Jump to content

IP2.3.6 spambots

Guest rbiss

By Guest rbiss
in Feedback

Recommended Posts

  • Management
Charles Grand Master

Charles

Posted
  • Management
Posted

I'm sorry if you did not receive a notice about the PM spam issue. We did post an announcement in the client area yesterday regarding it.

We had to take action as the PM spam was so bad that the hosting servers were being reported as spam sources themselves. We automatically patched any boards that were on the latest and unmodified version of 2.3.6 but those that were not we have to disable the PM system so your emails were not globally blocked.

  • Replies 114
  • Created
  • Last Reply
crmarks Collaborator

crmarks

Posted
Posted

Is anyone else noticing a number of validated registrations from questionable IPs? I've kept admin validation in place to see who's making it through the new CAPTCHA since upgrading last night, it's a troubling trend. They're probably not automated, I have about 5 in the queue since last night. I feel defenseless at this point.

Mark H. Mentor

Mark H.

Posted
Posted

Yeah, those are probably human registrants.

If the account gets turned over to a bot, the new patch should stop them dead when they try to mass PM.

As long as you've installed (AND tested) the patch, you should be fine.

Mark H. Mentor

Mark H.

Posted
Posted

That will have to be answered for certain by someone who knows more than I do.

But if the flood control for searches is an indicator, I think the timer runs independently of attempts, and just counts down to "zero" then lets them send one PM again.

I just installed this with a 10 minute time limit for starters.

But we've not had one spammer get through in ages anyway. Newly-registered users have a lot of restrictions on the forum I help run, and that's a major reason why.

Brandon D Mentor

Brandon D

Posted
Posted

Pretty sure there's just a global setting. If you had the delay grow with each attempt it would have to be per-user and that's just too much overhead. What it does is just look at the time the user's last PM was sent and rejects the current one if it was within the time limit you specify.

China J Enthusiast

China J

Posted
Posted

It be nice to see how many minutes/seconds you have before making the next attempt. For example a 1 minute setting will show the current time when you post and then the error shows the next time you can post which is the same time. I think *cough* excuse me for saying a bad word but vb tells you how many seconds you have before you can post a new message.

Mark Grand Master

Mark

Posted
Posted

It be nice to see how many minutes/seconds you have before making the next attempt. For example a 1 minute setting will show the current time when you post and then the error shows the next time you can post which is the same time. I think *cough* excuse me for saying a bad word but vb tells you how many seconds you have before you can post a new message.




We did notice that it will show the current time - but it's intended, I think we all thought a to-the-second countdown was a bit overkill :)
aesthetic Newbie

aesthetic

Posted
Posted

Select your own member group (Admin) to bypass the PM flood control.



Highlight multiple groups with ctrl and/or shift mouse clicks.



That works with POSTING flood control, but how do I make it work with the new PM flood control?
AtariAge Veteran

AtariAge

Posted
Posted

Recaptcha has been broken by bots for month. Do not depend on it.



Something has definitely happened with Recaptcha in the last week. I have Recaptcha on all the contact forms on my site (which live outside the forum) and I've seen a large increase in the spam I'm receiving through these forms. Prior to this, I received virtually NO spam and Recaptcha was working great. Either Recaptcha has been broken by bots (and they don't want to admit it) or the spammers are using humans to validate the captcha. Whatever is taking place, I hope they are able to come up with some sort of solution that makes Recaptcha more reliable again.

..Al
AndyF Grand Master

AndyF

Posted
Posted

How do I do that? My Board is hosted at IPB.




The files will (probably) have already been changed for you if you are using IPS hosting. :)

All you need to do is import the settings file. Download the .zip here >

Extract the zip and you will only need the ipb_settings_partial.xml file. Go to your ACP > Tools / Settings >

Scroll down to past the end of the settings, look for "Upload XML settings file from your computer" and browse and upload that xml file and then click "Run Tool" :)
AtariAge Veteran

AtariAge

Posted
Posted

People are probably best just going user then admin validation at the moment.



I've been doing this for over a year and it's one of the best ways to prevent spammers from getting through to your board. I can go many months without a spammer getting through. Basically you look at the location of the IP address, search Google for the username and email address, and search StopForumSpam.com for IP/username/email. This will catch most of the spammers. After that, any I am suspicious about I will validate but put on Moderator Preview until they've made a few posts.

It is time consuming, but it has stopped a great number of spammers from getting through to my board. I also have a "Ban" mod installed that lets my global mods immediately ban, blacklist and remove any posts from spammers so if they do get through, their impact is negligible.

..Al
sunrisecc Mentor

sunrisecc

Posted
Posted

How do I do that? My Board is hosted at IPB.




I assume you checked the ACP and only see 5 options for PM management. If you cannot upload/import the xml file yourself, create a ticket and Invision will do it for you.
I am also assuming that you do not have a full license. If you do, you just follow the intstruction to import the xml from your hard drive.
bfarber Grand Master

bfarber

Posted
Posted

Either Recaptcha has been broken by bots (and they don't want to admit it) or the spammers are using humans to validate the captcha. Whatever is taking place, I hope they are able to come up with some sort of solution that makes Recaptcha more reliable again.



..Al




If humans are answering captchas, quite frankly, there's nothing that can be done, wouldn't you agree? At the point where humans are doing the registration, there's not a whole lot you can do on an automated basis.
AtariAge Veteran

AtariAge

Posted
Posted

If humans are answering captchas, quite frankly, there's nothing that can be done, wouldn't you agree? At the point where humans are doing the registration, there's not a whole lot you can do on an automated basis.



Yes, and that's what I'm afraid of. I don't want to say there is no possible solution around this, just that it probably will not be trivial by any means. If humans are solving the captchas, I assume that the spammers are copying the image, displaying it on another site, and then end users are solving them. Not sure how you go about combating that.

..Al
aesthetic Newbie

aesthetic

Posted
Posted

The files will (probably) have already been changed for you if you are using IPS hosting. :)



All you need to do is import the settings file. Download the .zip here >



Extract the zip and you will only need the ipb_settings_partial.xml file. Go to your ACP > Tools / Settings >



Scroll down to past the end of the settings, look for "Upload XML settings file from your computer" and browse and upload that xml file and then click "Run Tool" :)



Thanks! That fixed it.
Brandon D Mentor

Brandon D

Posted
Posted

Like I said in another topic, there's little more that can be done at preventing spammers from registering. Attention should be shifted from preventing registrations to preventing spam from being posted - like the Askimet service for blogs. Spammers ARE going to successfully register on your board, your last line of defense is going to be catching the spam as it's posted/sent/emailed/whatever.

ll4ever Enthusiast

ll4ever

Posted
Posted

how about adding the captcha for ppl with less than 10 posts before they send a pm.
if they post on the forum, you can tell if it's a bot and remove it quickly.
If they just use the PM, they won't post at all.

I'll probably add it on my site because they still come and pm.

  • Management
Matt Grand Master

Matt

Posted
  • Management
Posted

Askimet is a pain, though. It's an option for blog comments but it can be a support nightmare as it often times out.

Speed Racer Apprentice

Speed Racer

Posted
Posted

Askimet is a pain, though. It's an option for blog comments but it can be a support nightmare as it often times out.





Matt-

Does this mean that you will be checking if we can browse IPB 3.x on BB OS 4.6 or greater?

IMG_8327

Pretty please? :)

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2025 IPS, Inc.
×
×
  • Create New...