vb.org Archive - Why doesnt question and answer at registration stop spam registrations.

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)

- - Why doesnt question and answer at registration stop spam registrations. (https://vborg.vbsupport.ru/showthread.php?t=279963)

Well the Q&A seems to be enabled now.

spammers are registering users without the Question and Answer option.

They are registering users directly in the database.

This is a issue that vbulletin knows already.

They need to release a fix to stop this issue.

We are using this version: vBulletin 3.8.7 Patch Level 3

Hogwash.
Spammers don't have direct access to your database.

Quote:

Originally Posted by max. (Post 2373586)

Never seen this happen. If someone is directly accessing your database you've been hacked.

Quote:

Originally Posted by mike2902 (Post 2313607)

I still dont know why the question and answer system doesn't stop spam registrations. Im getting 50 per day and they cant be getting the question right. I have the question as a statement to send me an email via the contact us form at the bottom of the page and tell me how you found the board. I never get any emails and I still get 50 spam registrations per day even though they are not answering the question. Im running 3.8.7.

Install this simple fix and end all autospam registrations altogether:

Bot Blocker

I haven't had a successful spambot register since install, it has stopped over 5,000 and counting.

I heard that the latest version of a popular auto-spamming software gets around the Q&A by something called "averaging" but I don't understand it. I don't use any of the native vBulletin human verification options anymore, the hack I linked you to above makes them all superfluous.

So, once the people who make bots figure out they need to add a delay, then your defenses are broken. You shouldn't rely on any one single system.

Quote:

Originally Posted by Zachery (Post 2375140)

So, once the people who make bots figure out they need to add a delay, then your defenses are broken. You shouldn't rely on any one single system.

Of course you're right about the bolded. As for the other? The whole point of bots is SPEED. It'll never happen. Plus, there's not a "got'cha" message telling them how or why the registration attempt failed.

I guess I am one of the lucky ones that doesn't get spammers on my site. I only use reCaptcha and I have not had any spam on my forums in over 5 months.

I do however have a long list of IP ranges that I have looked at and verified as possible spammer's IPs. I can share that list which is added in your htaccess file to deny anyone from that range of known IP ranges access to your site.

You have to be careful though that you are not deny access to good people who are not spammers by adding a range of IPs instead of just the one IP. In my case I know who will be visiting my site and from what country.

The countries that are know for spammers are places like russia, hungary, poland, austria, czech republic and other small countries in that area. Since I know I will rarely get actual members from those areas/countries I have blocked most of those IP ranges.

I have used reCaptcha for a long time and never have had problems with it. I used it on my wordpress and joomla sites as well and it has worked out great.

Like Zachery said on his post, "You shouldn't rely on any one single system", I use reCaptcha and of course IP bans as well.

Here is the advice I give out when people contact support about too much spam-

Quote:

We have determined the most effective "Human Verification" currently built into vBulletin is "Question and Answer" verification.

To enable this go to your Admin CP -> Settings -> Human Verification Manager. (In VB 3.x it is Admin CP -> vBulletin Options -> Human Verification Manager)

Click on this link.

On the new page choose the option for "Question & Answer Verification."

If this is the first time you are using it you will need to add one or more questions and answers. To add your first question click on the "Add New Question" near the bottom center of the page.

On the next page enter a question. Do not make this a math question (what is 2+2?)- Math questions are absolutely worthless. If your forum is about a specific topic try to make the question something someone interested in your niche would likely know. If not still make a question that requires a human to answer- creativity helps here.

An example question would be: If there are three people in a room how many total toes are likely in the room?

Leave the box for "Regular Expression" blank. Use it only if you understand Regular Expressions.

Hit "Save"

On the next page there will now be a button "Add New Answer" - Press It.

The next page is one simple box marked "Answer." Enter the answer to the question. Questions can have multiple correct answers.

Answers are NOT case sensitive so if you put "thirty" in as an answer both "Thirty" and "THIRTY" will also work.

Enter "thirty" as the answer (without quotes.)

Save.

Now you will be back on the page where you can press the "Add New Answer" again, press it.

This time add the answer: 30
And hit "Save" again.

If your forum is multi-lingual you may want to continue adding answers to cover the word "thirty" in different languages.

When you believe you have set every possible correct answer you can click on the Admin CP Menu to go back to "Human Verification Manager" and repeat the process to add additional questions.

The more questions you have the better you will be- five is a good minimum, 10 or more is better.

We have found forums that implement good Q&A questions stop nearly all "bot" spam. (We have documented drops of a 90% reduction in registrations, all of which were spammers.) There will always be spam created by humans though who cannot be blocked by easy questions. If you feel you still have too much spam to handle please check out various "anti-spam" mods available on vBulletin.org:

VB 4.x Anti-Spam Mods:
https://vborg.vbsupport.ru/forumdisp...c&daysprune=-1

VB 3.8 Anti-Spam Mods:
https://vborg.vbsupport.ru/forumdisp...c&daysprune=-1

Please note like all vBulletin modifications we do not provide official support for 3rd party mods, you will need to ask for help in the threads of the mod in question if you need help installing, configuring, or using the mod.

Overall the best defense against spam is to have an active and vigilant moderator staff able to find and delete spam quickly. Educate forum users on how to use the "Report Post" button to report spam. Do not let the forum run without a moderator or administrator making regular visits to keep an eye on things.

Quote:

Originally Posted by CAG CheechDogg (Post 2375242)

The Captcha and the Q&A annoy humans. Plus, the "designer" spam bot programs are now defeating those. That's why I have tried to get away from using them.

I use the "Ban Spiders by User Agent" to exclude MSIE 0-7, this takes out ALOT of bots. It's one of the handiest Mods ever. In addition, I use the Mod I linked above, because it emails me with details on the bots, so I can send them to Project Honey Pot, thus helping others stop spam.

I have NO Moderator staff, don't need any. Eliminate the bots, eliminate most all spam and also, most all need for moderators.

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (5)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01191 seconds Memory Usage 1,759KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (5)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: