Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions

Reply
 
Thread Tools Display Modes
  #11  
Old 08-28-2012, 11:30 AM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Why wouldn't this one work for you https://vborg.vbsupport.ru/showthread.php?t=132482 ? as far as i can see there are images involved?
Reply With Quote
  #12  
Old 08-30-2012, 02:48 PM
a9713030 a9713030 is offline
 
Join Date: Jun 2009
Posts: 25
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Simon Lloyd View Post
Why wouldn't this one work for you https://vborg.vbsupport.ru/showthread.php?t=132482 ? as far as i can see there are images involved?
it is only for new user register, not for member login, have you installed it?
so i still need a help .
Reply With Quote
  #13  
Old 08-30-2012, 03:11 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by a9713030 View Post
it is only for new user register, not for member login, have you installed it?
so i still need a help .
It makes NO sense to want captcha when dealing with HUMANS. Do you get that? HUMANS CAN SEE THE IMAGES. It will do you NO good. They will simply pass the captcha and continue the brute force attack, if it is HUMANS doing it.

What you need to do is ban their user agent. Here's the mod for that:

Ban Spiders by User Agent

This isn't just for spiders, it's for everything, and I suspect the attacker you have will have something special in his user agent that you can exclude and it won't matter what the IP is.
Reply With Quote
  #14  
Old 09-01-2012, 01:54 AM
Uberguilds Uberguilds is offline
 
Join Date: Jun 2006
Posts: 50
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I feel bad for the OP.

"What about captcha on signup?"
-"How about captcha on login?"
"What about captcha on signup?"
-"How about captcha on login?"
"What about captcha on signup?"
-"How about captcha on login?"

Anyway, I'm pretty sure you can set user agents in Xrumer, which is used for attacking forums.
Reply With Quote
  #15  
Old 09-01-2012, 02:07 AM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Uberguilds View Post
I feel bad for the OP.

"What about captcha on signup?"
-"How about captcha on login?"
"What about captcha on signup?"
-"How about captcha on login?"
"What about captcha on signup?"
-"How about captcha on login?"
Except, I didn't give him that. I gave him the actual solution.
Reply With Quote
Благодарность от:
Simon Lloyd
  #16  
Old 09-01-2012, 03:37 AM
a9713030 a9713030 is offline
 
Join Date: Jun 2009
Posts: 25
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

they bruteforce with tools, not by human,
i think Max Taxable have not know what i mean,
they can use 100 proxies, then bruteforce password, if we have imagine verification, most tools can not work
Reply With Quote
  #17  
Old 09-01-2012, 12:39 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by a9713030 View Post
they bruteforce with tools, not by human,
i think Max Taxable have not know what i mean,
they can use 100 proxies, then bruteforce password, if we have imagine verification, most tools can not work
Proxies don't matter if you find something in their user agent you can exclude.

Seriously.

Know how to determine their user agent? The tool they're using will likely be part of it, there will be other unique items in it you can exclude.

You have your heart set on a captcha where none exists in vBulletin, unaware that alot of these botnet programs actually defeat captchas. Image verification isn't a magic bullet.

Find out a common item in the user agent of this attacker, and exclude it using the Mod I linked you to, end of problem.

You act like other people haven't seen this before.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:29 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04260 seconds
  • Memory Usage 2,224KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (7)post_thanks_box
  • (1)post_thanks_box_bit
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete