Spam Bots Attacking! Please Help!

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Get Involved
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
dominoz
Registered User
Posts: 316
Joined: Wed Dec 26, 2007 12:47 pm
Location: UK
Contact:

Re: Spam Bots Attacking! Please Help!

Post by dominoz » Fri Jan 07, 2011 8:42 pm

Yeah, I've been running that for a while Kevin, since people complained they were struggling to read the confirmation code :)

I'll change it to the GD Image and see how it goes.

Thanks
Simply the best Horse Racing Forum on the Internet
http://www.puntersmate.net

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69456
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Spam Bots Attacking! Please Help!

Post by KevC » Fri Jan 07, 2011 8:49 pm

The GD one has adjusters for complexity of the image.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

dominoz
Registered User
Posts: 316
Joined: Wed Dec 26, 2007 12:47 pm
Location: UK
Contact:

Re: Spam Bots Attacking! Please Help!

Post by dominoz » Fri Jan 07, 2011 9:00 pm

Ok thanks Kevin :)
Simply the best Horse Racing Forum on the Internet
http://www.puntersmate.net

Travisher
Registered User
Posts: 15
Joined: Fri May 19, 2006 10:56 pm
Location: Peterborough
Contact:

Re: Spam Bots Attacking! Please Help!

Post by Travisher » Fri Jan 07, 2011 9:32 pm

I found users struggling with the GD images but spammers still getting through.
I completely redid my Q&A questions yesterday which seems to have stopped the spammers.
However it isn't conclusive as I also blocked Russian Federation and China at server level.

lemmingtopias
Registered User
Posts: 26
Joined: Fri Jan 07, 2011 6:32 pm

Re: Spam Bots Attacking! Please Help!

Post by lemmingtopias » Fri Jan 07, 2011 9:40 pm

I have been getting swarms of SpamBots attacking lately too. Using the ReCaptcha and yet they still get through.

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam Bots Attacking! Please Help!

Post by callumacrae » Fri Jan 07, 2011 10:45 pm

lemmingtopias wrote:I have been getting swarms of SpamBots attacking lately too. Using the ReCaptcha and yet they still get through.
reCAPTCHA has been cracked. Use Q&A CAPTCHA with plenty of good, unique questions.

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

BioLogIn
Registered User
Posts: 172
Joined: Sun Jan 06, 2008 10:51 am

Re: Spam Bots Attacking! Please Help!

Post by BioLogIn » Sat Jan 08, 2011 7:54 am

Was using reCAPTCHA, attacks started a few days ago. Yesterday switched to GD 3D captcha, that seems to help - not a single spambot for last 24 hours.

Saint_hh
Registered User
Posts: 362
Joined: Thu Mar 31, 2005 5:16 pm
Location: Hamburg / Germany
Name: Kevin
Contact:

Re: Spam Bots Attacking! Please Help!

Post by Saint_hh » Sat Jan 08, 2011 11:42 am

Callum95 wrote:reCAPTCHA has been cracked.
Yes, seems so. No spambots with the Q&A captcha since yesterday.

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam Bots Attacking! Please Help!

Post by callumacrae » Sat Jan 08, 2011 12:05 pm

BioLogIn wrote:Was using reCAPTCHA, attacks started a few days ago. Yesterday switched to GD 3D captcha, that seems to help - not a single spambot for last 24 hours.
You would be best off with Q&A CAPTCHA, but if it's keeping the spam at bay I guess it's fine to use the 3D captcha. Make sure it's not keeping your users out though :D

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

User avatar
haggisv
Registered User
Posts: 261
Joined: Wed Dec 20, 2006 3:31 am
Location: Adelaide, Australia
Contact:

Re: Spam Bots Attacking! Please Help!

Post by haggisv » Sun Jan 09, 2011 12:43 am

haggisv wrote:Just out of interest, and this is not conclusive proof.... I've just changed all my Q&A questions, and in the last 6 hours, I've not had a single spammer register.

This tends to indicate that they are not bypassing the Q&A, but have simply compiled a set of answers, that will, after enough tries, give the right answer when the right question comes up.

I will continue to monitor this, but it looks like questions will simply need to be changed a lot more often.
I can confirm that after several days, changing the Q&A to a new set of questions has completely stopped this current wave. I guess we're going to have to change the questions more often, or our answers will get added to a list, and things will heat up again.

User avatar
DBM
Registered User
Posts: 159
Joined: Tue Oct 25, 2005 10:29 pm
Contact:

Re: Spam Bots Attacking! Please Help!

Post by DBM » Sun Jan 09, 2011 4:27 am

haggisv wrote:
haggisv wrote:Just out of interest, and this is not conclusive proof.... I've just changed all my Q&A questions, and in the last 6 hours, I've not had a single spammer register.

This tends to indicate that they are not bypassing the Q&A, but have simply compiled a set of answers, that will, after enough tries, give the right answer when the right question comes up.

I will continue to monitor this, but it looks like questions will simply need to be changed a lot more often.
I can confirm that after several days, changing the Q&A to a new set of questions has completely stopped this current wave. I guess we're going to have to change the questions more often, or our answers will get added to a list, and things will heat up again.
Using a completely fresh set of questions has worked here too. :)

I can also confirm that reCaptcha is broken - everyone stick with Q&A and keep updating the questions.

Like someone suggested earlier in the thread, it would help if a future edition of the Q&A captcha included some means of recording which question was answered on successful registration, so we can easily identify which question has been compromised if a bot gets through.

I'm also going to install the Advanced Block MOD and use it with the stopforumspam DNSBL.

Saint_hh
Registered User
Posts: 362
Joined: Thu Mar 31, 2005 5:16 pm
Location: Hamburg / Germany
Name: Kevin
Contact:

Re: Spam Bots Attacking! Please Help!

Post by Saint_hh » Sun Jan 09, 2011 10:23 am

DBM wrote:Like someone suggested earlier in the thread, it would help if a future edition of the Q&A captcha included some means of recording which question was answered on successful registration, so we can easily identify which question has been compromised if a bot gets through.
I guess this is a really good idea.
Regarding the Q&A plugin: it seems that I have an advantage in having a pure German board. All bots are going on English and GMT-12 - so I defined only one "question" for English:
Sorry, you seem to be a spambot - if not: choose the other language:
As answer I configured a passphrase which would be good enough for the pentagon. ;)

And it's interesting to watch the phpbb_qa_confirm table. Every insert with "lang_iso" set to "en" is a bot - could be easily seen that the wave is still heavily going on.

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam Bots Attacking! Please Help!

Post by callumacrae » Sun Jan 09, 2011 12:22 pm

I just had a little prune of my users, changed my questions and enabled user activation.

That reduced 139 users to 18, and I haven't had any registrations since! :D

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

Travisher
Registered User
Posts: 15
Joined: Fri May 19, 2006 10:56 pm
Location: Peterborough
Contact:

Re: Spam Bots Attacking! Please Help!

Post by Travisher » Sun Jan 09, 2011 8:55 pm

Since I reset all the questions on Q&A and blocked Russian Federation and China I have had no more spambots getting through. However, checking the logs shows that the onslaught has not diminished much as there appears to be attempts from Israel and a number of what I can only assume are fake DNS since while a reverse lookup produces empire-sys.com using whois gives no such domain. Other IPs appear to be 'unallocated IP space'.
It would appear that we are witnessing the culmination of a concerted effort to break down the protection of bulletin boards etc.. I'm told that some porn sites 'reward' users who add capcha answers to a database. So the logical thing to do is have plenty of questions and keep changing them - hence my idea of putting the answer given in your activation email so you can spot when they have reached the end of their useful life.

Speedy62
Registered User
Posts: 69
Joined: Thu Sep 21, 2006 8:39 pm

Re: Spam Bots Attacking! Please Help!

Post by Speedy62 » Mon Jan 10, 2011 8:13 am

I have changed the Q&A to entirely new questions everyday since Friday and the onslaught still continues. I am at a loss what to do.

Locked

Return to “[3.0.x] Support Forum”