Page 3 of 3

Re: Spambots with Q&A CAPTCHA?

Posted: Sun Jan 15, 2012 7:30 pm
by Mick
Just five or six random would be fine.

Re: Spambots with Q&A CAPTCHA?

Posted: Sun Jan 15, 2012 10:21 pm
by bluematttkz
We normally get 5 per week

yesterday and today we have had 80 new spambots sign up

time to change the Q&A

Re: Spambots with Q&A CAPTCHA?

Posted: Sun Jan 15, 2012 11:07 pm
by Lumpy Burgertushie
bluematttkz wrote:We normally get 5 per week

yesterday and today we have had 80 new spambots sign up

time to change the Q&A
what question have you been using?
go ahead and post it if you are going to change it anyway.

robert

Re: Spambots with Q&A CAPTCHA?

Posted: Mon Jan 16, 2012 3:35 am
by P_I
Mick wrote:Would you mind PM'ing me the email addresses of the ones that posted please?
Done

Re: Spambots with Q&A CAPTCHA?

Posted: Mon Jan 16, 2012 4:22 pm
by chillbear
I realized that somehow still ReCaptcha was running (might have missed hitting an "Apply" button or similar)...I replaced it now with Q&A with just one complex question - so far so good, but 1 suspicious account already registered with the new setup - but I cannot tell yet if it is a bot or not for sure. I will keep an eye on it and update the status here.

Re: Spambots with Q&A CAPTCHA?

Posted: Wed Jan 18, 2012 9:41 am
by jas0n-no-spam
I haven't upgraded from 3.0.8, yet I too have experienced several spam registrations over the last couple of days (but none for months beforehand).

So I'd suggest the spam bots have acquired some new skills, which just happened to coincide with your upgrades.

Re: Spambots with Q&A CAPTCHA?

Posted: Wed Jan 18, 2012 12:59 pm
by Mick
I'm of the opinion it's a coincidence as well along with an increase in human spammers.

Re: Spambots with Q&A CAPTCHA?

Posted: Wed Jan 18, 2012 1:07 pm
by dsines
Mick wrote:I'm of the opinion it's a coincidence as well along with an increase in human spammers.
I might have gone with this initially. However, over the last week the spam registrations have continued to increase and are spread pretty evenly throughout the day at all hours. The names also are completely random letters again (at least the human spammers of the past at least tried to make a reasonable name).

Thankfully the manual activation is preventing them from actually hitting the boards, although I am effectively spamming myself with all the new user notices.

Re: Spambots with Q&A CAPTCHA?

Posted: Mon May 21, 2012 10:10 pm
by nirok
I can also confirm that I upgraded from 3.0.6 to 3.0.10 and I use the Q&A plugin. There was no spam previous to the upgrade, now I get around 10 - 15 or more trying to join a day, 1 or 2 activate and post... I have noticed this on both my websites: http://kapitifishing.co.nz and also spoodle.co.nz ...

I wonder if either spambots have a work around the Q&A plugin in 3.0.10 or if the Q&A isn't working properly

Re: Spambots with Q&A CAPTCHA?

Posted: Mon May 21, 2012 10:16 pm
by KevC
You could do with making your questions a bit harder.
I just saw one asking me to enter the middle letter of the word rig.
That's only a 1 in 26 chance of guessing.

The other two I saw also had dictionary words as the bit to guess rather than random codes.

You only need one question. By using 3 or 4, if one is ineffective, you don't know which one it is. If you have only one question and you start getting spambot registrations you know the bit you need to change.

Re: Spambots with Q&A CAPTCHA?

Posted: Mon May 21, 2012 10:48 pm
by Orange Air
I now suffer NO SPAM ;)
My methods:
1] Use Q&A and (it's been mentioned over & over) is, Don't use a question that you can Google the answer to :roll:
2] Ban all" *@yahoo.*", "*@gmail.*" and "*@hotmail.*" email addresses. (I know some of you won't do this. But the truth is we ALL have "real" email addresses provided by our ISP's. The fact that some choose to hide behind another address tells its own story :) )
3] Ban the IP address "188.*.*.*" The entry(s) in "WhoIs" are false. I am 95% certain this is a major spamming/porn operation. (100% certain if it comes from "188.24.*.*" through "188.27.*.*" and "188.143.*.*") Just this one change alone reduced my SPAM from a flood to a trickle ;)

Just my two-pennies worth :)

Re: Spambots with Q&A CAPTCHA?

Posted: Tue May 22, 2012 8:07 am
by AmigoJack
Orange Air wrote:we ALL have "real" email addresses provided by our ISP's. The fact that some choose to hide behind another address tells its own story
My story would be: I don't trust my ISP to not read plaintext e-mails from/to me - not to mention any government raid (for whichever true or false reason) which will automatically also get all your e-mails. Other stories would be: the ISP changes more often than an e-mail-address should. Or just the freedom to be AAAP (as anonymous as possible).

For all future replies: if you want to debug on how your Q&A system is working, do the following:
  1. Create a file /store/qa_debug.log and set their permissions to 777 or likewise (the .htaccess in that directory should already prevent outsiders from reading that file).
  2. Open /includes/captcha/plugins/phpbb_captcha_qa_plugin.php and find:

    Code: Select all

        function check_answer()
        {
            global $db;
    
            $answer = ($this->question_strict) ? utf8_normalize_nfc(request_var('qa_answer', '', true)) : utf8_clean_string(utf8_normalize_nfc(request_var('qa_answer', '', true))); 
    After, add:

    Code: Select all

            /*** 2012-05-22 BEGIN AmigoJack
                Log all Q&A validations ***/
            define( 'QA_DEBUG_FILE', $_SERVER['DOCUMENT_ROOT']. '/store/qa_debug.log' );
            global $user;
    
            $sText= "\n"
            . "\nTime:\t". date( 'Y-m-d H:i:s O' )
            . "\nAddress:\t". ( isset( $_SERVER['REMOTE_ADDR'] )? $_SERVER['REMOTE_ADDR']: '' )
            . "\nUser agent:\t". ( isset( $_SERVER['HTTP_USER_AGENT'] )? $_SERVER['HTTP_USER_AGENT']: '' )
            . "\nHost:\t". ( isset( $_SERVER['REMOTE_HOST'] )? $_SERVER['REMOTE_HOST']: '' )
            . "\nReferer:\t". ( isset( $_SERVER['HTTP_REFERER'] )? $_SERVER['HTTP_REFERER']: '' )
            . "\nUser:\t#". $user-> data['user_id']. ' = '. $user-> data['username']
            . "\nAnswer:\t". $answer
            ;
            /*** 2012-05-22 END ***/ 
  3. Find:

    Code: Select all

            $sql = 'SELECT answer_text
                FROM ' . CAPTCHA_ANSWERS_TABLE . '
                WHERE question_id = ' . (int) $this->question;
            $result = $db->sql_query($sql);
    
            while ($row = $db->sql_fetchrow($result))
            {
                $solution = ($this->question_strict) ? $row['answer_text'] : utf8_clean_string($row['answer_text']);
    
                if ($solution === $answer)
                {
                    $this->solved = true;
    
                    break;
                }
            }
            $db->sql_freeresult($result); 
    After, add:

    Code: Select all

            /*** 2012-05-22 BEGIN AmigoJack
                Log all Q&A validations ***/
            $hLog= fopen( QA_DEBUG_FILE, 'ab' );
            fwrite( $hLog, $sText
            . "\nSolved:\t". ( $this-> solved? 'yes', 'no' )
            );
            fclose( $hLog );
            /*** 2012-05-22 END ***/ 
Untested. Be aware that this logs Q&A attempts only - you have to ensure yourself that no other methods (i.e. CAPTCHAs) are activated.

Re: Spambots with Q&A CAPTCHA?

Posted: Tue May 22, 2012 8:35 am
by KevC
Orange Air wrote:2] Ban all" *@yahoo.*", "*@gmail.*" and "*@hotmail.*" email addresses. (I know some of you won't do this. But the truth is we ALL have "real" email addresses provided by our ISP's. The fact that some choose to hide behind another address tells its own story :) )
That's fine until you move ISPs. You might not be able to take a long standing address with you. There's nothing at all wrong with allowing gmail, hotmail etc.
Orange Air wrote:3] Ban the IP address "188.*.*.*" The entry(s) in "WhoIs" are false. I am 95% certain this is a major spamming/porn operation. (100% certain if it comes from "188.24.*.*" through "188.27.*.*" and "188.143.*.*") Just this one change alone reduced my SPAM from a flood to a trickle ;)
This is largely pointless.

Re: Spambots with Q&A CAPTCHA?

Posted: Thu Oct 18, 2012 1:09 pm
by fade2gray
AmigoJack wrote:
  1. Create a file /store/qa_debug.txt and set their permissions to 777 or likewise (the .htaccess in that directory should already prevent outsiders from reading that file).
Shouldn't that read /store/qa_debug.log, according to the code in the 'After, add;' block?

Re: Spambots with Q&A CAPTCHA?

Posted: Thu Oct 18, 2012 1:43 pm
by AmigoJack
fade2gray wrote:
AmigoJack wrote:/store/qa_debug.txt
Shouldn't that read /store/qa_debug.log
Yes, thanks. :)
Post edited.