Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Reload this Page Spam out of control: Q&A ineffective
FAQ Community Calendar Today's Posts Search

Reply
Page 1 of 4 1 23 Last »
 
Thread Tools Display Modes
  #1  
Old 06-12-2011, 01:41 PM
Panzer Max's Avatar
Panzer Max Panzer Max is offline
 
Join Date: May 2006
Posts: 196
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Spam out of control: Q&A ineffective
You would think security Q & A would slow it down, but with the vB Q&A and a NoSpam! Q&A together, we still get 12~15 spammers a day who make it through the reg process. That's with StopForumSpam too.

If bots cannot solve Q&A, then there are people out there daily registering? Is that likely?

The vB Q&A goes something like this: What does a ship sail on? With the answers being waves, ocean, sea.

The NoSpam! question is more difficult:
Quote:
To stop annoying spammers, we have to ask you a question. Yes, it's a pain, but if you want a forum free of Viagra and single-men adverts, help us out. Google is your friend. Please type in the name of the submarine commanded by Capt. George Street:

Come on, no one can answer that question without spending 30 seconds googling, you mean to tell me there are Philippinos in a warehouse somewhere actually going to that much effort to spam our forums?

Any suggestions would be greatly appreciated.
Reply With Quote
  #2  
Old 06-12-2011, 03:41 PM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Have you tried registering at your own forum and seeing if you can either just click through any of the questions or enter rubbish and still get through?
Reply With Quote
  #3  
Old 06-13-2011, 12:15 AM
Disasterpiece's Avatar
Disasterpiece Disasterpiece is offline
 
Join Date: Apr 2007
Location: GER
Posts: 765
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
also make sure the solution is not mentioned within the page or the question, like our last question/answer was:

Which color does a red firetruck have?

Apparently, some bots were intelligent enough to try words which are bold and/or other words from the page. So we changed it to something not as obvious but still doable by humans and had no bot registration since, with 10+ registrations from bots with the old Q/A
Reply With Quote
  #4  
Old 06-13-2011, 02:25 AM
vijayninel's Avatar
vijayninel vijayninel is offline
 
Join Date: Mar 2009
Posts: 537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Panzer Max View Post
If bots cannot solve Q&A, then there are people out there daily registering? Is that likely?
That is exactly what is happening. People underestimate the number of human spammers out there.

You know that persistent mobile phone spammers here on vb.org ... they are all human spammers.
Reply With Quote
  #5  
Old 06-13-2011, 04:55 AM
Andy Andy is offline
 
Join Date: Sep 2003
Location: San Francisco
Posts: 138
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Here is what I do.

https://www.vbulletin.com/forum/show...-on-your-forum
Reply With Quote
  #6  
Old 06-13-2011, 02:21 PM
Panzer Max's Avatar
Panzer Max Panzer Max is offline
 
Join Date: May 2006
Posts: 196
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Simon Lloyd View Post
Have you tried registering at your own forum and seeing if you can either just click through any of the questions or enter rubbish and still get through?
Of course, and it does not allow registration when trying rubbish or variations of the proper answer (ex: "Tiranta" instead of "Tirante"). Good suggestion, though.

Quote:
Originally Posted by vijayninel View Post
That is exactly what is happening. People underestimate the number of human spammers out there.

You know that persistent mobile phone spammers here on vb.org ... they are all human spammers.
Yeah, it must be human, or there's something really wrong with the Q&A sceme. I worry that, because the answer of the Q&A is in the vB options, there's some way that a bot can find the answer and supply it to the Q&A. Has anyone checked that? Like I said, wow, it's hard to believe humans are googling an obscure WWII submarine question to sign up to the forum, when they are deleted within 2 hours every day.



Quote:
Originally Posted by Andy View Post
Hey Andy, yeah, your post is famous, it's where I began my anti-spam crusade. I used to use the Q&A ideas from it, but I have made it harder, as you can see in my original post. I have created a Custom profile field, I will make it "required during registration", very good idea, thanks.
Reply With Quote
  #7  
Old 06-13-2011, 02:35 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Panzer Max View Post
... Yeah, it must be human, or there's something really wrong with the Q&A sceme. I worry that, because the answer of the Q&A is in the vB options, there's some way that a bot can find the answer and supply it to the Q&A. Has anyone checked that? ....
I was wondering the same thing one day. We get maybe 5-10 spammer registrations a day and I was wondering if they were human. I wrote some code to log questions shown and answers guessed. I only ran it for 1 day, but I found that there were a lot of "aborted" registrations, i.e. started to register but never offered any answer to the question, so I guess that those were bots that couldn't handle q/a. But the ones that did answer didn't do anything like entering a lot of guesses, they normally got it in one (and our questions don't have the answer as part of the question at all). There were also a few wrong answers like you'd expect from a human. In any case, I didn't see any signs of q/a being bypassed or guessed via brute force.

I also wondered about the possiblilty of a human finding the answer and somehow recording it for bots to use, but I find that changing the questions makes no difference to the number of registrations we get, and one time we got a few registartions right after I changed them.
Reply With Quote
  #8  
Old 06-13-2011, 02:59 PM
Panzer Max's Avatar
Panzer Max Panzer Max is offline
 
Join Date: May 2006
Posts: 196
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Yeah, I think you're right, there must be a network where a human spammer is assigned to answer the Q&A, and then can set up bots to go from there. I need to add about 200 Q&A, that may help.

I will copy the message I have at vb.com, I am working on a spam tool with Eric, to help admins and moderators detect spam in new members who actually get past the registration but have not made a spam post that members will see and report. Generally, there are a lot of spammers who never post, but have spam in their sigs, or homepages. Eric based it off his new members mod, and I'm sure half of the people here can tweak that to achieve the same results as my Spam Check mod. I would rather reward him for helping me, and when it is finished, let him release it as a new mod (my contribution to the Global War on Spam ).

It's just a variation of the New Members mod, but it lists the user signature (if they have one) and homepage (if they have one) on the member roster, making it super easy to detect spammers with spam sigs or homepages. There is also an option for moderators to "Infract" them into a spammer usergroup, allowing you to Move/Prune them off the db.

I have asked him to add the custom user profile to it, that should be all it takes to easily detect and prune spammers at will.
Attached Images
File Type: jpg screen4.jpg (53.0 KB, 0 views)
Reply With Quote
  #9  
Old 06-13-2011, 04:05 PM
adwade adwade is offline
 
Join Date: Aug 2006
Location: SouthEast, TN
Posts: 323
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Take a look at Zb Block - Stop Spam & 'bots @ Server Not only does it keep a lot of spam bots out of your hair, I was amazed at how much bandwidth we wasted each month on such.

EDIT: Fixed above LINK, extra http:// in there for some reason?
Reply With Quote
  #10  
Old 06-13-2011, 04:31 PM
Panzer Max's Avatar
Panzer Max Panzer Max is offline
 
Join Date: May 2006
Posts: 196
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by adwade View Post
Take a look at Zb Block - Stop Spam & 'bots @ Server Not only does it keep a lot of spam bots out of your hair, I was amazed at how much bandwidth we wasted each month on such.
Internet Explorer cannot display the webpage
Reply With Quote
Reply
Page 1 of 4 1 23 Last »

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 07:58 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06740 seconds
  • Memory Usage 2,286KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (7)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (1)postbit_attachment
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • postbit_attachment
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete