Why doesnt question and answer at registration stop spam registrations.
 

I have question and answer set for new registrations. The questions consists of me telling new members to send a message to me via the "contact us" and request the answer to complete registration. So there is no way these spammers are getting the answer correct. So why do I have 30 new spam registrations each day? I am putting them into moderation and deleting all of them, but shouldnt they be stopped from completing registration with out the correct answer? Im running 3.8.7

Limiting Spammers:

For 3.7.x - 3.8.x series vBulletin - use the following and it should knock out all automated spambots. The only spammers you'd see are those who register manually. Great thing is - the bulk of spammers are spambots - so this combination of modifications (in this order of installation) should nip the problem directly in the bud:

1. NoSpam!
   A must-have that vBulletin based it's question/answer functionality off of - only NoSpam! works much better :)
   
   
2. ragtek Botscout Register Check
   This mod is graveyarded on vB.org due to drama - but still works fine. There are no security concerns to worry about. It checks new users IP address against the botscout.com anti-spam database
   
   
3. Cyb - Advanced Permissions Based on Post Count
   This is not necessarily anti-spam -- but with the correct permissions set - new users (with post count of 10 or below or whatever you amount you set via AdminCP) will not be able to post links in threads/posts/pms/etc... So this mod will block users who register manually from spamming their links. It will, however, not block said users from posting links on their profile ARG - profile spam is a sneaky bit of madness...

HTH ;)

J.

It doesnt stop them because they have scripting that is bypassing the entire register process - least thats my best guess.

Vbulletin should have a fix for this - its getting really bad on one of my forums too the last few months. I have installed a few mods and it really slows them down, but a few still manage to get through. Its very annoying.

I use NO SPAM linked above in addition to this > Stop the Registration Bots and it sends me an email every time it denies a registration - a good deal of these dang bots complete the form in 0 seconds - no way they are even looking at it - they are pretty much inserting straight to the db some how.

Another mod I suggest is the SM Limit Editing Signature Before X Posts - this prevents anyone from having access to the signature until they have X number of post. Least when they do get through they wont be able to do anything with the account!

The ones that get through will be human!, they cant "inject in to the database" as that would imply a huge security flaw.

I agree it is annoying but you'll not stop paid human spammers. There are some scripts that read q&a and keep trying known words like "What colour is the sky?" they'll recognise that phrase and the script will roll through colours, you'd have to make the q&a more complicated and require email confirmation too, that will cut many of your spammers, then use something like "bad behaviour" or "stop forum spam".

Lastly have new registrations go in to moderation and access to only one welcome forum for posting, now you've narrowed it down to one forum which makes it easier to clean-up anad you or staff can vet each and every new member - hey presto no spam!

It all boils down to how much trouble you want to go to in order to stop them.

Lol no. That's impossible.


They get past Q&A either because a human is registering or has submitted the answer to the automated registration, or because the spambot is able to answer your question since it's simple enough.

LOL, right a real human fills in the entire form and answers my question plus fills out captcha and then clicks submit when the submit button is disabled because its on a timer.... LMAO! Many of these bots submit the form in 0 seconds and are denied registration - that mod keeps 90% of them out, but other bots are getting through and some are even bypassing the admin approval and showing up as members immediately.

These are NOT human spammers!

vBulletin has issues, period!

Well, there are many vb installations but not many people complaining about that problem, so that would seem to point to a non-vb issue. If it's true that new users are really showing up without going through registration then it's more likely there's a security problem elsewhere.


I'm assuming you've checked that they really are new users? I've seen users register then not post for quite a while.

Yes, the forum is running the outdated version 3.6.9, but I'm not in a position to pay the upgrade hijack fee.

I don't know much about the licensing terms, but if you own a vb3 license doesn't that allow you to download the latest vb3 version?

That's self-defeating. One of those requests was a spammer who in turn circulated the correct answer supplied by you to his cohorts.

No it does not. The VB3 license "expired" after a certain time, and if you did not pay the upgrade fee you are stuck with the latest 3.x version released on the day of expiration.

VB had a $50 upgrade promotion to upgrade all 3.x users to the latest 3.x version but as announced it was a limited time thing, they stopped it after a few months.

Today the only way to upgrade to 3.8,7 is to buy a 4.x forum license.

Also while your 3.6 forum MAY be being exploited (vb.org is 3.6) the vast majority of people who have spammers getting through the spam question is because of human spammers. They are paid minimal wages but all they need to do is sign up for forums all day and enter that data into a spam database that bots come in and post with later.

My mistake - thanks for clearing that up.

I'm sorry that you think vBulletin 3.6.9 has an exploit that allows spambots to bypass the registration problem and become a part of your member base in doing so.

But in reality, what's happening is you either have a simple question spambots have no problem getting answered or humans paid to spam in some sweatshop doing so.

Increase the difficulty of your Q&A or employ some other anti-spam protection.

yeap... vBulletin has issues... and it looks like yours are way bigger and you can't face them so you put the fault on someone else... very funny. kid

the guys who registers and overpass the securities are paid kids who registers as humain, and post spam... there are more and more on the market, and it's not related to vBulletin.. go to http://community.invisionpower.com/ and you will see the same pattern... http://phpbb.com is the same.

bots are one thing... spammers are another topic.

and oh, yeah, i remember... bored members start spamming their boring forums as well...

I still dont know why the question and answer system doesn't stop spam registrations. Im getting 50 per day and they cant be getting the question right. I have the question as a statement to send me an email via the contact us form at the bottom of the page and tell me how you found the board. I never get any emails and I still get 50 spam registrations per day even though they are not answering the question. Im running 3.8.7.

Have you tried changing the answer and seeing if that makes any difference? Have you looked at your web server logs to see if it looks like they are actually accessing register.php?

Do you regularly change the answer? If one human got it they probably posted the answer to a spam database somewhere.

Changing the answer wont help. The "answer" is a random phrase that cant be guessed. I had registration off and within a minute of turning it back on I had spam registrations. Without the correct phrase that they would get by email my the registration shouldnt even process. But it does. Thats why im just going to change the registration closed phrase so they have to contact me if they want to join. The current system is a joke.

I was thinking that someone might have shared your answer with other spammers , and you could test that if you change it and registrations stop.

So you disabled registrations and they actually stop? Then they are going through the normal process. If you know even a little php you could make the registration script log the info its receiving and you could check to see if the answer is being provided or not. Again, not many sites are having your problem so there has to be some answer

I don't understand...

You make a Q&A and get spambots signing up... You disable registrations... They stop. How exactly is it vBulletin's fault that your Q&A is so simple that spambots can sign up no problem?

Use reCAPTCHA or something. Stop blaming others for your own faults.

Q&A works far better than ReCaptcha, and he already said the answer is impossible without emailing him.

The weak link in the chain is only 1 human spammer needs to email him and get the answer 1 time- then they can re-use the same answer forever if it is never changed making it worthless.

Paranoia at its finest. Seen it many times.
I went to your site, you have all forums closed from public view & what people to click the contact me button and send you the user name they are going to use as well as an email address to have you create an account for them... good luck with that....I can't see the contact me button get pushed that often regarding registration. Just my 2 cents.
Sheltering your site will close your site.

What I am seeing in the thread is a pointing game & you are not willing to listen to anything the previous posters have written and want to blame vbulletin.... I would suggest to you to submit a ticket on vbulletin.com if you really think this is the issue....I can't see the ticket going very far.
Appreciate what the members here are advising you to do, they speak from experience.
We have all been there.

I get little( 1 a month) to no spammers at all on any vb site I have or any that I may manage. The tools and advise are here for you to use, free of charge.....

Good Luck to you.

I've had my site now for a little over 3.5 years and i have a total of 108 spammers, they were all human as i use Q&A, my questions change every 6 months, i use vb3.8.7 (always upgraded but will never upgrade to the beta they call vb4), i do have bad behaviour installed and vbstop forum spam, but both are just set in logging mode they do nothing to the user, so i guess with that plain old Q&A that vb supplied i've had on average 30 human spammers a year, not bad eh?

I know you dont want to believe it but one of your signed up members is either a spammer or given the secret answer to a spammer, if you dont want to use Q&A why not install a picture Q&A, you know how it goes "click on the cat" and you have to click the correct pic, if you right click the pic and check the properties they're named something like 1zY5xoo234.jpg so no clues for the automated bot, only humans can get past that.

At the end of the day you will NEVER stop human spammers, thats the joys of being a forum owner.

So how exactly does that make it better than ReCaptcha?

From feedback from webmasters and my own use it for well over a year now it has been apparent ReCaptcha has been exploited in some way-

https://www.vbulletin.com/forum/show...-to-Combat-It?

My theory is the bots are copying the image and displaying it on file-sharing websites where thousands of people eagerly type in the answers every minute of the day.

That's one guess.

I've also seen a video showing that the vast majority of the time you really only need to type in the "easy" half of ReCaptcha for it to go through- in which case basic OCR can be enough, when coupled with multiple tries..

Ok let me try to make this more clear for those of you that dont seem to understand and think its my fault. I had the question and answer system in place and all was fine. All of a sudden spam registrations went through the roof. So I changed my questions. That did not help. So I figured they were human spammer answering the questions. So I changed the "answer" to the question to something that cant be guessed. There is no "answer". You have to email me personally from the contact uslink at the bottom of the main page and ask for the answer. Registrations were still going through even though I hadnt been contacted by anyone for the pass phrase that is necessary to complete registration. At least I thought it would be necessary to complete registration. And just so none of you say I gave out the answer one time and forgot I just changed the answer just now. Its a nonsense phrase that could never be guessed. I changed the answer and turned registration back on at 3:19 EST. Im going to the store and im betting when I get back I will have new spam registrations that should be impossible.

OK its now 6:39 and I just got home. I have 3 new registrations. Now tell me how can I have 3 new registrations when I have a question and answer system in place and the "answer" is not know to anyone. I havent given it to anyone, I just got home. So whats wrong with the question and answer system???

_________________________________

There is a new user, guccibags at HO.net

To view their profile, go here:

http://www.hangin-out.net/member.php?u=1041

Email Address : arnobeck369@gmail.com

_______________________

There is a new user, charleslsq at HO.net

To view their profile, go here:

http://www.hangin-out.net/member.php?u=1040

Email Address : ertfdgrkuuuu@gmail.com


____________________

There is a new user, Zonia LemmeDDFC at HO.net

To view their profile, go here:

http://www.hangin-out.net/member.php?u=1042

The good old days when the spammers were stopped with a simple captcha or a q&a challenge are over. Spammers have become more sophisticated not to mention the human spammers who will bypass any kind of restrictions. As mentioned above, there is no way of stopping them.

I just registered on your site and there was no question. You did actually try it yourself didn't you?

ETA: BTW, sorry for any inconvenience - you can delete the user I created.

You seem to only have one question, did you fill in the regex part of the question instead of adding answers?

Do you understand how the Q&A system works?

You're supposed to have 5-100 questions, with at least one valid answer.

Each time a user tries to register they get 1 of those questions randomly.

If you have one question, and one answer. Once someone FINDS the answer, or if your Question is bad because you don't have a valid answer or you have an invalid regex setting, you have NO SECURITY AT ALL.

I use Q&A and timers. If the registration is under 5 seconds, then I ban the user and ip.

The best protection is Q&A and have at least 10 questions.

Well the Q&A seems to be enabled now.

spammers are registering users without the Question and Answer option.

They are registering users directly in the database.

This is a issue that vbulletin knows already.

They need to release a fix to stop this issue.

We are using this version: vBulletin 3.8.7 Patch Level 3

Hogwash.
Spammers don't have direct access to your database.

Never seen this happen. If someone is directly accessing your database you've been hacked.

Install this simple fix and end all autospam registrations altogether:

Bot Blocker

I haven't had a successful spambot register since install, it has stopped over 5,000 and counting.

I heard that the latest version of a popular auto-spamming software gets around the Q&A by something called "averaging" but I don't understand it. I don't use any of the native vBulletin human verification options anymore, the hack I linked you to above makes them all superfluous.

So, once the people who make bots figure out they need to add a delay, then your defenses are broken. You shouldn't rely on any one single system.

Of course you're right about the bolded. As for the other? The whole point of bots is SPEED. It'll never happen. Plus, there's not a "got'cha" message telling them how or why the registration attempt failed.

I guess I am one of the lucky ones that doesn't get spammers on my site. I only use reCaptcha and I have not had any spam on my forums in over 5 months.

I do however have a long list of IP ranges that I have looked at and verified as possible spammer's IPs. I can share that list which is added in your htaccess file to deny anyone from that range of known IP ranges access to your site.

You have to be careful though that you are not deny access to good people who are not spammers by adding a range of IPs instead of just the one IP. In my case I know who will be visiting my site and from what country.

The countries that are know for spammers are places like russia, hungary, poland, austria, czech republic and other small countries in that area. Since I know I will rarely get actual members from those areas/countries I have blocked most of those IP ranges.

I have used reCaptcha for a long time and never have had problems with it. I used it on my wordpress and joomla sites as well and it has worked out great.

Like Zachery said on his post, "You shouldn't rely on any one single system", I use reCaptcha and of course IP bans as well.

Here is the advice I give out when people contact support about too much spam-

The Captcha and the Q&A annoy humans. Plus, the "designer" spam bot programs are now defeating those. That's why I have tried to get away from using them.

I use the "Ban Spiders by User Agent" to exclude MSIE 0-7, this takes out ALOT of bots. It's one of the handiest Mods ever. In addition, I use the Mod I linked above, because it emails me with details on the bots, so I can send them to Project Honey Pot, thus helping others stop spam.

I have NO Moderator staff, don't need any. Eliminate the bots, eliminate most all spam and also, most all need for moderators.