Spam Bots Attacking! Please Help!

[DBM]

Just out of interest, and this is not conclusive proof.... I've just changed all my Q&A questions, and in the last 6 hours, I've not had a single spammer register.

This tends to indicate that they are not bypassing the Q&A, but have simply compiled a set of answers, that will, after enough tries, give the right answer when the right question comes up.

I will continue to monitor this, but it looks like questions will simply need to be changed a lot more often.

Good to know, haggisv. It's been all quiet for the last six hours for me too, although I switched to reCaptcha temporarily. I've not yet tried a fresh set of unique questions since my Q&A got compromised but will try it and see what happens tomorrow.

In my case, I've done a whois each time an obvious bot has got through (using the built-in whois facility of phpBB) and then applied an IP ban for the entire range shown. I've done this at server level through my site's control panel, so that they are blocked from the entire site and not just the forum. People can of course apply these range bans through their .htaccess for the same effect.

Hopefully they may be running out of ISPs (they're mostly Russian, Ukrainian and the occasional East European ISPs in this wave of attacks). I don't like banning entire ISPs but at the moment it seems necessary and I'm not aware of a single genuine member signing up from these regions for my site anyway.

[haggisv]

I look up the IPs in stopforumspam.com, and if they're listed I block the single IP. I don't usually like to block IP ranges, as it can block many legit users as well, but from certain countries (which are known for spam and are unlikely to offer legit users) I sometimes do block the IP range too.

[DBM]

I look up the IPs in stopforumspam.com, and if they're listed I block the single IP. I don't usually like to block IP ranges, as it can block many legit users as well, but from certain countries (which are known for spam and are unlikely to offer legit users) I sometimes do block the IP range too.

Ah, very useful - some familiar-looking usernames and emails on their top 10 for the past 24 hours too.

[haggisv]

Yes that's a very handy resource!

[Cpt. Blackbeard]

I tried to register on a Forum using ReCaptcha just yesterday, I know I was typing it correctly but it kept telling me I wasn't. Even tried the Audio link and typed it in exactly, still said it was wrong. I finally gave up and that Forum has lost a member,I'm not going back. I will not use any type of CAPTCHA or reCAPTCHA on my Forum, Q&A still works fine for me.

[Saint_hh]

I had no problems with spambots for months, using reCAPTCHA + a custom profile field which had to be answered correctly.
But now I have to see that spambots get through and I have the feeling too, that spambots have found a way to bypass the captcha completely.
I'll change now to the Q&A captcha (with German questions) and monitor how it will work.

[DBM]

Woke up this morning to see a few bots had got through reCaptcha. Have reinstated Q&A with new questions and it's held up so far. I've never known such a relentless and persistent attack as the past few days though - there must be a new breed of bot out there.

[Travisher]

I changed all my questions yesterday. Looking in the apache logs there seems to be a concerted attempt going on. Last night I firewalled most of the Russian Federation on top of my Chinese blocking at the server level.
I'll take a look at the logs this weekend and see what the results are. So far I've silenced the spammers.

[Fujcube]

WTF, my inbox is almost bursting with new accounts waiting on approval!!

Have just changed over to Q&A from reCaptcha, lets see what happens!!

How do I permanently block registrations from a specific domain? Most of my spoof accounts are something @gmail.com and something@mail.ru

Regards

[KevC]

How do I permanently block registrations from a specific domain? Most of my spoof accounts are something @gmail.com and something@mail.ru

Add *@mail.ru to the email ban list.
That will ban any accounts registering with that mail suffix.
Sadly though they often just use gmail or hotmail and that would alienate a lot of normal members.

Yahoo's ymail.com is also used by a lot.

[sakm]

i changed to reCaptcha last night and only had a few spam bots as apposed to about 10!! but they are still getting through!!

might change back to Q&A and change the question and see what happens

[Fujcube]

Not had another registration since changing to Q&A. Let hope it lasts

[callumacrae]

reCaptcha has been broken by the bots too, but the bots that are attacking at the moment seem to only be attacking Q&A (although I have heard reports of people using reCAPTCHA being spammed worse that usual).

~Callum

[dominoz]

I've updated my board to 3.0.8 although I have yet to update my style ( acidtech )
and since I've updated I get spammers trying to register every day. Meanwhile I've had to put it on Registration by Admin.

Can someone look at my registration page, and advise if they would change or add anything to try and slow them down.

http://puntersmate.net/punters/index.php

Thanks

[KevC]

I've updated my board to 3.0.8 although I have yet to update my style ( acidtech )
and since I've updated I get spammers trying to register every day. Meanwhile I've had to put it on Registration by Admin.

Can someone look at my registration page, and advise if they would change or add anything to try and slow them down.

http://puntersmate.net/punters/index.php

Thanks

You're running the old black and white visual confirmation which was beaten at least 5 years ago. I'd definitely change that.