trying to be helpful.


All times are GMT. The time now is 02:53 AM.
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01048 seconds
  • Memory Usage 1,750KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (8)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete