Jump to content

Spam attack today

2dub
 Share

Recommended Posts

2dub Explorer

2dub

Posted
Posted

My license is up to date.  I am behind on the may update.

But I've been killed by spammers today. I just disabled registrations. But I had 35 registrations today (huge for my site) all flooding me with spam. 

They are validating their address and Spam Defense is giving them a 1 score.  I also have questions to answer at registration.

Any further suggestions as to what I can do?

Could contain: Page, Text

image.png

image.png

Link to comment
Share on other sites
Clover13 Mentor

Clover13

Posted
Posted (edited)

It happened to me recently too.  I switched from reCAPTCHA V2 to hCaptcha.  So far, so good.  I can't tell if they are actually humans or not however, but they are/were getting through the effective human registration process/steps with non-spam registered emails.

Edited by Clover13
Link to comment
Share on other sites
Jim M Grand Master

Jim M

Posted
Posted
4 minutes ago, 2dub said:

 

image.png

Keep in mind that there are human spammers as well who do research and work for bots. By supplying answers to 3/4 of these questions in the question itself, you're making their lives very easy. These questions, in general, are rather easy and your target niche don't need those answers in question. If these questions are old, it may be well that the bots/humans have discovered these answers.

You'll also want to switch to hCAPTCHA and ensure you have "Difficult" set for the passing method if you continue to get hit hard.

10 minutes ago, 2dub said:

They are validating their address and Spam Defense is giving them a 1 score.  I also have questions to answer at registration.

Be sure to also flag all these users as spammers as that will tell our Spam Defense of them.

Link to comment
Share on other sites
Clover13 Mentor

Clover13

Posted
Posted

Yeah that's the same I got hit with and flagged as spammers.  Some of the same emails.  Ironically, shortly ago (with hCaptcha) I had a spammer join two of my sites with the same email within minutes of each other, but chose two different usernames.  On one site, they posted a couple times trying to act like they were interested (maybe a bot even).  But profile location in Texas, IP in Wisconsin and timezone in New York it was pretty clear they were trying to get by the post limit to access PMs and spam there IMHO.

Link to comment
Share on other sites
Clover13 Mentor

Clover13

Posted
Posted

@2dub I'm on a 2+ week span.  Two waves with a large number, once I put it back to admin approval on accounts it slowed down, then it seems like a few feeler registrations come in and if it's back on auto approval via email verification another wave hits.  My sense is this bulk of emails being used need to be flagged so they get added to the pool and detected on other sites.  Seems like this recent attack has all new emails, not currently known ones.

Link to comment
Share on other sites
Arthmoor Enthusiast

Arthmoor

Posted
Posted

It's a long standing issue with IPS and their "anti-spam" that doesn't actually prevent spam. Even with hCaptcha.

It would be better to press them on enacting my suggestion from January when I got hit by the same spammers:

 

The other often mentioned "solution" is to spend an additional $20 to install ClearTalk, but IMO one should not require additional paid apps to run an already expensive package.

Link to comment
Share on other sites
beats23 Experienced

beats23

Posted
Posted

Same here. Since yesterday spammers have been on my site. Some of the spamming emails are the same as @2dub coming from this same email. "@andorem.com" The PC system time they are using is for Kolkata India, and a few from LA. I had to use Cloudflare to block all connections from India to slow down the spamming. Why is IPS spam tool not blocking these spammers?

Could contain: Person, Text, Face, Head

 

Link to comment
Share on other sites
Marc Stridgen Grand Master

Marc Stridgen

Posted
Posted
34 minutes ago, beats23 said:

Why is IPS spam tool not blocking these spammers?

I think there may be a misunderstanding on how spam prevention works unfortunately. The reality is, in order to prevet spam, they need to first of all be known to be spam. As bots get more sophisticated, they get closer and closer to looking like human registrations. So you run a fine line between preventing spam, and preventing actual registrations. And when you do pick up on IPs, email addresses etc, it takes time for them to be known as being spam.

What I would say here, is in almost all circumstances when we have looked at customer sites, the following tend not to all be in place

  • Spam service set to its defaults
     
  • Multiple question & answers set up, that are not machine solvable (putting something like "What is 2+2?" will simply be solved by a bot. Having only 1 set up means once its solved, its solved)
     
  • Not yet using hCaptcha, which was added to our software to try and combat some of the more advanced spam that was turning up
     
  • Not adjusting hCaptcha settings to a level at which is reducing spam to a suitable level

I would advise anyone who is having problems, check the settings above. This said, there is no silver bullet for spam that will work every time. There will be times where items such as these make their way through.

Link to comment
Share on other sites
cmer Apprentice

cmer

Posted
Posted
23 hours ago, 2dub said:

My license is up to date.  I am behind on the may update.

But I've been killed by spammers today. I just disabled registrations. But I had 35 registrations today (huge for my site) all flooding me with spam. 

They are validating their address and Spam Defense is giving them a 1 score.  I also have questions to answer at registration.

Any further suggestions as to what I can do?

Hello,

I understand your frustration. Today, I disabled registrations on my website as well due to an influx of spammers. It's astonishing how many registrations I received in a single day, and it's a major issue for my site too.

I've been experimenting with different solutions to combat this problem, and I've found that implementing KeyCAPTCHA seems to be more effective in blocking these spam attacks compared to reCAPTCHA. KeyCAPTCHA provides an additional layer of security by incorporating interactive puzzles or challenges that are more difficult for bots to bypass.

 

Could contain: Page, Text

Link to comment
Share on other sites
Marc Stridgen Grand Master

Marc Stridgen

Posted
Posted
1 minute ago, cmer said:

I've been experimenting with different solutions to combat this problem, and I've found that implementing KeyCAPTCHA seems to be more effective in blocking these spam attacks compared to reCAPTCHA. KeyCAPTCHA provides an additional layer of security by incorporating interactive puzzles or challenges that are more difficult for bots to bypass.

hCAPTCHA is currently proving to be the most effective

Link to comment
Share on other sites
olyclimber Enthusiast

olyclimber

Posted
Posted

Yeah I had hCAPTCHA enabled and got over 17 pages of fresh spam this morning and like 15 new spam registrations this morning.  I've turned off new registrations till I can figure out something...or actually set to admin approved only.

This is a problem.  Hopefully either Invision or the Invision Community/user base can share some real solutions ASAP.

 

Link to comment
Share on other sites
Jim M Grand Master

Jim M

Posted
Posted
4 minutes ago, cmer said:

Difficult

May want to double check that as I was not shown a difficult pass when using hCAPTCHA on your community's registration page.

Additionally, you are not using Question & Answer challenges. Which also help combat spam when used appropriately.

 

Link to comment
Share on other sites
cmer Apprentice

cmer

Posted
Posted
1 minute ago, Jim M said:

May want to double check that as I was not shown a difficult pass when using hCAPTCHA on your community's registration page.

However, I use Difficult for the Hcaptcha 

Could contain: Page, Text, Business Card, Paper

Link to comment
Share on other sites
olyclimber Enthusiast

olyclimber

Posted
Posted
2 hours ago, Clover13 said:

@cmer and @olyclimber what were you set on when you got hit?  Auto or Difficult?

I was not set on difficult.  I tried to change that setting this morning but it didn't take for some reason in Safari...seems to work in Firefox.  But in Safari it was just letting people in with a checkbox.  I didn't test Chrome or Edge because I ran out of time and I have to get to meetings. I assume this is a problem with hCatpcha not Invision?  IDK.  But not like there is a lot to it...just grab the key and the secret and plug them in.

I'm not sure why I was having the above issues but for now I'm still set to manually approve till I get time to look at it. 

Link to comment
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Upcoming Events

    No upcoming events found
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...