Spam Bots Attacking! Please Help!

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Scam Warning
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
User avatar
DBM
Registered User
Posts: 159
Joined: Tue Oct 25, 2005 10:29 pm
Contact:

Re: Spam Bots Attacking! Please Help!

Post by DBM » Fri Jan 07, 2011 1:27 am

haggisv wrote:Just out of interest, and this is not conclusive proof.... I've just changed all my Q&A questions, and in the last 6 hours, I've not had a single spammer register.

This tends to indicate that they are not bypassing the Q&A, but have simply compiled a set of answers, that will, after enough tries, give the right answer when the right question comes up.

I will continue to monitor this, but it looks like questions will simply need to be changed a lot more often.
Good to know, haggisv. It's been all quiet for the last six hours for me too, although I switched to reCaptcha temporarily. I've not yet tried a fresh set of unique questions since my Q&A got compromised but will try it and see what happens tomorrow.

In my case, I've done a whois each time an obvious bot has got through (using the built-in whois facility of phpBB) and then applied an IP ban for the entire range shown. I've done this at server level through my site's control panel, so that they are blocked from the entire site and not just the forum. People can of course apply these range bans through their .htaccess for the same effect.

Hopefully they may be running out of ISPs (they're mostly Russian, Ukrainian and the occasional East European ISPs in this wave of attacks). I don't like banning entire ISPs but at the moment it seems necessary and I'm not aware of a single genuine member signing up from these regions for my site anyway.

User avatar
haggisv
Registered User
Posts: 261
Joined: Wed Dec 20, 2006 3:31 am
Location: Adelaide, Australia
Contact:

Re: Spam Bots Attacking! Please Help!

Post by haggisv » Fri Jan 07, 2011 1:33 am

I look up the IPs in stopforumspam.com, and if they're listed I block the single IP. I don't usually like to block IP ranges, as it can block many legit users as well, but from certain countries (which are known for spam and are unlikely to offer legit users) I sometimes do block the IP range too.

User avatar
DBM
Registered User
Posts: 159
Joined: Tue Oct 25, 2005 10:29 pm
Contact:

Re: Spam Bots Attacking! Please Help!

Post by DBM » Fri Jan 07, 2011 1:40 am

haggisv wrote:I look up the IPs in stopforumspam.com, and if they're listed I block the single IP. I don't usually like to block IP ranges, as it can block many legit users as well, but from certain countries (which are known for spam and are unlikely to offer legit users) I sometimes do block the IP range too.
Ah, very useful - some familiar-looking usernames and emails on their top 10 for the past 24 hours too. :lol:

User avatar
haggisv
Registered User
Posts: 261
Joined: Wed Dec 20, 2006 3:31 am
Location: Adelaide, Australia
Contact:

Re: Spam Bots Attacking! Please Help!

Post by haggisv » Fri Jan 07, 2011 3:28 am

Yes that's a very handy resource!

User avatar
Cpt. Blackbeard
Registered User
Posts: 443
Joined: Sat Oct 31, 2009 4:39 am
Location: USA
Contact:

Re: Spam Bots Attacking! Please Help!

Post by Cpt. Blackbeard » Fri Jan 07, 2011 3:35 am

I tried to register on a Forum using ReCaptcha just yesterday, I know I was typing it correctly but it kept telling me I wasn't. Even tried the Audio link and typed it in exactly, still said it was wrong. I finally gave up and that Forum has lost a member,I'm not going back. I will not use any type of CAPTCHA or reCAPTCHA on my Forum, Q&A still works fine for me.

Saint_hh
Registered User
Posts: 362
Joined: Thu Mar 31, 2005 5:16 pm
Location: Hamburg / Germany
Name: Kevin
Contact:

Re: Spam Bots Attacking! Please Help!

Post by Saint_hh » Fri Jan 07, 2011 9:16 am

I had no problems with spambots for months, using reCAPTCHA + a custom profile field which had to be answered correctly.
But now I have to see that spambots get through and I have the feeling too, that spambots have found a way to bypass the captcha completely.
I'll change now to the Q&A captcha (with German questions) and monitor how it will work.

User avatar
DBM
Registered User
Posts: 159
Joined: Tue Oct 25, 2005 10:29 pm
Contact:

Re: Spam Bots Attacking! Please Help!

Post by DBM » Fri Jan 07, 2011 9:53 am

Woke up this morning to see a few bots had got through reCaptcha. Have reinstated Q&A with new questions and it's held up so far. I've never known such a relentless and persistent attack as the past few days though - there must be a new breed of bot out there.

Travisher
Registered User
Posts: 15
Joined: Fri May 19, 2006 10:56 pm
Location: Peterborough
Contact:

Re: Spam Bots Attacking! Please Help!

Post by Travisher » Fri Jan 07, 2011 9:57 am

I changed all my questions yesterday. Looking in the apache logs there seems to be a concerted attempt going on. Last night I firewalled most of the Russian Federation on top of my Chinese blocking at the server level.
I'll take a look at the logs this weekend and see what the results are. So far I've silenced the spammers.

Fujcube
Registered User
Posts: 197
Joined: Sat May 31, 2008 6:22 am

Re: Spam Bots Attacking! Please Help!

Post by Fujcube » Fri Jan 07, 2011 1:19 pm

WTF, my inbox is almost bursting with new accounts waiting on approval!!

Have just changed over to Q&A from reCaptcha, lets see what happens!!

How do I permanently block registrations from a specific domain? Most of my spoof accounts are something @gmail.com and something@mail.ru

Regards

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69463
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Spam Bots Attacking! Please Help!

Post by KevC » Fri Jan 07, 2011 1:36 pm

Fujcube wrote:How do I permanently block registrations from a specific domain? Most of my spoof accounts are something @gmail.com and something@mail.ru
Add *@mail.ru to the email ban list.
That will ban any accounts registering with that mail suffix.
Sadly though they often just use gmail or hotmail and that would alienate a lot of normal members.

Yahoo's ymail.com is also used by a lot.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

sakm
Registered User
Posts: 560
Joined: Sun Jan 21, 2007 8:14 pm
Location: Hull, uk
Name: Stu
Contact:

Re: Spam Bots Attacking! Please Help!

Post by sakm » Fri Jan 07, 2011 2:58 pm

i changed to reCaptcha last night and only had a few spam bots as apposed to about 10!! but they are still getting through!!

might change back to Q&A and change the question and see what happens :|

Fujcube
Registered User
Posts: 197
Joined: Sat May 31, 2008 6:22 am

Re: Spam Bots Attacking! Please Help!

Post by Fujcube » Fri Jan 07, 2011 5:30 pm

Not had another registration since changing to Q&A. Let hope it lasts :mrgreen:

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam Bots Attacking! Please Help!

Post by callumacrae » Fri Jan 07, 2011 5:34 pm

reCaptcha has been broken by the bots too, but the bots that are attacking at the moment seem to only be attacking Q&A (although I have heard reports of people using reCAPTCHA being spammed worse that usual).

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

dominoz
Registered User
Posts: 316
Joined: Wed Dec 26, 2007 12:47 pm
Location: UK
Contact:

Re: Spam Bots Attacking! Please Help!

Post by dominoz » Fri Jan 07, 2011 7:48 pm

I've updated my board to 3.0.8 although I have yet to update my style ( acidtech )
and since I've updated I get spammers trying to register every day. Meanwhile I've had to put it on Registration by Admin.

Can someone look at my registration page, and advise if they would change or add anything to try and slow them down.

http://puntersmate.net/punters/index.php

Thanks
Simply the best Horse Racing Forum on the Internet
http://www.puntersmate.net

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69463
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Spam Bots Attacking! Please Help!

Post by KevC » Fri Jan 07, 2011 8:31 pm

dominoz wrote:I've updated my board to 3.0.8 although I have yet to update my style ( acidtech )
and since I've updated I get spammers trying to register every day. Meanwhile I've had to put it on Registration by Admin.

Can someone look at my registration page, and advise if they would change or add anything to try and slow them down.

http://puntersmate.net/punters/index.php

Thanks
You're running the old black and white visual confirmation which was beaten at least 5 years ago. I'd definitely change that.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

Locked

Return to “[3.0.x] Support Forum”