Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions

Reply
 
Thread Tools Display Modes
  #21  
Old 04-11-2011, 03:13 PM
CarlitoBrigante's Avatar
CarlitoBrigante CarlitoBrigante is offline
 
Join Date: Nov 2002
Location: Iceland
Posts: 182
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Usage of automated bots to bypass most of captchas was the norm; in these days, you can see real people being used to pass through anti-spam protection, especially in forums or in blogging environments where there is a high ROI for spam. I have seen an increase of this type of spam especially in forums around Forex, or forums that in general provided services that had immediate value outside of the forums, like classifieds.

These posters behave like normal members for the first 10-15 posts; at that point, they switch to spammer mode, sometimes in subtle ways. Any form of captcha is entirely useless in these cases; solutions like the one above or even Akismet and centralized spammers IPs databases in general are necessary.
Reply With Quote
  #22  
Old 04-11-2011, 03:44 PM
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
Location: Netherlands
Posts: 3,537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by vitrag24 View Post
You have a point.

So what to do that? Content scrappers? Link?
Bad behavior stops spam bots, scraper bots and malicious bots from accessing your site. Its available for vb3 and vb4.
Spam-o-matic works well on top of that.
Reply With Quote
  #23  
Old 04-11-2011, 05:40 PM
KeyCAPTCHA's Avatar
KeyCAPTCHA KeyCAPTCHA is offline
 
Join Date: Nov 2010
Posts: 242
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by CarlitoBrigante View Post
Usage of automated bots to bypass most of captchas was the norm;
How long was it the norm?
Quote:
Originally Posted by CarlitoBrigante View Post
in these days, you can see real people being used to pass through anti-spam protection, especially in forums or in blogging environments where there is a high ROI for spam. I have seen an increase of this type of spam especially in forums around Forex, or forums that in general provided services that had immediate value outside of the forums, like classifieds.

These posters behave like normal members for the first 10-15 posts; at that point, they switch to spammer mode, sometimes in subtle ways. Any form of captcha is entirely useless in these cases; solutions like the one above or even Akismet and centralized spammers IPs databases in general are necessary.
The statistics proves that if one stops bots then the spam also disappears

There are not and never were bots without human spammers behind them, otherwise they are called by viruses but not bots.
And there are no "pure" spammers without bots. Their productivity is so low and, resp., prices so high that they are economically senseless

Stop bots, and this is technically possible, then jump to conclusions

BTW, your home site http://magneticat.com/ blocks humans from even reading it giving, for example, to me:
Quote:
Forbidden
You do not have permission to access this document.
And I am on black IP of a large ISP, meaning that just on this one you blocking dozens thousand of legitimate users.
Or the whole countries?
Cheers!
Reply With Quote
  #24  
Old 04-11-2011, 06:44 PM
CarlitoBrigante's Avatar
CarlitoBrigante CarlitoBrigante is offline
 
Join Date: Nov 2002
Location: Iceland
Posts: 182
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ah, I know trolls with vested interests like you, no problem. You will go a long road selling out your services with this attitude. Nobody implied that there is not a human behind the spam; I implied that there was not a human physically going through the captcha process. What does "called by viruses" mean?

While you like to talk, my experience comes from about 200 forums we worked with during the years, some of them being the biggest vBulletin forums around; websites with 500,000 visitors per month were plagued by spammers even though they used the most advanced captcha systems at the time. A simple usergroup technique like the one above solved their problems. We have no "theory" or "statistic": we saw this happening starting 1-2 years ago. Why or how or the commercial implications I do not care: that is not my job. I see facts, I act on them.

Thankfully, a usergroup technique like the one above is free, unlike your extended service: your captcha, by the way, must be one of the most frustrating systems I have seen in a long time (why on earth are some pieces placed below other pieces, thus being invisible to the user?).

Anybody interested in security and in anti-spam measures instead of just advertising their services would never spend time to criticize the methods I outlined: they are added layers of protection.

On a note, your russian IP is being blocked because it is on a well-known spambot list: amazing, isn't it? If I were a company specialized on anti-spambot measures, I'd at least make sure to have a clean dedicated IP. And no, we do not ban whole IP ranges. The tool we use to protect against spam is a well-known commercial hardened kernel/anti-spam package which loads data about single IPs from some of the best spambot list databases.

Quote:
Originally Posted by KeyCAPTCHA View Post
How long was it the norm?


The statistics proves that if one stops bots then the spam also disappears

There are not and never were bots without human spammers behind them, otherwise they are called by viruses but not bots.
And there are no "pure" spammers without bots. Their productivity is so low and, resp., prices so high that they are economically senseless

Stop bots, and this is technically possible, then jump to conclusions

BTW, your home site http://magneticat.com/ blocks humans from even reading it giving, for example, to me:


And I am on black IP of a large ISP, meaning that just on this one you blocking dozens thousand of legitimate users.
Or the whole countries?
Cheers!
--------------- Added [DATE]1302551561[/DATE] at [TIME]1302551561[/TIME] ---------------

One more note to the poster: I believe it is better to have strong anti-spam measures that do not punish the good users like Akismet, centralized databases of spammers' IPs, and usergroup promotion schemes like the one I have outlined. The great thing is that these methods are FREE for everybody. Commercial websites need different licenses with Akismet, but it is well worth it.

Captcha systems are just a first barrier, good when not too frustrating for the user; security must be multi-layered. And I will certainly not recommend vBulletin owners I work with captcha systems that are backed by companies that like using trolling as an advertising scheme.
Reply With Quote
  #25  
Old 04-11-2011, 07:13 PM
KeyCAPTCHA's Avatar
KeyCAPTCHA KeyCAPTCHA is offline
 
Join Date: Nov 2010
Posts: 242
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by CarlitoBrigante View Post
my experience comes from about 200 forums
And mine comes from over 10,000+ protected websites

Quote:
Originally Posted by CarlitoBrigante View Post
On a note, your russian IP is being blocked because it is on a well-known spambot list: amazing, isn't it? If I were a company specialized on anti-spambot measures,
If I am, then I simply have to know how ordinary user/IP from commonly used ISPs is affected by various spamming and antispamming techniques


Quote:
Originally Posted by CarlitoBrigante View Post
One more note to the poster: I believe it is better to have strong anti-spam measures that do not punish the good users like Akismet
Akismet:
  • routinely being (anti-)helpfully used by blackhat SEO to dump competitors,
  • that is inherently retroactive, i.e. doomed to always lag behind the newly invented spamming techniques and approaches,
  • dumping legit users web resource owners never see
  • is illegal for use in Germany and other EU countries,
  • etc.
Reply With Quote
  #26  
Old 04-11-2011, 08:05 PM
CarlitoBrigante's Avatar
CarlitoBrigante CarlitoBrigante is offline
 
Join Date: Nov 2002
Location: Iceland
Posts: 182
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

"Anybody interested in security and in anti-spam measures instead of just advertising their services would never spend time to criticize the methods I outlined: they are added layers of protection."
Reply With Quote
  #27  
Old 12-20-2012, 04:34 PM
thenags thenags is offline
 
Join Date: May 2008
Posts: 18
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I've tried the Q&A verification with about 6 different pretty good questions. No answers given away in the question, no simple math problems, etc... spam kept flying in.

I've been testing out Glowhosts Spam-O-Matic all day and it's catching quite a bit of spam but it's also letting in about 2 spambots for every 8 it blocks.

I've now temporarily disabled Spam-O-Matic and I'm testing out KeyCaptcha to see if that can get 'em. Hopefully this works.

I really wish we had the option of enabling 2 Human Verification options. I'd love to have KeyCaptcha on as well as a Q&A.
Reply With Quote
  #28  
Old 12-20-2012, 05:03 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by thenags View Post
I've tried the Q&A verification with about 6 different pretty good questions. No answers given away in the question, no simple math problems, etc... spam kept flying it.

I've been testing out Glowhosts Spam-O-Matic all day and it's catching quite a bit of spam but it's also letting in about 2 spambots for every 8 it blocks.

I've not temporarily Spam-O-Matic and I'm testing out KeyCaptcha to see if that can get 'em. Hopefully this works.

I really wish we had the option of enabling 2 Human Verification options. I'd love to have KeyCaptcha on as well as a Q&A.
Try this Mod of the Month:

https://vborg.vbsupport.ru/showthread.php?t=289463
Reply With Quote
  #29  
Old 12-20-2012, 05:55 PM
thenags thenags is offline
 
Join Date: May 2008
Posts: 18
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Max Taxable View Post
I'll keep that in mind if KeyCaptcha doesn't work. I've only had it installed for about 2hrs so far but so far I've had no spambots join. It was so bad earlier that I was getting several an hour.
Reply With Quote
  #30  
Old 12-20-2012, 07:55 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by thenags View Post
I'll keep that in mind if KeyCaptcha doesn't work. I've only had it installed for about 2hrs so far but so far I've had no spambots join. It was so bad earlier that I was getting several an hour.
There's no conflict, it's a turnkey installation, and you'll be amazed the number of bots it stops and reports.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:03 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04362 seconds
  • Memory Usage 2,289KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (11)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete