|
I am getting hit right now. 2 more registering. This has to be human controlled, or they have found a way around all registration security.
|
Getting hit by spambots as well for the first time since I switched to vbulletin over a year back, spambots advertising porn. One characteristic I have found in every one of them is that all say "Man" under the biography section and have ip address from all over the world with majority of the email addresses belonging to gmail.
Managed to slow them down by modifying the usual no spam questions with new one. |
I am getting spam all of a sudden on my two vBulletin forums, started about 2 hours ago.
|
Same with me. They all say "Man" in the biography box, are spamming porn, and the IP's are from all over the world.
|
I'm looking at my logs and this spambot never even calls the captcha image, someone has found a flaw in the registration process that lets it bypass this step.
|
No, they decode the captcha images in a matter of seconds
I posted the fix for this a few pages back, you're wasting your time with email verification and captcha someone check the spammers user profile in the admincp, see if they are selecting GMT-12 as the time zone, if so the mod i posted earlier will stop them cold |
Here are the logs, you can see no image.php so the bot never even looked at the captcha.
oh well it's cutting off part of the logs. The first two lines call a parameter s with two different long hexadecimal strings. PHP Code:
|
:mad:I shut off registrations, 30 in about 16 hours:mad:
|
This needs to be reported to Jelsoft ASAP. Its rediculous and needs to be fixed like yesterday!
|
I have over 7 trying to register & other "guest" trying to start threads or events:mad:
|
Maybe they are using a newer bot software, if so there may be a weakness that we can use to block them, such as the "Man" in the profile field
Can someone please check and post the timezone they are selecting when they register? |
Quote:
|
different time zones,-12 , +8 , -3:30
|
Block all 3 of those, no english speaking countries involved, and a legitimate member is smart enough to just select a different time zone, the bots are automated and wont be able to
|
Quote:
|
<a href="https://vborg.vbsupport.ru/showthread.php?t=141554" target="_blank">https://vborg.vbsupport.ru/showthread.php?t=141554</a>
|
thanks, ill give it a try
|
If that does not work I recommend trying vbStopForumSpam. I installed it a few hours ago and it has stopped over 25 spam registrations already. (its in the vbulletin 3.6 mods but works with my site which is 3.7)
https://vborg.vbsupport.ru/showthread.php?t=176481 |
I've been getting nailed w/ this issue, too ... installed vbStopForumSpam and the Time Zone one.
|
Quote:
|
This keeps getting interesting, just saw an ip address trying to register on my forum and it turns out it is a webserver at the planet and belongs to imageshack!
I guess it is some kind of spamming trojan/virus which is using people's computers and server to do this. I have already submitted an abuse report with imageshack, lets see how they respond to this. |
Quote:
|
Same here...on several of my boards...
|
Same issue here.
Plenty of new spam, but practically none before today. I'm hoping to avoid the timezone mod. I really don't want to get into an arms race with spammers. If i block timezone, they'll change to a different timezone, then i need a new method. |
I just installed the timezone hack. And I want to lock my forums down GOOD! I could care less about any timezone outside the US or Canada, so my question is....... Will entering these as you see them work fine? All the example gives in the software is,
Quote:
Thanks! |
I've turned on the Question/Answer human verification. It seems to have stopped them for now.
|
wow, many trying to register, I have registrations off untill I install the MODS:mad::mad:
|
Spam is on the rise now... just yesterday and today we have been getting an influx of over 30 spam registrations from russia.... and the email they register with always resolves to gmail or some other free email service.
We have email verification and they seem to also verify their email accounts some how and spam... |
They are also getting by the "Moderate New Members" setting in AdminCP.
As well, there seems to be some evidence that they are "bypassing" image verification AND the Question/Answer. See here: http://www.vbulletin.com/forum/showt...69#post1631469 |
Those of you using cPanel to block, are you using the IP Deny tool? If so, are you entering each individual range from the zone tables on the IPDeny site? My cPanel will only let me enter one range at a time, and there are tons for China alone. I can copy the entire list into my firewall deny table directly, but my firewall crashes after about 1000 entries or so, which is just enough to block China and Russia maybe. Maybe I should just set a Deny All and put the USA IPs in the Allow. ;)
FYI - I had over 50 spam registrations today, with only 1 prior to today in the 4 months my forum has been open. I enabled ReCaptcha about 45 minutes ago, and none since. |
Re they getting around Image Validation only, or are they getting around reCaptcha too?
|
Turn on human verification with Question/Answer and put in a simple question like "what's 2 plus 3". Make sure to spell it out instead of using symbols just in case it looks for that.
|
Quote:
Where do you modify the questions/answers at specifically? |
Most of my spam comes from China, Russia, and Pakistan. Alot from Pakistan. So these countries are banned. I have found that this does not hurt my new registrations in the least. I also do not allow gmail as most of my spammers use gmail accounts. This has helped ALOT as well. Every once in a while I get someone pissed because they can't register using Gmail but we take care of this by registering them manually once we've checked out their registration. You also want to censor the following because they hit many forums hard. In one day we had over a hundred spammers for addition recovery. Little did they know two can play at this game. A-holes! LOL
addictionrecovery.net addictionrecovery Buddhism rack111 bangaloreflowerplaza@gmail.com kingphonestore@hotmail.com maks.digitalinfozz@yahoo.com dukepikaso@aol.com puneonnet@hotmail.com saadepunjab@gmail.com chennaiflowerplaza@gmail.com 05 |
I've been nailed today on two of my vb installations, including on a board that has never had a spam bot post before.
I made a post in another forum: https://vborg.vbsupport.ru/showthrea...49#post1635249 |
Same issue here.
Plenty of new spam, but practically none before today. Regards |
Me too. Never had a problem until yesterday.
|
me too
|
We have had none until yesterday. They say "Man" in the Bio and "Test" in the user name.
These two IP addresses are almost always attached to them: 142.163.3.122 - bad search bot? 200.63.42.75 - Hacker? I know of a few boards that had this and then a attack on the Site Admin password/log-in and the sites were hacked. There is something going on. We all need to find help for this. |
my registrations are still off, checked who is online & had about 8 trying to register:mad:
|
| All times are GMT. The time now is 12:59 AM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|