hammered by newly registered members

[Lumpy Burgertushie]

Yeah, I am wracking my brains for questions that cannot be answered by bots. My two questions before today were:

Suzuki motorcycles are made in _________
google search fourth result
Suzuki motocross bikes are what color?

How a program can solve that is beyond me.

just fyi they don't have to be questions.

for instance;

question: type the middle two words of this sentence.

answer: two words

or,

put the last four letters in reverse of the following:
motocross

answer: ssor

robert

[Pony99CA]

I have four questions.....

As I understand it, more questions reduces security as the user only needs to answer one of them. Am I wrong?

Yes. Essentially, you have no way of knowing which questions are working and which are not.

That reasoning is flawed. Presuming that all Q&As are equally good, if one question is broken, bots will have a 1 in N chance of registering correctly the first time (where N = the number of questions that you use). If N = 1, bots will get in until you change your question.

Similarly, if bots are smart enough to keep trying if the registration fails, it will take roughly N/2 attempts on average to get the broken question. If N/2 is less than your registration attempt limit, there's a good chance that a bot will get in.

Multiple questions doesn't reduce security; it just means that you have to change all of your questions if one is broken.

Steve

[vossen]

same here, hammerd with newly registerd members. on my populare board.
have Q&A to for registration.

my small board is still clean.

seems like, it does not matter what Q&A you have. my guess is they bypass it.

any idea how to stop this spam would be nice.

[Pony99CA]

Here's some more data, for what it's worth.

Most importantly, I have had zero spam registrations in the last two or three days. You might say my board wasn't targeted, but...

In the last 3-7 days, I did get 5-7 spammers who activated accounts, mostly from Chinese IP addresses (and several with 163.com E-mail addresses, which I have now banned), some of which posted (mostly pushing Louis Vuitton). I also had a similar number of inactive registrations. I changed my Q&A from a Yes/No answer to one a little more difficult (pick one word out of three) and, as noted, haven't had spam since.

I have seen a jump in visitors. Checking my error log showed several URLs like the following:

Code: Select all

[Fri Nov 16 16:28:48 2012] [error] [client 80.252.155.87] File does not exist: /home/pocketpc/public_html/discuss/index.php+++++++++++++++++++++++Result:+text+captcha+decoded+wrong;+chosen+nickname+"SesCrergy";+registered+(registering+only+mode+is+ON);+e-mail+address+or+server+is+banned;, referer: http://www.svpocketpc.com/discuss/index.php+++++++++++++++++++++++Result:+text+captcha+decoded+wrong;+chosen+nickname+%22SesCrergy%22;+registered+%28registering+only+mode+is+ON%29;+e-mail+address+or+server+is+banned;

Note the reference to "text captcha" in there.

The above was for my main board. My test board hasn't had any spam activity at all lately (although it has in the past).

Steve

[wmtipton]

Im going to try to change my Q&A to something like asking to describe something about the website graphically that isnt in the text anywhere....

[Blue Blood]

OK after starting this topic last night I see I'm not the only one!!

After reading the whole thread I have made the suggested changes.
Changed Registration attempts from 5 to 3
Changed the A&Q to a single question.
Here is my question:
What is the 1st, 10th and 3rd letters in the sites logo?

I figured this would be good asking for more then just one letter.
One of the letters is a number too!!

So I enabled the registration and went to get some food.
I was gone for about 30 mins.
Got back, checked it out and had NO NEW ACCOUNTS!!

But there are 10 or more bots trying to register a new account at any given time.
Not sure what this will do the the speed of my forum...

[Blackwolf_Oz]

Off Topic but Blue Blood ......I registered on your site months ago & have now been banned due to being a spammer...have sent 3-4 emails asking to be unbanned but no reply.

I can assure you I am no spammer.

You have been permanently banned from this board.

Please contact the Board Administrator for more information.

Reason given for ban: Spam

A ban has been issued on your username.

I use Blackwolf on your site.

[John P]

Why can't we log which question is answered right by a spammer, so you know the broken question

[Blue Blood]

Off Topic but Blue Blood ......I registered on your site months ago & have now been banned due to being a spammer...have sent 3-4 emails asking to be unbanned but no reply.

Sorry I don't check my admin email very often..
I guess I got ban happy, your IP counrty is AU
I have had a lot of spam accounts from AU

You are good to go now!

Why can't we log which question is answered right by a spammer, so you know the broken question

Plus 1

I still have never understood why all the broken captcha's are still an option...
Why not remove these next release!!

[brononi]

Since a week or 2, i'm having the same issue. The forum runs for several years, and never had an issue.
And now, i've got almost each 15 minutes a new user. For the moment, i added the option that an administrator needs to activate it. I already changed the Q&A to something else. But the registrations keep on going.

My Q&A? "MAG is de belangenvereniging voor?" > Motoren
So really no idea who this can be 'hacked' this fast, in about 10 minutes?
So i think that this way of registration isn't going through the Q&A part...

Any suggestions are more then welcome!

[stanhilliard]

In approximately 24 hours on November 15 & 16 2012, 219 bot-usernames posted 654 messages. Most were from three names. Many had usernames had one or zero posts. But active ones posted at essentially no delay between posts.

My Q & A question was an instruction to spell SNOWMAN backwards. It had worked perfectly for months.

I changed the Q & A to ask the user to identify the middle character of a 7 character nonsense string. No bots have posted since -- about 12 hours. I made the change while 7 bots were on line and posting. One new username appeared seconds before my Q & A change.

I have since deleted all 219 usernames and their 654 posts.

My board is version 3.0.10

[Blue Blood]

Question??
Dose VB, IPB or any of the paid forums have this problem??

[Mick]

Dose VB, IPB or any of the paid forums have this problem??

As far as I'm aware yes as do many many other sites, if you have a Google around you will see it's a global epidemic.

Why can't we log which question is answered right by a spammer, so you know the broken question

Having several Q&A's for one language has never been recommended, if you have just one you will know immediately which question has been defeated.

I have personally been doing some tests over the last few weeks and it seems using the upper and lower case thing has been busted and asking the new registrant to type the first four letters of a particular word etc. doesn't seem too safe either. The typing of a displayed random character string still seems to be holding and asking for certain letters in an image in the header seems good for now. This problem isn't going to go away any time soon, the financial rewards are too great for the protagonists, so we all have to be on the ball.

[Paljas]

Tip for cleaning: use the prune users option from the admin panel. You can specify by date, so you can remove all users that were registered in a specific period including their posts in one go. Easy.

By the way. This forum also uses fairly weak check of giving only cap chars from a random string..

[MarkHoward]

I've had the same problems.
Initially changed the 4 questions that I had - no difference - heaps of spam registrations.
I then disabled new registrations.

That stopped them.

I have now made the following changes:
Only one Q&A question requiring inspection of home page graphics.
Reduced registration tries to 2.
Requires Admin confirmation.
Re-enabled registration.

Going to bed now and will report the result in the morning.