vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Stopping this type of spam (https://vborg.vbsupport.ru/showthread.php?t=325759)

tpearl5 11-10-2017 11:39 AM
Stopping this type of spam
 
1 Attachment(s)
Alright, this new type of spam is driving me insane. It's always a similar format - mostly Indian "Love Potion" or Chinese - from seemingly random IP addresses. I've repeatedly banned certain IP ranges. No doubt its a bot, but there's at least some human involvement too.

Things I have installed:
  • Spam-O-Matic (registered with stopforumspam)
  • Bad Behavior
  • Latest re-Captcha (new users use it with every post)
  • The site is behind (paid) Cloudflare
  • vB v4.2.3

Any ideas on how to stop this for good?

In Omnibus 11-10-2017 02:05 PM
Try using the Question And Answer option on registrations.

Ask several questions that only legitimate humans knowledgeable about your specific forum topic can answer and do not ask "yes" or "no" questions or anything that is a 50/50 answer like "true" or "false."

Spam-O-Matic is incredibly outdated and doesn't actually stop spam any longer so far as I can tell. Do you have the Stop Forum Spam set up to check IP addresses and e-mail addresses? You could set it to check user names but that gives false positives.

tpearl5 11-10-2017 02:39 PM
Quote:
Originally Posted by In Omnibus (Post 2591031)
Try using the Question And Answer option on registrations.

Ask several questions that only legitimate humans knowledgeable about your specific forum topic can answer and do not ask "yes" or "no" questions or anything that is a 50/50 answer like "true" or "false."

Spam-O-Matic is incredibly outdated and doesn't actually stop spam any longer so far as I can tell. Do you have the Stop Forum Spam set up to check IP addresses and e-mail addresses? You could set it to check user names but that gives false positives.
Thanks for the feedback!

I do have Stop Forum Spam connected, but I think one of the issues is that vb4 does not handle ipv6 addresses correctly, so anyone using ipv6 isn't checked at all.

In Omnibus 11-10-2017 02:54 PM
Quote:
Originally Posted by tpearl5 (Post 2591032)
Thanks for the feedback!

I do have Stop Forum Spam connected, but I think one of the issues is that vb4 does not handle ipv6 addresses correctly, so anyone using ipv6 isn't checked at all.
Correct.

http://tracker.vbulletin.com/browse/VBV-3824

TheLastSuperman 11-12-2017 09:49 PM
Do these new accounts (bots) have anything in common i.e. do they consistently enter in silly info into otherwise legitimate profile fields? i.e. do they happen to enter in "Man" or "Woman" in the biography field where anyone with common sense would know it should be a brief description of themself? If so see my info in this article to see if it can help you develop a custom solution ;).

Max Taxable 11-12-2017 10:03 PM
Quote:
Originally Posted by TheLastSuperman (Post 2591062)
Do these new accounts (bots) have anything in common i.e. do they consistently enter in silly info into otherwise legitimate profile fields? i.e. do they happen to enter in "Man" or "Woman" in the biography field where anyone with common sense would know it should be a brief description of themself? If so see my info in this article to see if it can help you develop a custom solution ;).
Multiple dots used in the email addresses, etc. In fact there used to be a Mod for that one if I recall correctly.

TheLastSuperman 11-12-2017 10:11 PM
Quote:
Originally Posted by Max Taxable (Post 2591063)
Multiple dots used in the email addresses, etc. In fact there used to be a Mod for that one if I recall correctly.
I don't recall that mod but if you stumble across it again let us know, sounds promising but I'm worried someone legitimate like john.doe@gmail.com might be flagged? I personally do not know of nor have ever dealt with a client who had an extra dot in their email but that does not mean some don't do it either.

Max Taxable 11-12-2017 10:52 PM
Quote:
Originally Posted by TheLastSuperman (Post 2591064)
I don't recall that mod but if you stumble across it again let us know, sounds promising but I'm worried someone legitimate like john.doe@gmail.com might be flagged? I personally do not know of nor have ever dealt with a client who had an extra dot in their email but that does not mean some don't do it either.
No, the example you just gave would not be flagged. The settings started with 2 dots on either/or side of the ampersand, and could be set to 2,3,4 or however you wanted it. So that stuff like this:

john.j.doe.de@gmail.com

Wouldn't pass muster if your limit was set at 2..


All times are GMT. The time now is 10:57 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01700 seconds
  • Memory Usage 1,729KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (8)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete