Spam Bots Attacking! Please Help!

[dominoz]

Yeah, I've been running that for a while Kevin, since people complained they were struggling to read the confirmation code

I'll change it to the GD Image and see how it goes.

Thanks

[KevC]

The GD one has adjusters for complexity of the image.

[dominoz]

Ok thanks Kevin

[Travisher]

I found users struggling with the GD images but spammers still getting through.
I completely redid my Q&A questions yesterday which seems to have stopped the spammers.
However it isn't conclusive as I also blocked Russian Federation and China at server level.

[lemmingtopias]

I have been getting swarms of SpamBots attacking lately too. Using the ReCaptcha and yet they still get through.

[callumacrae]

I have been getting swarms of SpamBots attacking lately too. Using the ReCaptcha and yet they still get through.

reCAPTCHA has been cracked. Use Q&A CAPTCHA with plenty of good, unique questions.

~Callum

[BioLogIn]

Was using reCAPTCHA, attacks started a few days ago. Yesterday switched to GD 3D captcha, that seems to help - not a single spambot for last 24 hours.

[Saint_hh]

reCAPTCHA has been cracked.

Yes, seems so. No spambots with the Q&A captcha since yesterday.

[callumacrae]

Was using reCAPTCHA, attacks started a few days ago. Yesterday switched to GD 3D captcha, that seems to help - not a single spambot for last 24 hours.

You would be best off with Q&A CAPTCHA, but if it's keeping the spam at bay I guess it's fine to use the 3D captcha. Make sure it's not keeping your users out though

~Callum

[haggisv]

Just out of interest, and this is not conclusive proof.... I've just changed all my Q&A questions, and in the last 6 hours, I've not had a single spammer register.

This tends to indicate that they are not bypassing the Q&A, but have simply compiled a set of answers, that will, after enough tries, give the right answer when the right question comes up.

I will continue to monitor this, but it looks like questions will simply need to be changed a lot more often.

I can confirm that after several days, changing the Q&A to a new set of questions has completely stopped this current wave. I guess we're going to have to change the questions more often, or our answers will get added to a list, and things will heat up again.

[DBM]

Just out of interest, and this is not conclusive proof.... I've just changed all my Q&A questions, and in the last 6 hours, I've not had a single spammer register.

This tends to indicate that they are not bypassing the Q&A, but have simply compiled a set of answers, that will, after enough tries, give the right answer when the right question comes up.

I will continue to monitor this, but it looks like questions will simply need to be changed a lot more often.

I can confirm that after several days, changing the Q&A to a new set of questions has completely stopped this current wave. I guess we're going to have to change the questions more often, or our answers will get added to a list, and things will heat up again.

Using a completely fresh set of questions has worked here too.

I can also confirm that reCaptcha is broken - everyone stick with Q&A and keep updating the questions.

Like someone suggested earlier in the thread, it would help if a future edition of the Q&A captcha included some means of recording which question was answered on successful registration, so we can easily identify which question has been compromised if a bot gets through.

I'm also going to install the Advanced Block MOD and use it with the stopforumspam DNSBL.

[Saint_hh]

Like someone suggested earlier in the thread, it would help if a future edition of the Q&A captcha included some means of recording which question was answered on successful registration, so we can easily identify which question has been compromised if a bot gets through.

I guess this is a really good idea.
Regarding the Q&A plugin: it seems that I have an advantage in having a pure German board. All bots are going on English and GMT-12 - so I defined only one "question" for English:

Sorry, you seem to be a spambot - if not: choose the other language:

As answer I configured a passphrase which would be good enough for the pentagon.

And it's interesting to watch the phpbb_qa_confirm table. Every insert with "lang_iso" set to "en" is a bot - could be easily seen that the wave is still heavily going on.

[callumacrae]

I just had a little prune of my users, changed my questions and enabled user activation.

That reduced 139 users to 18, and I haven't had any registrations since!

~Callum

[Travisher]

Since I reset all the questions on Q&A and blocked Russian Federation and China I have had no more spambots getting through. However, checking the logs shows that the onslaught has not diminished much as there appears to be attempts from Israel and a number of what I can only assume are fake DNS since while a reverse lookup produces empire-sys.com using whois gives no such domain. Other IPs appear to be 'unallocated IP space'.
It would appear that we are witnessing the culmination of a concerted effort to break down the protection of bulletin boards etc.. I'm told that some porn sites 'reward' users who add capcha answers to a database. So the logical thing to do is have plenty of questions and keep changing them - hence my idea of putting the answer given in your activation email so you can spot when they have reached the end of their useful life.

[Speedy62]

I have changed the Q&A to entirely new questions everyday since Friday and the onslaught still continues. I am at a loss what to do.