Spambots with Q&A CAPTCHA?

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Suggested Hosts
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
User avatar
Howlinggriffon
Registered User
Posts: 1
Joined: Fri Jan 13, 2012 9:21 am

Spambots with Q&A CAPTCHA?

Post by Howlinggriffon »

I run a small wargames club forum and I have been using the Q&A CAPTCHA spambot countermeasure successfully since June last year. This morning I've found four spambot signups; not an issue as I manually approve all signups but I'm just wondering if anyone had seen spambots get through the Q&A system?

I recently upgraded to version 3.0.10 and also installed Tapatalk so I'm wondering if it's Tapatalk that has caused this in some way?

I was using the default suggestions shown on the Spambot sticky so I've adjusted those in case the spambots have that question programmed but I would be grateful if people with more experience and larger forums could give some advice.

Many thanks!
User avatar
KevC
Support Team Member
Support Team Member
Posts: 70281
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by KevC »

Q&A works very well.

The key is to use a question that you can't google the answer to.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"
lissyara
Registered User
Posts: 7
Joined: Mon Dec 07, 2009 6:42 am
Location: USSR
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by lissyara »

Kevin Clark wrote:Q&A works very well.

The key is to use a question that you can't google the answer to.
no
I upgrade yesterday, 3 forums
after it, I have more spam on all

I use QA, non-english questions/answers, not simple

now, I delete 5 questions from 10 (I add logging answers and find spamers by IP in log). and it continue....

previous, I have my 1 questions in spamers database, but, one, not all!
User avatar
Lumpy Burgertushie
Registered User
Posts: 68307
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by Lumpy Burgertushie »

no idea what any of that means.

if you have one question like:
type the middle three letters of the word shizzle
answer: izz

( don't use this one make up your own )

then no spam bot can answer that question or google for it.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 51682
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by stevemaury »

Also, one question is better than 10, because the more questions, the greater chance of answering one correctly.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
Swanny
Registered User
Posts: 459
Joined: Sun Apr 14, 2002 2:11 am
Location: Canada

Re: Spambots with Q&A CAPTCHA?

Post by Swanny »

I use Q&A and I've seen a big influx of spammers today. I have a bunch of forums and almost all of them have been hit. I don't know what's different but I rarely got spam before, today I got loads (at least 20 spam posts and 10 spam accounts). Normally I get spam maybe once a week.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 22919
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably.

Re: Spambots with Q&A CAPTCHA?

Post by Mick »

Swanny wrote:I use Q&A and I've seen a big influx of spammers today. I have a bunch of forums and almost all of them have been hit.
Make sure your Q&A can't be Googled, use something that the BOTs have no way of knowing. An example could be:

Q: Enter the middle four letters of kafoodal
A: food
"The more connected we get the more alone we become" - Kyle Broflovski©
User avatar
P_I
Registered User
Posts: 1341
Joined: Tue Mar 01, 2011 8:35 pm
Location: Staying home - Western Canada
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by P_I »

I'm involved with two forums that are using Q&A CAPTCHA and have non-Googlable (word?) questions. Yet we've seen a dramatic increase in spambot registrations lately, even after the Q&A questions have been changed. The questions are along the lines that Mick (and others) have suggested.

Some timeline might be useful. On one of the forums, we first implemented Q&A CAPTCHA back in March 2011 and it was very successful. Over the past week or so, we've seen a big increase in the number of successful spammer registrations. Our moderators indicate they noticed the trend starting in the mid to late October timeframe, which corresponds to our update to 3.0.9. We're still on 3.0.9, with plans to update to 3.0.10 soon.

Is it possible that spambots have figured out a backdoor registration method in 3.0.9? One UI change in 3.0.9 was a change to the copyright message -- so Google can be used to find forums running 3.0.9.

Is there any logging methods that can be used to confirm that users registered after solving the Q&A CAPTCHA?
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams
User avatar
KevC
Support Team Member
Support Team Member
Posts: 70281
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by KevC »

There are no known 'back door' methods.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"
dsines
Registered User
Posts: 15
Joined: Wed Aug 09, 2006 3:48 pm
Location: Austin, Tx
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by dsines »

I've had spam registrations ever since upgrading to the latest version last week getting through the Q&A (use variation on the x number of letters from the last word in the previous sentence). The other forum I run (very tiny 5-7 users) also was upgraded but hasn't been hit yet.


edit: ugh, just looked and I have a bit over 50 inactive user registrations sitting there since I turned admin activation this afternoon. I haven't had any in months since turning on the Q&A. I find the timing right after an upgrade to be highly suspect.
-Dale
Swanny
Registered User
Posts: 459
Joined: Sun Apr 14, 2002 2:11 am
Location: Canada

Re: Spambots with Q&A CAPTCHA?

Post by Swanny »

Whoa, I've got over another 100 spam posts today since I posted earlier. Must be a Friday-the-13th surprise. For me it is. I've been banning IPs, email addresses, changed the Q&A and even turned on admin activation on one of my forums. This is getting old quickly.
User avatar
Lumpy Burgertushie
Registered User
Posts: 68307
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by Lumpy Burgertushie »

Swanny wrote:Whoa, I've got over another 100 spam posts today since I posted earlier. Must be a Friday-the-13th surprise. For me it is. I've been banning IPs, email addresses, changed the Q&A and even turned on admin activation on one of my forums. This is getting old quickly.
we can't help if we can't see the board. please give us a link to the board so we can test.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
dsines
Registered User
Posts: 15
Joined: Wed Aug 09, 2006 3:48 pm
Location: Austin, Tx
Contact:

Re: Spambots with Q&A CAPTCHA?

Post by dsines »

I had another 28 attempted registrations overnight (admin activation prevented them). I did have one that managed to register and post this morning even with the admin activation requirement. The admin activation is working except for the single one overnight. The spam it is generating notifying me of a new user is annoying (and I can turn it off when it gets too nutty).

It is possible it isn't a spambot attack and could be actual people spamming.

Anyhow, I ran through the registration process on my boards this morning and the Q&A was still required and I was unable to login without manually activating (as an admin).


xegonybard.com/forums/

edit: sadly I'll be out of pocket almost all day Saturday so I'll be of little help. If you need to me change any settings like turning off admin activation or activating a user name for you all let me know.
-Dale
chillbear
Registered User
Posts: 6
Joined: Sat Jan 14, 2012 1:12 pm

Re: Spambots with Q&A CAPTCHA?

Post by chillbear »

Hi guys!

Since my upgrade to 3.0.10 I also noticed a SIGNIFICANT increase in successful spambot registrations. I used a custom Q&A with very specific questions in German - now I switched back to ReCaptcha, but somehow these ****ers still manage it to register and post threads, trying to sell prescription drugs and other common spam stuff. Before 3.0.10 the forum has been running with a lot of traffic for almost 2 years...and almost no spambot problems at all!

Forum address is http://www.pulverdampf.com - every spambot that pops up is going to be deleted as soon as spotted - including all his posts.
ThE CaPtAiN
Registered User
Posts: 1
Joined: Sat Jan 14, 2012 2:15 pm

Re: Spambots with Q&A CAPTCHA?

Post by ThE CaPtAiN »

chillbear wrote: Since my upgrade to 3.0.10 I also noticed a SIGNIFICANT increase in successful spambot registrations.
Same here. I am only using ReCaptcha atm!
Here's the link to my Forum
Locked

Return to “[3.0.x] Support Forum”