hammered by newly registered members

[Blue Blood]

Today I have been hammered by newly registered members.
Well they are all spam accounts.

I use the Q&A and use CPF
Here is a list of my questions..

Code: Select all

A man had 15 cats, and all but 8 died. How many are left?
Spell the answer ?+5=11
What is the first letter of this word? "Dictionary" No the 7th letter?
Today is opposite day. Are you a human?
If there is $9.83 and you take away $7.41, how much do you have?
Spell the answer zero+5+two=?
If there is $6.22 and you take away $4.76, how much do you have? 
Today is opposite day. Are you a bot?
What are the first and last letters of this word? "SPAM" No the 2nd letter?
If you had $4 and spent $1.50, how much would you have if you added them together?
Some months have 31 days, others have 30 days. How many have 28 days?

Are my question to easy? Some are kind of trick questions...

I was thinking it was a human, but I have got over 50 new accounts in about an hour...
What can I do, has the Q&A been cracked... I don't see how unless they have access to the DB..

[Oyabun1]

Some are kind of trick questions...

That would likely do more to confuse humans than the bots.

"Today is opposite day. Are you a human?" not sure what the answer to that is supposed to be because there seems to be 2 parts, and for a native English speaker "today is opposite day" is not grammatically correct and therefore has no answer.

"Some months have 31 days, others have 30 days. How many have 28 days?" I'd reckon at least 50% of people would get that wrong the first time and yet the bots could well have the question and answer already coded in.

As has been stated many, many times in this forum it is better to use only one question because then if the bots break it you will know and will quickly be able to change it. With a list of questions you don't know which one(s) they have broken.

[Blue Blood]

So I was thinking maybe a human got all the answers to my questions and then set up a bot to auto register with the answers.

So I changed all the questions... I'm still getting spam accounts...
one after another... its non stop....

All IPs are from CN, RU, UA, PL, and some don't have a country.
I know this don't mean much because they could be using proxies...

I have disabled registration for now....

Anyone else having this problem??

Anyone have a solutions???

[Blue Blood]

"Today is opposite day. Are you a human?" not sure what the answer to that is supposed to be because there seems to be 2 parts, and for a native English speaker "today is opposite day" is not grammatically correct and therefore has no answer.

The answer to "Are you a human?" would be YES But if Today is opposite day the answer would be NO

"Some months have 31 days, others have 30 days. How many have 28 days?" I'd reckon at least 50% of people would get that wrong the first time and yet the bots could well have the question and answer already coded in.

Every month has at least 28 days so the answer is "12"

As has been stated many, many times in this forum it is better to use only one question because then if the bots break it you will know and will quickly be able to change it. With a list of questions you don't know which one(s) they have broken.

I changed them all and they have not stopped or even slowed down??

disabled registration for now....

Its like its really an actual human setting up accounts..
10 accounts are setup
once the last account is setup
they all become activated
then they all start spamming
I ban them all
and the process starts over..

I wonder if I pissed someone off..
I have 3 forums its happening on and none of these forums are linked together.
I don't get it!!

Craziness!!!

[Barracuda_82]

I have this problem too! I got dozens of new spam registrations last night. I had one question and I changed it to something nobody could ever know, and I still get the registrations every ten/twenty minutes.

This really drives me nuts!

[STX1300man]

I've just had the same thing in the last 24 hours.

My questions have kept the bots out for the last 6-8 months with only 4 or 5 getting through (probably humans).

Has something been worked out by the bot writers to get around the Q&A Captcha?

[panhead]

Interesting! I have exactly the same situation (with just one question). Changed the question and will see what happens.

[deanmoke]

.

Has something been worked out by the bot writers to get around the Q&A Captcha?

I'm suspecting that may be the case as my Q&A worked up until last night and now the whole world appears to registering for my forum when I would normally only see 4 or 5 registrations a week (and all genuine users).
They are all attempting to post SPAM ads but not getting through as I have moderation in place for newly registered users.
As an experiment, I have set the Q&A with an answer that has nothing to do with the question (should be impossible to answer) .
Let's see what happens.
Dean

[blackwatch_uk]

I too have been hammered in the last few hours, mainly from Russia.

My question is pretty tricky if you're not from the UK. It's:

Which of these places is NOT in East Anglia? Norwich - Ipswich - Cambridge - York? Type the answer into the space provided. :

And they still manage to bypass it.

[KevC]

I have a feeling the 'upper case letters in this code' type question might have been cracked. Having not had anything since I started using it, I've got over 60 new (obvious) spam accounts across 3-4 boards this morning. One registering every 5-10 minutes in the early hours of the morning. Damn scumbags

[blackwatch_uk]

Can you offer a temporary solution Kevin?

[HGN]

Other options:

• Ask for a word somewhere in an image in the header (or elsewhere on the site).
• Ask for the numbers, lower case characters, or characters at certain positions in a string (although that may be cracked as well if the bots can deduct the uppercase characters).

As been mentioned quite often before: Only use one question, that can be replaced easily if it has been broken.

[Oyabun1]

I've always liked ones like, What is the ninth word of rule 1e? Not only do they seem to stump the bots it also means people have to look at the board's rule page at least once.

There are also a number of other CAPTCHA plugins available in the Modification Database, Anti-Spam.

[Jeroen E21]

Same here, never much spam and a question that has worked fine over the past 2 years.

But what I also see is that there are no entries in the User Logs.

Normally you see the following in Maintenance > User Logs: User account activated
which is logged when the user has clicked the activation link in the mail

So the activation link is not used, the account is not activated, but the new spam user can get in and post. It appears that they found a way to bypass crucial registration steps.

BTW I'm currently running version 3.0.10 after the update to 3.1.11 went wrong

[KevC]

So the activation link is not used, the account is not activated, but the new spam user can get in and post. It appears that they found a way to bypass crucial registration steps.

That can't happen on a default installation. Either you have something set up wrongly (such as guest posting is allowed), an incorrectly configured registration integration from another package or you have a duplicate installation which they're registering from.