To the mods. Is there a way to avoid this? Its annoying after reading half the new posts this morning.

this happened on the toronto paintball forum i used to frequent. the mods put in one of those "enter code to varify your human" type deal uppon making an account, seemed to work but i dont know how hard it is to get a hold of such thing

this happened on the toronto paintball forum i used to frequent. the mods put in one of those "enter code to varify your human" type deal uppon making an account, seemed to work but i dont know how hard it is to get a hold of such thing

we already have that as part of our sign up process.

To the mods. Is there a way to avoid this? Its annoying after reading half the new posts this morning.

sometimes spammers get through...I am not overly concerned at this point. Once or twice a week one will get through and post once or twice. This is the first time in a long time, I can recall a spammer posting that many times.

Thanks Ami. I guess its a price for being a popular forum with lots of members:). Cheers

all the recent spammer attacks, the "attackers" are registering with ICQ info...

who the **** still use ICQ?! let's ban all the ghost **** who register with ICQ...

all the recent spammer attacks, the "attackers" are registering with ICQ info...

who the **** still use ICQ?! let's ban all the ghost **** who register with ICQ...

noticed that as well. Trying to see if that's an option.

I've looked around but didn't find anything specifically related to banning people with ICQ unfortunately.

I've looked around but didn't find anything specifically related to banning people with ICQ unfortunately.

it's not a module, you have to do DB work. I'll send you the query to execute

it's not a module, you have to do DB work. I'll send you the query to execute

Would it be pro-active though ? Banning all users already registered that have ICQ would not help.

Looking at this from a different angle... Isn't it possible they've simply been programmed to answer "No" to fields which immediately follow "Are you a spam bot" ? I doubt a forum-spamming script is sophisticated enough to query-analyse-respond to more advanced questions, which means their current tendency to bypass registration bot-checks is because the question is too commonly used on forums as a checkpoint.

Perhaps the bot-check registration question should be changed to:

"From what country does Mazda originate?"

or

"Mazda headquarters is in what city? (Hint: check wikipedia)"

Might be worth trying to tweak existing simple subroutines before adding new complex ones.

Food for thought.

Looking at this from a different angle... Isn't it possible they've simply been programmed to answer "No" to fields which immediately follow "Are you a spam bot" ? I doubt a forum-spamming script is sophisticated enough to query-analyse-respond to more advanced questions, which means their current tendency to bypass registration bot-checks is because the question is too commonly used on forums as a checkpoint.

Perhaps the bot-check registration question should be changed to:

"From what country does Mazda originate?"

or

"Mazda headquarters is in what city? (Hint: check wikipedia)"

Might be worth trying to tweak existing simple subroutines before adding new complex ones.

Food for thought.

Newer versions of captcha had to be created because they were able to figure out the words in the images.

Captcha: http://upload.wikimedia.org/wikipedia/commons/b/b6/Modern-captcha.jpg (images like this were easily defeated by spam bots 4-6 years ago)

they are quite sophisticated. These people have nothing better to do with their lives than to create shit to annoy the **** out of the rest of us.

We were using three different questions. On the spam bot question , a math question, and one related to colours. We also have email verification enabled.It seems they are bypassing the vbulletin registration system.
I enabled a new spam tool this afternoon, hopefully it works well

they are quite sophisticated. These people have nothing better to do with their lives than to create shit to annoy the **** out of the rest of us.



The Bastards deserve to be tared & feathered!!

The Bastards deserve to be tared & feathered!!

Agreed! lol

Hmmm, good to know about the multiple challenge questions. Those seem to me to still be "canned" questions though, if I'm not mistaken?

I know Captcha systems have been vulnerable for quite some time, but part of the reason for that is because of how ubiquitous they are. More common systems are intrinsically more valuable to defeat (take a look at the number of viruses written for Windows instead of OS X for instance). Programs like xRumer are designed to counteract any common attempts to throw up barriers to spam-bots.

Assuming the method by which they're potentially bypassing registration is closed, and thus it becomes a registration-blocking issue, I would assume photo-based Captchas with arbitrary (i.e. as selected by the admin) content would be more difficult to defeat... Something along the lines of:

- Random photo of Car manufacturer's emblem
- Field 1: Name of manufacturer whose emblem appears above
- Field 2: Country of origin of manufacturer

Something like that shouldn't be too hard to program in PHP (heck, I think I could even do it, given a little free time), and since it'd be more unique than a 'canned' captcha system it should be more robust.

The Bastards deserve to be tared & feathered!!

Part of the blame should go to Google, though.

The reason most of these morons go to such lengths to post spam is to create more hyperlinks leading to their site, thus increasing their search index rating (Search Engine Optimization / SEO).

If Google's system could somehow be made that this was a less attractive/effective way of boosting their website's SEO, they wouldn't bother.

EDIT: Obviously this applies to pretty well all search engines and not just Google; however as they possess the lion's share of the search market they should lead by example and try to proactively discourage nonsense like this.

I personally hate captcha.
Most of the time I can't decipher the txt, and the audio doesn't help either.
( it's an LD, actually multiple. )
A picture system would actually work better for people like me.

I personally hate captcha.
Most of the time I can't decipher the txt, and the audio doesn't help either.
( it's an LD, actually multiple. )
A picture system would actually work better for people like me.

I hate obfuscated-text CAPTCHAs as well, hence the suggestion. :)

I remember reading an article about researchers who had gotten a CAPTCHA-defeating algorithm (for even the most advanced captchas at present) up to something like 24% success rate.

4 tries (or even 40, assuming there isn't a detection system for floods of requests) is nothing to a bot.

* * *

I also read on Blackhat SEO that xRumer tends to fill in every password field on a given page... I don't know if that's been fixed in a more recent release, but if true, it might be worth adding another password field to the registration page that said "please leave this field blank", and to reject any registration attempts which place text in the field.

* * *

EDIT: On another note, e-mail verification is (unfortunately) not an effective barrier as xRumer is designed to register for free webmail addresses from domains which have no/weak CAPTCHA systems, thereby allowing them infinite accounts. xRumer is also designed to use multiple proxies in order to evade discrimination by IP.

(using xRumer for examples as, by my understanding, it's the premier-choice for illicit SEO operations)

One of the issues with CAPTCHA is that there are now rooms in China and India jammed full of people doing nothing but deciphering CAPTCHAs for spambots......

Not sure if it would help a lot, but is there anyway to enforce a minimum time between posts? Even 30 seconds or so might be enough.

it might be worth adding another password field to the registration page that said "please leave this field blank", and to reject any registration attempts which place text in the field.

I like that one. If the field is rendered in background colour then it would be invisible to people, but a bot would still see (and complete) it....

I like that one. If the field is rendered in background colour then it would be invisible to people, but a bot would still see (and complete) it....

Indeed. This combined with the random manufacturer logo I think should be able to defeat it (for now anyways, lol)

The 30s thing is on another forum I'm on, it's actually a min. It works as far as i know and i have been part of that forum within the first 50 members. That forum has 17000 members and I have never seen a spammer. ( I've never seen one. Doesn't mean it's not there)
They also use vbulletin

I personally hate captcha.
Most of the time I can't decipher the txt, and the audio doesn't help either.
( it's an LD, actually multiple. )
A picture system would actually work better for people like me.

http://troll.me/images/futurama-fry/looking-at-captcha-not-sure-if-zero-or-uppercase-o.jpg