Management Matt Posted October 3, 2008 Management Share Posted October 3, 2008 How would we check that? Link to comment Share on other sites More sharing options...
desti Posted October 3, 2008 Share Posted October 3, 2008 How would we check that? Talk with reCaptcha, they can create page for you (returning "Ok", for example), class_core_captcha check link/replies and call appropriate class. U can make check page on your server (refresh reCaptcha server every 5 min.). Another way - "task", running regularly and insert server status in reCaptcha or other table. Link to comment Share on other sites More sharing options...
desti Posted October 3, 2008 Share Posted October 3, 2008 And integrate IT to forum engine with table of question and answer, admin interface, etc. Not as custom field, but as addition to security module. Link to comment Share on other sites More sharing options...
stoo2000 Posted October 3, 2008 Share Posted October 3, 2008 I'm probably stating the obvious here, but I've noticed my site has not had any bots register at all. The differences I can see is that we don't have a mention of IP.Board or the version on our forums. Link to comment Share on other sites More sharing options...
Amy T Posted October 3, 2008 Share Posted October 3, 2008 I'm probably stating the obvious here, but I've noticed my site has not had any bots register at all. The differences I can see is that we don't have a mention of IP.Board or the version on our forums. I assume you paid for the copy write removal? Link to comment Share on other sites More sharing options...
CannonFolly Posted October 4, 2008 Share Posted October 4, 2008 I'm having a significant spam problem as well. A 'member' appeared on the forums and created a topic in a forum at random.Title: Looking for seek-url on your site!!! Description: problem Message: So... good site... Where search-page on your site. Can you advise me? P.S. Anybody know about XRumer 5.0 program? Need an url to it... One of my members caught it right away. I banned it and enabled admin approval for registrations on top of the email verification. I did some sleuthing and found out that it is a common tactic for 'XRumer' to make a post like this in the hopes that someone would link to the site willingly. The program is Russian made and has claimed to be able to register and post in a large assortment of forum software Ipb, Vbulletin, phpbb, custom software etc... I found a database that tracks and keeps records of spam bots and over the past few day the registrations have been pilling up in the admin panel and everyone is failing the check with the database. I banned inbox.ru mail.ru, cashette.com emails but a good few have gone to using gmail. Much like the person above I have custom fields, only mine are optional. In the (3) fields the bot puts the Username in the first one, something related to the name in the second one, and google in the last one. Each bot uses a different email, username, and ip. --- I'm glad to say that the spammers haven't succeeding in posting since that fist message, but between server emails, sifting through real registrations and fake ones, and the overall thought that some jack*** is smirking behind some machine while I whittle away is starting to make me lose it. I consider this a short term solution, because if this continues I'll eventually quit sifting through the registrations and my forum will be dead in the water. Does anyone know of anyway to stop this for good? The only thing I can think of is .htaccess but a post on a site that distributes xrumer mentioned the following: The list of user agent now can be edited in file x_user_agent.txt any ideas for what I can do? //Edit: I checked the user agent of one of the malicious IP Addresses, it's using a Valid windows opera 9.0 string. "Opera/9.0 (Windows NT 5.1; U; en)" I don't want to ban a valid agent just to get rid of bots. Is there some way to implement a Q & A field in Ipb? If not I would love to see an option to switch between a Q&A verification or a captcha in IPB 3 //Second Edit Whoops I didn't catch the update, I was so caught up in the spammer I missed it. Sorry about this, I'll install the update and see if it stops them. Glad to see IPB reacting so swiftly though. Link to comment Share on other sites More sharing options...
Mat Barrie Posted October 4, 2008 Share Posted October 4, 2008 Another interesting note is that if you use Converge to handle registrations (no, not let IPB use Converge, but actually force IPB to send registrations to Converge) to handle, it's something so completely unexpected, that the bots don't work. In my case, I force registrations to a Converge install on a completely different subdomain, and it seems to do the trick. Link to comment Share on other sites More sharing options...
henke37 Posted October 4, 2008 Share Posted October 4, 2008 I think the best way to test if reCapatcha is fault tolerant is to simply firewall of the outbound connection once it is setup. Link to comment Share on other sites More sharing options...
stoo2000 Posted October 4, 2008 Share Posted October 4, 2008 I assume you paid for the copy write removal? I presume so it was a long time ago (perpetual customer) Link to comment Share on other sites More sharing options...
Mat Barrie Posted October 4, 2008 Share Posted October 4, 2008 I presume so it was a long time ago (perpetual customer) How do you forget whether you paid $275 USD?!? Must have real trouble with the tax returns, huh? Link to comment Share on other sites More sharing options...
martineer Posted October 4, 2008 Share Posted October 4, 2008 Well, up until a week ago, I never had a problem with spambots. However, in the last week, there's scores of them registering. Even updating the improved CAPTCHA has not stopped them and more arrive on a daily basis. Grrrrr! :( I've obtained my recaptha keys and have upgraded to 2.3.6 :rolleyes: Here's hoping. Link to comment Share on other sites More sharing options...
stoo2000 Posted October 4, 2008 Share Posted October 4, 2008 How do you forget whether you paid $275 USD?!? Must have real trouble with the tax returns, huh? I didnt do the purchasing ;) Link to comment Share on other sites More sharing options...
CannonFolly Posted October 4, 2008 Share Posted October 4, 2008 Applied the update and removed the administrator approval process, caught about three online late last night trying to register and they all failed. I'm going to keep a close eye on it but I think the update did it for me. Looking forward to 3.0, keep up the good work invisionpower. :) Link to comment Share on other sites More sharing options...
crafty55 Posted October 8, 2008 Share Posted October 8, 2008 well, i just did the follow the letter to the t, added the questions and we went from close to 400 spam tries to 0 the second i did it. my tech guy will still apply the new fix, but i was impressed that i was able to take care of it by doing the custom question. Link to comment Share on other sites More sharing options...
PKIDelirium Posted October 8, 2008 Share Posted October 8, 2008 I haven't had any bots since applying 2.3.6. Link to comment Share on other sites More sharing options...
lagislabonita Posted October 8, 2008 Share Posted October 8, 2008 itsnt it also a good idea just to put *@gmail.com and *@googlemail.com as one of your black list emails? i mean it seems like everyone who got spammed was from a google email service. :huh: Link to comment Share on other sites More sharing options...
Cybertimber2009 Posted October 8, 2008 Share Posted October 8, 2008 It's normal question. reCaptcha server may be stopped or DDos-ed. Board engine [b]must[/b] check it and switch to internal captcha. Eh, I see a problem with that. If you code the board to check, and ReCaptcha has region specific unaccessability (say you can't access in Raleigh NC but everywhere else works fine, due to ISP/DNS issues) the board would show it as being acessable and you'd still see a empty spot. So you'd have to code for the users browser to check, and if it fails, to show the board's captcha. Then a bot could just simply block the Recaptcha request, make it fail, and use the older style captcha built into IPB. Darn robots. And I just finished watching Terminator: SCC too! Link to comment Share on other sites More sharing options...
Jυra Posted October 8, 2008 Share Posted October 8, 2008 itsnt it also a good idea just to put *@gmail.com and *@googlemail.com as one of your black list emails? i mean it seems like everyone who got spammed was from a google email service. :huh: No because many human people use it. Link to comment Share on other sites More sharing options...
brawlyrox Posted December 5, 2008 Share Posted December 5, 2008 Considering I now have 3000 spam accounts on my forum, does anyone know of a SQL query I can run to get rid of them all? I was thinking along the lines of:DELETE * from ibf_members WHERE 'location' = "Google" Which I know won't work, but you see my line of thinking... Link to comment Share on other sites More sharing options...
Cool Surfer Posted December 5, 2008 Share Posted December 5, 2008 Considering I now have 3000 spam accounts on my forum, does anyone know of a SQL query I can run to get rid of them all? I was thinking along the lines of:DELETE * from ibf_members WHERE 'location' = "Google" Which I know won't work, but you see my line of thinking... What you can do is let all visitors who register put them to a new group lets say pre-member, and once they post they can be moved automatically to members group. Link to comment Share on other sites More sharing options...
RTM Posted December 8, 2008 Share Posted December 8, 2008 What you can do is let all visitors who register put them to a new group lets say pre-member, and once they post they can be moved automatically to members group. That's a decent idea to manage new registrations that may be occuring from suspicious persons (or bots that may bypass the captcha prior to the 2.3.6 captcha fonts and backgrounds) but it doesn't address the issue of having hundreds or thousands of suspected "validated" spam accounts. Some methods I have been evaluating for sites we manage: I think that many of us have been focusing heavily on looking for publicly visible SPAM posts in our IPB forums, but we have to remember that these bots or malicious human members may be quietly sending out SPAM via private messages to your members. Some of these recipients may simply get annoyed and leave your community without even signaling the issue. Often a member may think that a forum is somehow explicitly allowing this type of PM SPAM ... which, I'm sure, is far from the truth for most forum managers. Just my $0.02 ;) Rob [*]Do a targetted mailing to all member accounts with zero posts since the bot attacks started in October 2008. Ask them to post an introductory message in a "Introductions" forum. [*]After 7-14 days, delete (or move into a restricted member group) all member accounts that have not been active and/or posted. [*]Send an email to your well established members (i.e. > 50 posts) asking them to check for, and report, any SPAM being sent through PM by members - especially recently registered members with little or no public forum activity. Link to comment Share on other sites More sharing options...
brawlyrox Posted December 12, 2008 Share Posted December 12, 2008 Thats not really what I asked. I've implemented the security question idea which has now stopped spam registrations. However I currently have 3000 existing spam accounts that I want to get rid of. Instead of spending hours deleting each account manually I was wondering if anyone knew the SQL to do it? Link to comment Share on other sites More sharing options...
RobertMidd Posted December 12, 2008 Share Posted December 12, 2008 Thats not really what I asked. I've implemented the security question idea which has now stopped spam registrations. However I currently have 3000 existing spam accounts that I want to get rid of. Instead of spending hours deleting each account manually I was wondering if anyone knew the SQL to do it? Are these account easily identifiable and if so, how ? Link to comment Share on other sites More sharing options...
brawlyrox Posted December 15, 2008 Share Posted December 15, 2008 Yes, they all used the same information in certain fields: Location: google Drives: 143040 Member of a local club? 143040 I was going to base my delete query on any member where the location = google. Link to comment Share on other sites More sharing options...
RobertMidd Posted December 15, 2008 Share Posted December 15, 2008 Yes, they all used the same information in certain fields: Location: google Drives: 143040 Member of a local club? 143040 I was going to base my delete query on any member where the location = google. ok here is what I would do. Setup a new group for member to be deleted and run the following SQL query replacing xx with the new member group id.update ibf_members set mgroup=xx where id = (SELECT e.id FROM ibf_member_extra e where e.location='google') Then use the manage members to find members for mass delete and select the group for deleted members. Note: I have not tested this SQL query. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.