Spambots with Q&A CAPTCHA?

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Scam Warning
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
User avatar
Mick
Support Team Member
Support Team Member
Posts: 22919
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably.

Re: Spambots with Q&A CAPTCHA?

Post by Mick »

Just five or six random would be fine.
"The more connected we get the more alone we become" - Kyle Broflovski©
bluematttkz
Registered User
Posts: 3
Joined: Mon Oct 03, 2011 10:26 pm

Re: Spambots with Q&A CAPTCHA?

Post by bluematttkz »

We normally get 5 per week

yesterday and today we have had 80 new spambots sign up

time to change the Q&A
User avatar
Lumpy Burgertushie
Registered User
Posts: 68293
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by Lumpy Burgertushie »

bluematttkz wrote:We normally get 5 per week

yesterday and today we have had 80 new spambots sign up

time to change the Q&A
what question have you been using?
go ahead and post it if you are going to change it anyway.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
User avatar
P_I
Registered User
Posts: 1323
Joined: Tue Mar 01, 2011 8:35 pm
Location: Staying home - Western Canada
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by P_I »

Mick wrote:Would you mind PM'ing me the email addresses of the ones that posted please?
Done
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams
chillbear
Registered User
Posts: 6
Joined: Sat Jan 14, 2012 1:12 pm

Re: Spambots with Q&A CAPTCHA?

Post by chillbear »

I realized that somehow still ReCaptcha was running (might have missed hitting an "Apply" button or similar)...I replaced it now with Q&A with just one complex question - so far so good, but 1 suspicious account already registered with the new setup - but I cannot tell yet if it is a bot or not for sure. I will keep an eye on it and update the status here.
jas0n-no-spam
Registered User
Posts: 2
Joined: Mon Feb 14, 2011 10:20 pm

Re: Spambots with Q&A CAPTCHA?

Post by jas0n-no-spam »

I haven't upgraded from 3.0.8, yet I too have experienced several spam registrations over the last couple of days (but none for months beforehand).

So I'd suggest the spam bots have acquired some new skills, which just happened to coincide with your upgrades.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 22919
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably.

Re: Spambots with Q&A CAPTCHA?

Post by Mick »

I'm of the opinion it's a coincidence as well along with an increase in human spammers.
"The more connected we get the more alone we become" - Kyle Broflovski©
dsines
Registered User
Posts: 15
Joined: Wed Aug 09, 2006 3:48 pm
Location: Austin, Tx
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by dsines »

Mick wrote:I'm of the opinion it's a coincidence as well along with an increase in human spammers.
I might have gone with this initially. However, over the last week the spam registrations have continued to increase and are spread pretty evenly throughout the day at all hours. The names also are completely random letters again (at least the human spammers of the past at least tried to make a reasonable name).

Thankfully the manual activation is preventing them from actually hitting the boards, although I am effectively spamming myself with all the new user notices.
-Dale
nirok
Registered User
Posts: 14
Joined: Sun Oct 18, 2009 2:02 am

Re: Spambots with Q&A CAPTCHA?

Post by nirok »

I can also confirm that I upgraded from 3.0.6 to 3.0.10 and I use the Q&A plugin. There was no spam previous to the upgrade, now I get around 10 - 15 or more trying to join a day, 1 or 2 activate and post... I have noticed this on both my websites: http://kapitifishing.co.nz and also spoodle.co.nz ...

I wonder if either spambots have a work around the Q&A plugin in 3.0.10 or if the Q&A isn't working properly
User avatar
KevC
Support Team Member
Support Team Member
Posts: 70270
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by KevC »

You could do with making your questions a bit harder.
I just saw one asking me to enter the middle letter of the word rig.
That's only a 1 in 26 chance of guessing.

The other two I saw also had dictionary words as the bit to guess rather than random codes.

You only need one question. By using 3 or 4, if one is ineffective, you don't know which one it is. If you have only one question and you start getting spambot registrations you know the bit you need to change.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"
User avatar
Orange Air
Registered User
Posts: 13
Joined: Sun May 20, 2012 8:40 pm
Location: UK
Name: David Morris
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by Orange Air »

I now suffer NO SPAM ;)
My methods:
1] Use Q&A and (it's been mentioned over & over) is, Don't use a question that you can Google the answer to :roll:
2] Ban all" *@yahoo.*", "*@gmail.*" and "*@hotmail.*" email addresses. (I know some of you won't do this. But the truth is we ALL have "real" email addresses provided by our ISP's. The fact that some choose to hide behind another address tells its own story :) )
3] Ban the IP address "188.*.*.*" The entry(s) in "WhoIs" are false. I am 95% certain this is a major spamming/porn operation. (100% certain if it comes from "188.24.*.*" through "188.27.*.*" and "188.143.*.*") Just this one change alone reduced my SPAM from a flood to a trickle ;)

Just my two-pennies worth :)
Cheers,
Dave M.
Orange Air
User avatar
AmigoJack
Registered User
Posts: 5795
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by AmigoJack »

Orange Air wrote:we ALL have "real" email addresses provided by our ISP's. The fact that some choose to hide behind another address tells its own story
My story would be: I don't trust my ISP to not read plaintext e-mails from/to me - not to mention any government raid (for whichever true or false reason) which will automatically also get all your e-mails. Other stories would be: the ISP changes more often than an e-mail-address should. Or just the freedom to be AAAP (as anonymous as possible).

For all future replies: if you want to debug on how your Q&A system is working, do the following:
  1. Create a file /store/qa_debug.log and set their permissions to 777 or likewise (the .htaccess in that directory should already prevent outsiders from reading that file).
  2. Open /includes/captcha/plugins/phpbb_captcha_qa_plugin.php and find:

    Code: Select all

        function check_answer()
        {
            global $db;
    
            $answer = ($this->question_strict) ? utf8_normalize_nfc(request_var('qa_answer', '', true)) : utf8_clean_string(utf8_normalize_nfc(request_var('qa_answer', '', true))); 
    After, add:

    Code: Select all

            /*** 2012-05-22 BEGIN AmigoJack
                Log all Q&A validations ***/
            define( 'QA_DEBUG_FILE', $_SERVER['DOCUMENT_ROOT']. '/store/qa_debug.log' );
            global $user;
    
            $sText= "\n"
            . "\nTime:\t". date( 'Y-m-d H:i:s O' )
            . "\nAddress:\t". ( isset( $_SERVER['REMOTE_ADDR'] )? $_SERVER['REMOTE_ADDR']: '' )
            . "\nUser agent:\t". ( isset( $_SERVER['HTTP_USER_AGENT'] )? $_SERVER['HTTP_USER_AGENT']: '' )
            . "\nHost:\t". ( isset( $_SERVER['REMOTE_HOST'] )? $_SERVER['REMOTE_HOST']: '' )
            . "\nReferer:\t". ( isset( $_SERVER['HTTP_REFERER'] )? $_SERVER['HTTP_REFERER']: '' )
            . "\nUser:\t#". $user-> data['user_id']. ' = '. $user-> data['username']
            . "\nAnswer:\t". $answer
            ;
            /*** 2012-05-22 END ***/ 
  3. Find:

    Code: Select all

            $sql = 'SELECT answer_text
                FROM ' . CAPTCHA_ANSWERS_TABLE . '
                WHERE question_id = ' . (int) $this->question;
            $result = $db->sql_query($sql);
    
            while ($row = $db->sql_fetchrow($result))
            {
                $solution = ($this->question_strict) ? $row['answer_text'] : utf8_clean_string($row['answer_text']);
    
                if ($solution === $answer)
                {
                    $this->solved = true;
    
                    break;
                }
            }
            $db->sql_freeresult($result); 
    After, add:

    Code: Select all

            /*** 2012-05-22 BEGIN AmigoJack
                Log all Q&A validations ***/
            $hLog= fopen( QA_DEBUG_FILE, 'ab' );
            fwrite( $hLog, $sText
            . "\nSolved:\t". ( $this-> solved? 'yes', 'no' )
            );
            fclose( $hLog );
            /*** 2012-05-22 END ***/ 
Untested. Be aware that this logs Q&A attempts only - you have to ensure yourself that no other methods (i.e. CAPTCHAs) are activated.
Last edited by AmigoJack on Thu Oct 18, 2012 1:41 pm, edited 1 time in total.
  • The worst thing about censorship is ███████████
  • "The problem is probably not my English but you do not want to understand correctly. ... We will not come anybody anyway, nevertheless, it's best to shit this." Affin, 2018-11-20
  • "But this shit is not here for you. You can follow with your. Maybe the question, instead, was for you, who know, so you shoved us how you are." axe70, 2020-10-10
User avatar
KevC
Support Team Member
Support Team Member
Posts: 70270
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by KevC »

Orange Air wrote:2] Ban all" *@yahoo.*", "*@gmail.*" and "*@hotmail.*" email addresses. (I know some of you won't do this. But the truth is we ALL have "real" email addresses provided by our ISP's. The fact that some choose to hide behind another address tells its own story :) )
That's fine until you move ISPs. You might not be able to take a long standing address with you. There's nothing at all wrong with allowing gmail, hotmail etc.
Orange Air wrote:3] Ban the IP address "188.*.*.*" The entry(s) in "WhoIs" are false. I am 95% certain this is a major spamming/porn operation. (100% certain if it comes from "188.24.*.*" through "188.27.*.*" and "188.143.*.*") Just this one change alone reduced my SPAM from a flood to a trickle ;)
This is largely pointless.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"
User avatar
fade2gray
Registered User
Posts: 20
Joined: Sun Jun 25, 2006 4:05 pm

Re: Spambots with Q&A CAPTCHA?

Post by fade2gray »

AmigoJack wrote:
  1. Create a file /store/qa_debug.txt and set their permissions to 777 or likewise (the .htaccess in that directory should already prevent outsiders from reading that file).
Shouldn't that read /store/qa_debug.log, according to the code in the 'After, add;' block?
User avatar
AmigoJack
Registered User
Posts: 5795
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by AmigoJack »

fade2gray wrote:
AmigoJack wrote:/store/qa_debug.txt
Shouldn't that read /store/qa_debug.log
Yes, thanks. :)
Post edited.
  • The worst thing about censorship is ███████████
  • "The problem is probably not my English but you do not want to understand correctly. ... We will not come anybody anyway, nevertheless, it's best to shit this." Affin, 2018-11-20
  • "But this shit is not here for you. You can follow with your. Maybe the question, instead, was for you, who know, so you shoved us how you are." axe70, 2020-10-10
Locked

Return to “[3.0.x] Support Forum”