vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Forum and Server Management (https://vborg.vbsupport.ru/forumdisplay.php?f=232)
-   -   Spambot overload! (https://vborg.vbsupport.ru/showthread.php?t=276162)

mpasternak 12-29-2011 02:13 PM
Spambot overload!
 
I'm having a spambot explosion of lates

In the last month i'm getting nearly 1000 spambots register a day on my site. Most don't pass human verification thankfully, But i am getting around 20 a day that get through.

I've got ReCaptha and email verification, as well as a "skill testing questioN" and yet they're getting through, then posting anywhere from 1 to 100 posts in the span of minutes with their nonsense links and gibberish.

I cannot monitor the queue enough to manually approve all users and the site isn't really big enough that it has regular new registrations.

But i need a solution for this. Being higher up in the search rankings is important for the business, But I can't have these issues with spambots.

Is there any solution?

FreeResellers 12-29-2011 02:49 PM
Are you running on vB 3.8.x or 4.x?

Max Taxable 12-29-2011 02:54 PM
This mod is the endemol of all spam bots. Nothing else touches it. Instructions in thread for v4 compatibility. This should be a standard feature of vBulletin.

https://vborg.vbsupport.ru/showthread.php?t=135094

mpasternak 12-29-2011 03:10 PM
i'm in 4.x if that helps

Max Taxable 12-29-2011 03:28 PM
Quote:
Originally Posted by mpasternak (Post 2281936)
i'm in 4.x if that helps
The Mod I linked is easily adjusted for all versions of vB4. Here's a stat - since I installed that Mod last October, it has caught over 2,000 spam bot registrations and stopped them and has interfered with exactly zero humans.

The Mod generates a email to you each time, detailing what username they tried to register with, what IP it came from, and what email they tried to use. VERY useful information for donating to Project Honey Pot! It's a must-have Mod.

nhawk 12-29-2011 05:35 PM
I do pretty much the same thing as that mod at server level and ban the IP in iptables (drop with no reponse) so their computer hangs while their system waits for a response from my server.

Turn about is fair play in my book. :)

Max Taxable 12-29-2011 06:49 PM
Quote:
Originally Posted by nhawk (Post 2281975)
I do pretty much the same thing as that mod at server level and ban the IP in iptables (drop with no reponse) so their computer hangs while their system waits for a response from my server.

Turn about is fair play in my book. :)
The Mod can be set to autoban, but I don't ban IPs, it's not necessary with that Mod. It just stops them, and reports them - also without giving the human botnet operators any clue as to why. It just gives them the standard vBulletin "The administrator has disabled registration" phrase. It lies.

kh99 12-29-2011 09:01 PM
Quote:
Originally Posted by Max Taxable (Post 2281934)
...This should be a standard feature of vBulletin.
There's one problem with that - no doubt it would be trivial to program a bot to get past it, so if it were a standard feature it would most likely be useless.

FWIW at my site we use question and answer human verification and that Spam-O-Matic thing that looks up info at stopforumspam.com (and submits to it if you want), and between them they stop hundreds a day. We end up getting 5-10 registrations per day and I'm pretty certain those are actual humans. Anyway, I have no idea how it would compare to the one Max Taxable linked to - maybe we'll try that one out some day.

nhawk 12-29-2011 09:22 PM
Quote:
Originally Posted by Max Taxable (Post 2281984)
The Mod can be set to autoban, but I don't ban IPs, it's not necessary with that Mod. It just stops them, and reports them - also without giving the human botnet operators any clue as to why. It just gives them the standard vBulletin "The administrator has disabled registration" phrase. It lies.
That works :)

But, I don't even want to waste the PHP processing power to give them a reason. They aren't worth a nanosecond of PHP time to me. Let the server itself and firewall handle them and hang their system waiting for a reply from my server until their end times out with an error that the web site can't be found.

To date.. zero spam on my site. (now watch me get hammered)

Max Taxable 12-29-2011 10:32 PM
Quote:
Originally Posted by kh99 (Post 2282004)
There's one problem with that - no doubt it would be trivial to program a bot to get past it, so if it were a standard feature it would most likely be useless.

FWIW at my site we use question and answer human verification and that Spam-O-Matic thing that looks up info at stopforumspam.com (and submits to it if you want), and between them they stop hundreds a day. We end up getting 5-10 registrations per day and I'm pretty certain those are actual humans. Anyway, I have no idea how it would compare to the one Max Taxable linked to - maybe we'll try that one out some day.
The whole point of using bots is speed. Therefore the botnet admins never going to adjust bots to make them take their time registering. This is if they ever figure out time is the issue.

I use the Q&A verify as well, but with a twist - the answer is identical to the very LONG question, which is instructions to copy and paste the question into the answer box!

I definitely agree a mufti-tiered system is best. There's no magic bullet - but there's sure some good ones!
Quote:
Originally Posted by nhawk
That works

But, I don't even want to waste the PHP processing power to give them a reason. They aren't worth a nanosecond of PHP time to me. Let the server itself and firewall handle them and hang their system waiting for a reply from my server until their end times out with an error that the web site can't be found.

To date.. zero spam on my site. (now watch me get hammered)
For many people though, a handy-dandy ready-made xml product file is near the ceiling of their abilities!

mpasternak 12-30-2011 01:52 PM
Thank you Max, I just installed your mod. In the last 10 minutes since activating it, I have received 23 emails for blocked registrations attempts

Seriously. my board isn't big at all. in fact, spambots have killed it off nearly completely (I want to try bumping it back up).

What may have started this off. My board wasn't huge, it wasn't heavily spidered. it doesn't appear at the top of any search engine for typical keywords. But the spambots do not end.

Is there a tip or key to get them to leave you alone? other than just these passive means to prevent their registration?

Max Taxable 12-30-2011 02:02 PM
Quote:
Originally Posted by mpasternak (Post 2282196)
Thank you Max, I just installed your mod. In the last 10 minutes since activating it, I have received 23 emails for blocked registrations attempts

Seriously. my board isn't big at all. in fact, spambots have killed it off nearly completely (I want to try bumping it back up).

What may have started this off. My board wasn't huge, it wasn't heavily spidered. it doesn't appear at the top of any search engine for typical keywords. But the spambots do not end.

Is there a tip or key to get them to leave you alone? other than just these passive means to prevent their registration?
They flock where the botnet admins have found weakness. Over time, they will become a sparse phenomenon as you become Fort Knox..

"Ban Spiders By User Agent" is another good Mod. First custom entry on that should be, "Baidu."

You have to win that spam fight because it will definitely kill a board.

mpasternak 12-30-2011 02:07 PM
also, is there away to stop the emails? (don't want to screw with the code yet and break it now that it's working). cause i've received over 100 since installing!

Max Taxable 12-30-2011 02:09 PM
Quote:
Originally Posted by mpasternak (Post 2282206)
also, is there away to stop the emails? (don't want to screw with the code yet and break it now that it's working). cause i've received over 100 since installing!
Yes in the thread where that mod was downloaded from, they explain how to turn the emails off. But what I did was just send them to a email acct I don't use for anything else.

I think you want the emails for two things - to collect statistics and, to be able to make sure this Mod is still working.

prandah 12-30-2011 09:15 PM
try vB Badbahvior
them will help you to reduce your spam bot :D
i have tested it on my forum


All times are GMT. The time now is 09:25 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01077 seconds
  • Memory Usage 1,758KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (8)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (15)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete