Spam Bots Attacking! Please Help!

[udonmap]

I've changed over to Q&A also however I'm still inundated with spam registrations.

Looks like a vulnerability may have been found in the registration process.

[Travisher]

I just took a look at your forum registration, the question it asked was too simplistic and gives the answer on the same page and indeed within the question. It is possible to script a bot to parse the words on a page and try them until it hits the jackpot.
Ask what the quarterly magazine is called or the full name of the club. If they are genuinely interested they will look for the answer. Don't be afraid of having whole sentences for answers. Don't hand people the answer, let them prove they pass the Turin test. Don't embed the answer in the question, don't have the answer on the same page. Consider putting the answers in image form. Look at photos you have and see if there are obvious words in them that you can ask questions on in your gallery.

[KevC]

the question it asked was too simplistic and gives the answer on the same page

That's usually not a problem to be honest. I've had a simple 'put this word in that box' Q&A for quite a while. It was only 'broken' last week and a slight rewording has stopped the bots instantly again.

[niall0s]

I've changed over to Q&A also however I'm still inundated with spam registrations.

Looks like a vulnerability may have been found in the registration process.

I have to agree, since upgrading to 3.0.8 my forum is getting quite a few spam bot registrations.

Using reCatchpa and 3.0.7-PL1 i had no problems with spambots.

[Travisher]

I've changed over to Q&A also however I'm still inundated with spam registrations.

Looks like a vulnerability may have been found in the registration process.

I have to agree, since upgrading to 3.0.8 my forum is getting quite a few spam bot registrations.

Using reCatchpa and 3.0.7-PL1 i had no problems with spambots.

Make sure you are not confusing cause and effect. There has been a concerted attack on bulletin boards and it may be a co-incidence that you upgraded. I was seeing attacks before I upgraded since I was a little slow in doing so. From what I see in the server logs the attacks are of a 'brute force' nature rather than a clever code exploit. Literally thousands of attempts to register in the logs. If it were a bypass, then I'd expect to see a flood of successful attempts with near 100% success. This is definitely not the case.

[callumacrae]

I have changed the Q&A to entirely new questions everyday since Friday and the onslaught still continues. I am at a loss what to do.

Use unique questions, and have lots of them. Also enable user activation

~Callum

[udonmap]

I updated all my questions last night, however this morning I noticed there were over 125 registrations during the night. The normal amount of registrations my board receives is between 10-20 per day!

I have just this minute changed the question to a code request e.g. all new registrations have to request a code from me via email to enter in the answer box. So in theory the only way for a new member to sign up is to contact me first for the code. The code I am using is very secure.

Unfortunately this has not worked and I've received 4 sign ups in the past hour already, neither of these requested the secret code from me. Therefore I'm guessing there is a vulnerability in both the recaptcha and the Q&A since both are not working on my board.

The only way I can stop this at present is to turn off new registrations completely however I don't really want to do this.

I've always found phpbb to be very secure against spam registrations up until recently.

Any help would be appreciated.

[ric323]

Unfortunately this has not worked and I've received 4 sign ups in the past hour already, neither of these requested the secret code from me. Therefore I'm guessing there is a vulnerability in both the recaptcha and the Q&A since both are not working on my board.

What is the address of your board?
Please PM it to me if you don't want to reveal it in public.

[/a3]

Unfortunately this has not worked and I've received 4 sign ups in the past hour already, neither of these requested the secret code from me. Therefore I'm guessing there is a vulnerability in both the recaptcha and the Q&A since both are not working on my board.

Are you using unique questions/answers for your Q&A CAPTCHA? From what I've heard, spammers seem to have found a way around the Q&A CAPTCHA when commonly used questions are used.

As for reCAPTCHA, it appears to be broken, so I would recommend using the Q&A CAPTCHA for now.

[udonmap]

I'm was using unique questions e.g. What is the most common staple food of Thailand?, what is the capital of Thailand?, What is Thailand's currency etc.

[webhostuk]

I will also suggest you to go for CAPTCHA spam protection to your forum or have admin approval before publishing or registering any new user.

[ric323]

Unfortunately this has not worked and I've received 4 sign ups in the past hour already, neither of these requested the secret code from me. Therefore I'm guessing there is a vulnerability in both the recaptcha and the Q&A since both are not working on my board.

What is the address of your board?
Please PM it to me if you don't want to reveal it in public.

udonmap PMd me the address of their board, and it does seem to have a Q&A question set up correctly.
There has still been no vulnerability identified in the Q&A code, so the most likely explanation is that one of the people you DID give the code to was acting as a front man to pass it on to the spammers.
Try changing to a different code immediately, and see what happens.
In my own case, I simply swapped the order of the required words in the answer, and the spambots stopped immediately. I suspect a human analysed the question first, then passed this on to the spamming progeam.

[callumacrae]

Unfortunately this has not worked and I've received 4 sign ups in the past hour already, neither of these requested the secret code from me. Therefore I'm guessing there is a vulnerability in both the recaptcha and the Q&A since both are not working on my board.

What is the address of your board?
Please PM it to me if you don't want to reveal it in public.

udonmap PMd me the address of their board, and it does seem to have a Q&A question set up correctly.
There has still been no vulnerability identified in the Q&A code, so the most likely explanation is that one of the people you DID give the code to was acting as a front man to pass it on to the spammers.
Try changing to a different code immediately, and see what happens.
In my own case, I simply swapped the order of the required words in the answer, and the spambots stopped immediately. I suspect a human analysed the question first, then passed this on to the spamming progeam.

I have seen multiple people saying that they believe that the Q&A CAPTCHA has been hacked, and it is definitely a possibility that should not be discounted, although I think it would have been noticed by now. It isn't specific to this version of phpBB, as I haven't got round to updating my board yet.

~Callum

[udonmap]

Thank you for the quick response. I will do as you've said an change the code immediately and let you know what happens.

[Saint_hh]

It isn't specific to this version of phpBB, as I haven't got round to updating my board yet.

People using Vbulletin, IPB and self build websites are reporting that it seems that reCaptcha is cracked too. See here.
And I doubt that it has something to do with phpBB or the phpBB version too. I've updated to 3.0.8 also pretty late and the problems with reCaptcha have already began with 3.0.7pl1 for me. But the mayor peak came up at around the 4th of January.