Spambots with Q&A CAPTCHA?

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Get Involved
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
fatherxmas
Registered User
Posts: 1
Joined: Sat Jan 14, 2012 2:54 pm

Re: Spambots with Q&A CAPTCHA?

Post by fatherxmas »

Same here - we had one or two spammers per day who go through our Q&A spam countermeasure. Since upgrading, we are now up at about 40 per day.

User avatar
D¡cky
Former Team Member
Posts: 11812
Joined: Tue Jan 25, 2005 8:38 pm
Location: New Hampshire, USA
Name: Richard Foote
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by D¡cky »

I think it is just a coincidence. The same thing happened 2 or 3 years ago right after the first of the year, Jan 2009 I believe, message boards everywhere (not just phpBB) were inundated by spambots. The spambots probably just updated their scripts to get around some of the Q&A questions since many boards are going with that now. Questions and answers unique to your board and possibly custom profile fields should help alleviate the problem.
Have you hugged someone today?

chillbear
Registered User
Posts: 6
Joined: Sat Jan 14, 2012 1:12 pm

Re: Spambots with Q&A CAPTCHA?

Post by chillbear »

D¡cky wrote:I think it is just a coincidence. The same thing happened 2 or 3 years ago right after the first of the year, Jan 2009 I believe, message boards everywhere (not just phpBB) were inundated by spambots. The spambots probably just updated their scripts to get around some of the Q&A questions since many boards are going with that now. Questions and answers unique to your board and possibly custom profile fields should help alleviate the problem.
I had Q&A quesitons unique to my board...and in German -did not prevent them from registering. And it is a very interesting coincidence that it happens right after an update, don't you think?

User avatar
D¡cky
Former Team Member
Posts: 11812
Joined: Tue Jan 25, 2005 8:38 pm
Location: New Hampshire, USA
Name: Richard Foote
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by D¡cky »

chillbear wrote:And it is a very interesting coincidence that it happens right after an update, don't you think?
It is also interesting that it has happened before right after the first of the year when the spambots broke the phpBB 3D CAPTCHA in January 2009.
Have you hugged someone today?

User avatar
P_I
Registered User
Posts: 999
Joined: Tue Mar 01, 2011 8:35 pm
Location: Calgary
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by P_I »

A further update, we changed our questions yesterday at around 10 am local time. My co-admin pointed out that if you check ACP->USERS AND GROUPS->Inactive Users you can typically see a list of recently registered users who haven't started spamming yet. The last one corresponded to when we changed the questions.

From this I conclude the spambots are likely not bypassing the Q&A.

On the matter of timely, we noticed an heavy increase about the time we updated to 3.0.9 and as I noted
P_I wrote:One UI change in 3.0.9 was a change to the copyright message -- so Google can be used to find forums running 3.0.9.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams

User avatar
Lumpy Burgertushie
Registered User
Posts: 67057
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by Lumpy Burgertushie »

anything in the inactive list before you made any changes to the process will still be there and you may mistake them for ones that tried to register since you made the changes.

if you have the Q&A setup with a non searchable answer then they do not even go into the inactive list at all unless they are human and answer the question correctly.

setting the newly registered user group up will keep any humans from posting until they have been approved.

also, having registration set to admin will allow you to get rid of them before they can be activated/post etc.

I have not heard of a case of bots actually getting past the Q&A with a good question.
When people think that is the case it is usually not. It is usually because the system has not been setup correctly or they are old inactive listings or they are human spammers.



robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

User avatar
P_I
Registered User
Posts: 999
Joined: Tue Mar 01, 2011 8:35 pm
Location: Calgary
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by P_I »

A question that has been beaten by Russian and Far East spambots. "What is the third province west of Ontario?"
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams

User avatar
Lumpy Burgertushie
Registered User
Posts: 67057
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by Lumpy Burgertushie »

put that phrase into google and see what you get.

to simple for the bots to google for the answer.


you have to pick something that can not be searched for .

the spam bots are very smart and very good.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

Swanny
Registered User
Posts: 448
Joined: Sun Apr 14, 2002 2:11 am
Location: Canada

Re: Spambots with Q&A CAPTCHA?

Post by Swanny »

I managed to slow my spam down to like 1-2 messages today. I updated all my Q&A with things like "type the 3 letters in the middle of this word". I changed *all* the questions and that seems to have done the trick for me. The spam isn't totally gone, but it's basically 99% gone, which is good enough for me. There will always be a few human spammers that are really hard to detect/deter.

chillbear
Registered User
Posts: 6
Joined: Sat Jan 14, 2012 1:12 pm

Re: Spambots with Q&A CAPTCHA?

Post by chillbear »

Changed the questions to some really tricky German stuff...Spam got less, but somehow there are still a couple of bots that manage to register.

User avatar
CrewChief
Registered User
Posts: 188
Joined: Fri Nov 04, 2011 3:15 am
Location: NJ
Name: Tony
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by CrewChief »

I think the simple answer to using Q&A captcha is this: if you google the question you are about to use and find the answer....DON'T USE IT!
My Q&A is more of a set of directions to follow rather than a question to answer. No way the bots figure this one out. It stopped them dead in their tracks months ago with 1 simple but effective "question".
Image

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21892
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket.

Re: Spambots with Q&A CAPTCHA?

Post by Mick »

For my own edification can I just ask, has anyone actually had a spam bot register and post while using Q&A?
"The more connected we get the more alone we become" - Kyle Broflovski

chillbear
Registered User
Posts: 6
Joined: Sat Jan 14, 2012 1:12 pm

Re: Spambots with Q&A CAPTCHA?

Post by chillbear »

Yes, and still happening.

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21892
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket.

Re: Spambots with Q&A CAPTCHA?

Post by Mick »

Would you mind PM'ing me the email addresses of the ones that posted please?
"The more connected we get the more alone we become" - Kyle Broflovski

chillbear
Registered User
Posts: 6
Joined: Sat Jan 14, 2012 1:12 pm

Re: Spambots with Q&A CAPTCHA?

Post by chillbear »

Can do it for the next ones because the old ones already got deleted...but mainly gmail adresses and sometimes hotmail and yahoo.

Locked

Return to “[3.0.x] Support Forum”