vBulletin 3.8 - worst for spam.
 

I have been inundated with spammers since uploading vBulletin 3.8 and it's disappointing there's no tools to combat it. I have yet to find a mod to prevent it either. Any tips?

I had this issue when I updated aswell, and I tried 99% of the things that people told me to do.
In the end I Just went back to 3.7

try either question and answer or recapcha in human verification options. I use recapcha and get no spam whatsoever.

That said, I'm still on 3.7

Interesting. VB3.8.0 has more tools than ever before to help and you state you have no tools? How can that be?

Why would upgrading to 3.8 have anything to do with having more spammers? Aside from the fact that there are more spam prevention tools in 3.8, the methods for preventing spam are the same as before. There's no special vulnerability that's being exploited in 3.8 that isn't in 3.7. Either they're being stopped at registration or they're not.

I haven't had one single spammer & I'm using 3.8 so I doubt it's the software.

Maybe I'm just blind but in that list it all seems to be features from previous versions and nothing new to combat it. I have tried human verification and reCaptcha to no luck.

Have you tried "NoSpam!"? It seems to have all but solved the problem for mass bot registration.

I have. I've logged on this morning and found two or three posting all over the place with links. Might add some more questions, perhaps there's not enough.

Make sure your questions are not math questions or questions that say "type the word [word] in the box" or "are you a human?". Come up with simple, but impossible for bots to guess questions.

You can use HTML with no spam, so I use small images and ask brain dead questions about them. Like "(Fill in the blank) This is a picture of Super___." and then have a picture of Superman, or "What kind of animal is this?" and then have a picture of a dog. Just make sure you don't name the picture anything remotely close to what the answer is.

Also remember that humans can register bots and then send them o'spammin', or bots could have registered months ago and don't start spamming until after you've installed precautions.

Thanks for the tips. That sounds like a good idea.

Well they all seem to have registered in the last 48 hours from what I can see.

Probably bots registered by their owners. Or they got through the type of questions I mentioned above that are too easy for bots to be programmed to guess, if you happen to have any. (i.e. Are you a human?) Give the hardcore questions I mentioned a try and take a no tolerance policy towards spam if you don't already and delete, not ban, users who clearly appear to be bots.

The differences in registration/human verification in vBulletin 3.7 vs. 3.8 is almost nil. I doubt the influx of spammers has anything to do with the upgrade.

VBulletin has more tools to prevent spam then any other forum on the market. Just enable ReCaptcha in the human verification options and that will prevent the spam bots from signing up.

Human spammers are just a fact of life. But VB has LOTS of tools to fight spam bots. My forum gets one or two spammers a month.

ReCAPTCHA has pretty much been nullified by the most recent spam bot programs. Pretty much a question and answer type field is the most fool proof way to prevent bot registrations.

i thought it was only me i've had mad spam now

:)

I politely disagree on the ReCapthca statement.

Back in October ReCAPTCHA was cracked by the Xrummer spammers.
http://it.slashdot.org/article.pl?sid=08/10/02/1415205

Now, I know they've made some improvements, but it's still much harder for a bot to guess random questions like, What color is this image? rather then decode the text from images it's been programed to decode.

Once again, I disagree.

There is not a single mention of ReCAPTCHA in the article you linked to. Your reply is "ReCAPTCHA was cracked by the Xrummer spammers." and a linked article. And the article you linked to offers NO supporting evidence that ReCAPTCHA has been cracked.

I even searched the page (using firefox search feature) and there is not a single mention of ReCAPTCHA in the article you linked to.

Why would you link to an article claiming it mentioned ReCaptcha when in fact it does not? There is a difference between captcha and ReCaptcha.

If you have proof supporting that ReCaptcha (not captcha) has been cracked, please post a link. But make sure that the article does in fact mention ReCaptcha.

The images from reCAPTCHA are images that haven't been able to be deciphered by computers with OCR. It relies on users submissions. The first image has a known answer (the "control" word), while the second does not. A known answer is one that was a "second image" but X users had the same answer, and it is assumed correct, and "promoted".

I tend to find recaptcha to be less accurate.
It allows a certain fudge factor when entering words with similar looking letters. If you try, you can purposely enter two wrong words and it will verify, as long as the letters you entered look similar. Try replacing e with o and r with n etc.

Agreed Bellardia,

The best spam prevention i've seen is using the built in akismet filters and the human verification question and answer methods.

I've used that setup on numerous forums to stop automated spam dead in its tracks

Well, lets not split hairs here. Does ReCAPTCHA claim to be any more secure then any other CAPTCHA? Because all I've ever seen it claim as it's sole difference was it helped to digitize literature. Not a whole lot of claims on it's superior security.

Either way, what are you disagreeing with me with? We had a huge number of discussion here in October when several people's boards were suddenly getting deluged with spam. Several people pointing out ReCAPTCHA's flaws. So I'm not sure if you're disagreeing with that, or disagreeing with my point that security questions are much harder for bots to guess.

Allow me to add this to that recaptcha discussion - I run 4 forums, 2 - vbulletin and 2 - SMF. 3 of the 4 forums were getting slammed everyday with 4, 5, 6 and more spam bots every day. All three forums were using captcha with email verification. Once I set up ReCaptcha, the spam stopped right then. Instead of each forum getting 4, 5 or 6 spam bots a day, in the past month one forum has had 2 spammers sign up.



I disagree with your statement -

I have seen the side by side effects of ReCaptcha on VBulletin and SMF. And on both forums the program was very effective in stopping spam.

Totally agree. I had 50 spammers sign up per day back at the end of sept/start of oct - installed recapcha and haven't had one since.

It's stopped it on mine too. I'm going by the reports of many other members who have reported it being circumvented.

Just to let you know I run a board with reCAPTCHA, and I've been spammed by Xrummer 5.

I have seen a method to trick it thinking it's failed to register so I will try this method.

I had about 100 spam posts everyday once I switched to 3.8.0. I used the email verification thing, and now I'm just watching the spam users register, and my board statistics go up, but them not being able to post. :)