Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 11-10-2017, 11:39 AM
tpearl5's Avatar
tpearl5 tpearl5 is offline
 
Join Date: Nov 2001
Location: PA
Posts: 1,014
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Stopping this type of spam

Alright, this new type of spam is driving me insane. It's always a similar format - mostly Indian "Love Potion" or Chinese - from seemingly random IP addresses. I've repeatedly banned certain IP ranges. No doubt its a bot, but there's at least some human involvement too.

Things I have installed:
  • Spam-O-Matic (registered with stopforumspam)
  • Bad Behavior
  • Latest re-Captcha (new users use it with every post)
  • The site is behind (paid) Cloudflare
  • vB v4.2.3

Any ideas on how to stop this for good?
Attached Images
File Type: png cpf_spam.PNG (122.0 KB, 0 views)
Reply With Quote
  #2  
Old 11-10-2017, 02:05 PM
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Location: Inside A Blade Server
Posts: 840
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Try using the Question And Answer option on registrations.

Ask several questions that only legitimate humans knowledgeable about your specific forum topic can answer and do not ask "yes" or "no" questions or anything that is a 50/50 answer like "true" or "false."

Spam-O-Matic is incredibly outdated and doesn't actually stop spam any longer so far as I can tell. Do you have the Stop Forum Spam set up to check IP addresses and e-mail addresses? You could set it to check user names but that gives false positives.
Reply With Quote
  #3  
Old 11-10-2017, 02:39 PM
tpearl5's Avatar
tpearl5 tpearl5 is offline
 
Join Date: Nov 2001
Location: PA
Posts: 1,014
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by In Omnibus View Post
Try using the Question And Answer option on registrations.

Ask several questions that only legitimate humans knowledgeable about your specific forum topic can answer and do not ask "yes" or "no" questions or anything that is a 50/50 answer like "true" or "false."

Spam-O-Matic is incredibly outdated and doesn't actually stop spam any longer so far as I can tell. Do you have the Stop Forum Spam set up to check IP addresses and e-mail addresses? You could set it to check user names but that gives false positives.
Thanks for the feedback!

I do have Stop Forum Spam connected, but I think one of the issues is that vb4 does not handle ipv6 addresses correctly, so anyone using ipv6 isn't checked at all.
Reply With Quote
  #4  
Old 11-10-2017, 02:54 PM
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Location: Inside A Blade Server
Posts: 840
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by tpearl5 View Post
Thanks for the feedback!

I do have Stop Forum Spam connected, but I think one of the issues is that vb4 does not handle ipv6 addresses correctly, so anyone using ipv6 isn't checked at all.
Correct.

http://tracker.vbulletin.com/browse/VBV-3824
Reply With Quote
  #5  
Old 11-12-2017, 09:49 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Do these new accounts (bots) have anything in common i.e. do they consistently enter in silly info into otherwise legitimate profile fields? i.e. do they happen to enter in "Man" or "Woman" in the biography field where anyone with common sense would know it should be a brief description of themself? If so see my info in this article to see if it can help you develop a custom solution .
Reply With Quote
  #6  
Old 11-12-2017, 10:03 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by TheLastSuperman View Post
Do these new accounts (bots) have anything in common i.e. do they consistently enter in silly info into otherwise legitimate profile fields? i.e. do they happen to enter in "Man" or "Woman" in the biography field where anyone with common sense would know it should be a brief description of themself? If so see my info in this article to see if it can help you develop a custom solution .
Multiple dots used in the email addresses, etc. In fact there used to be a Mod for that one if I recall correctly.
Reply With Quote
2 благодарности(ей) от:
ELROBLE, TheLastSuperman
  #7  
Old 11-12-2017, 10:11 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Max Taxable View Post
Multiple dots used in the email addresses, etc. In fact there used to be a Mod for that one if I recall correctly.
I don't recall that mod but if you stumble across it again let us know, sounds promising but I'm worried someone legitimate like john.doe@gmail.com might be flagged? I personally do not know of nor have ever dealt with a client who had an extra dot in their email but that does not mean some don't do it either.
Reply With Quote
Благодарность от:
ELROBLE
  #8  
Old 11-12-2017, 10:52 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by TheLastSuperman View Post
I don't recall that mod but if you stumble across it again let us know, sounds promising but I'm worried someone legitimate like john.doe@gmail.com might be flagged? I personally do not know of nor have ever dealt with a client who had an extra dot in their email but that does not mean some don't do it either.
No, the example you just gave would not be flagged. The settings started with 2 dots on either/or side of the ampersand, and could be set to 2,3,4 or however you wanted it. So that stuff like this:

john.j.doe.de@gmail.com

Wouldn't pass muster if your limit was set at 2..
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:37 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04372 seconds
  • Memory Usage 2,263KB
  • Queries Executed 14 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (3)post_thanks_box_bit
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (1)postbit_attachment
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete