Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 10 Nov 2017, 13:39
tpearl5's Avatar
tpearl5 tpearl5 is offline
 
Join Date: Nov 2001
Real name: John
Angry Stopping this type of spam

Alright, this new type of spam is driving me insane. It's always a similar format - mostly Indian "Love Potion" or Chinese - from seemingly random IP addresses. I've repeatedly banned certain IP ranges. No doubt its a bot, but there's at least some human involvement too.

Things I have installed:
  • Spam-O-Matic (registered with stopforumspam)
  • Bad Behavior
  • Latest re-Captcha (new users use it with every post)
  • The site is behind (paid) Cloudflare
  • vB v4.2.3

Any ideas on how to stop this for good?
Attached Images
File Type: png cpf_spam.PNG (122.0 KB, 29 views)
__________________
John
Reply With Quote
  #2  
Old 10 Nov 2017, 16:05
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Real name: Kris
Try using the Question And Answer option on registrations.

Ask several questions that only legitimate humans knowledgeable about your specific forum topic can answer and do not ask "yes" or "no" questions or anything that is a 50/50 answer like "true" or "false."

Spam-O-Matic is incredibly outdated and doesn't actually stop spam any longer so far as I can tell. Do you have the Stop Forum Spam set up to check IP addresses and e-mail addresses? You could set it to check user names but that gives false positives.
Reply With Quote
  #3  
Old 10 Nov 2017, 16:39
tpearl5's Avatar
tpearl5 tpearl5 is offline
 
Join Date: Nov 2001
Real name: John
Originally Posted by In Omnibus View Post
Try using the Question And Answer option on registrations.

Ask several questions that only legitimate humans knowledgeable about your specific forum topic can answer and do not ask "yes" or "no" questions or anything that is a 50/50 answer like "true" or "false."

Spam-O-Matic is incredibly outdated and doesn't actually stop spam any longer so far as I can tell. Do you have the Stop Forum Spam set up to check IP addresses and e-mail addresses? You could set it to check user names but that gives false positives.
Thanks for the feedback!

I do have Stop Forum Spam connected, but I think one of the issues is that vb4 does not handle ipv6 addresses correctly, so anyone using ipv6 isn't checked at all.
__________________
John
Reply With Quote
  #4  
Old 10 Nov 2017, 16:54
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Real name: Kris
Originally Posted by tpearl5 View Post
Thanks for the feedback!

I do have Stop Forum Spam connected, but I think one of the issues is that vb4 does not handle ipv6 addresses correctly, so anyone using ipv6 isn't checked at all.
Correct.

http://tracker.vbulletin.com/browse/VBV-3824
Reply With Quote
  #5  
Old 12 Nov 2017, 23:49
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
Do these new accounts (bots) have anything in common i.e. do they consistently enter in silly info into otherwise legitimate profile fields? i.e. do they happen to enter in "Man" or "Woman" in the biography field where anyone with common sense would know it should be a brief description of themself? If so see my info in this article to see if it can help you develop a custom solution .
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman - Custom vBulletin Modifications, Styles, and Services.
Need a Host? I recommend URLJet.

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!
Reply With Quote
  #6  
Old 13 Nov 2017, 00:03
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Originally Posted by TheLastSuperman View Post
Do these new accounts (bots) have anything in common i.e. do they consistently enter in silly info into otherwise legitimate profile fields? i.e. do they happen to enter in "Man" or "Woman" in the biography field where anyone with common sense would know it should be a brief description of themself? If so see my info in this article to see if it can help you develop a custom solution .
Multiple dots used in the email addresses, etc. In fact there used to be a Mod for that one if I recall correctly.
Reply With Quote
  #7  
Old 13 Nov 2017, 00:11
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
Cool

Originally Posted by Max Taxable View Post
Multiple dots used in the email addresses, etc. In fact there used to be a Mod for that one if I recall correctly.
I don't recall that mod but if you stumble across it again let us know, sounds promising but I'm worried someone legitimate like john.doe@gmail.com might be flagged? I personally do not know of nor have ever dealt with a client who had an extra dot in their email but that does not mean some don't do it either.
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman - Custom vBulletin Modifications, Styles, and Services.
Need a Host? I recommend URLJet.

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!
Reply With Quote
  #8  
Old 13 Nov 2017, 00:52
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Originally Posted by TheLastSuperman View Post
I don't recall that mod but if you stumble across it again let us know, sounds promising but I'm worried someone legitimate like john.doe@gmail.com might be flagged? I personally do not know of nor have ever dealt with a client who had an extra dot in their email but that does not mean some don't do it either.
No, the example you just gave would not be flagged. The settings started with 2 dots on either/or side of the ampersand, and could be set to 2,3,4 or however you wanted it. So that stuff like this:

john.j.doe.de@gmail.com

Wouldn't pass muster if your limit was set at 2..
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


New To Site? Need Help?

All times are GMT. The time now is 14:06.

Layout Options | Width: Wide Color: