Spambot overload!
 

I'm having a spambot explosion of lates

In the last month i'm getting nearly 1000 spambots register a day on my site. Most don't pass human verification thankfully, But i am getting around 20 a day that get through.

I've got ReCaptha and email verification, as well as a "skill testing questioN" and yet they're getting through, then posting anywhere from 1 to 100 posts in the span of minutes with their nonsense links and gibberish.

I cannot monitor the queue enough to manually approve all users and the site isn't really big enough that it has regular new registrations.

But i need a solution for this. Being higher up in the search rankings is important for the business, But I can't have these issues with spambots.

Is there any solution?

Are you running on vB 3.8.x or 4.x?

This mod is the endemol of all spam bots. Nothing else touches it. Instructions in thread for v4 compatibility. This should be a standard feature of vBulletin.

https://vborg.vbsupport.ru/showthread.php?t=135094

i'm in 4.x if that helps

The Mod I linked is easily adjusted for all versions of vB4. Here's a stat - since I installed that Mod last October, it has caught over 2,000 spam bot registrations and stopped them and has interfered with exactly zero humans.

The Mod generates a email to you each time, detailing what username they tried to register with, what IP it came from, and what email they tried to use. VERY useful information for donating to Project Honey Pot! It's a must-have Mod.

I do pretty much the same thing as that mod at server level and ban the IP in iptables (drop with no reponse) so their computer hangs while their system waits for a response from my server.

Turn about is fair play in my book. :)

The Mod can be set to autoban, but I don't ban IPs, it's not necessary with that Mod. It just stops them, and reports them - also without giving the human botnet operators any clue as to why. It just gives them the standard vBulletin "The administrator has disabled registration" phrase. It lies.

There's one problem with that - no doubt it would be trivial to program a bot to get past it, so if it were a standard feature it would most likely be useless.

FWIW at my site we use question and answer human verification and that Spam-O-Matic thing that looks up info at stopforumspam.com (and submits to it if you want), and between them they stop hundreds a day. We end up getting 5-10 registrations per day and I'm pretty certain those are actual humans. Anyway, I have no idea how it would compare to the one Max Taxable linked to - maybe we'll try that one out some day.

That works :)

But, I don't even want to waste the PHP processing power to give them a reason. They aren't worth a nanosecond of PHP time to me. Let the server itself and firewall handle them and hang their system waiting for a reply from my server until their end times out with an error that the web site can't be found.

To date.. zero spam on my site. (now watch me get hammered)

The whole point of using bots is speed. Therefore the botnet admins never going to adjust bots to make them take their time registering. This is if they ever figure out time is the issue.

I use the Q&A verify as well, but with a twist - the answer is identical to the very LONG question, which is instructions to copy and paste the question into the answer box!

I definitely agree a mufti-tiered system is best. There's no magic bullet - but there's sure some good ones!For many people though, a handy-dandy ready-made xml product file is near the ceiling of their abilities!