Well to me anyway

Here's a good thread on TAZ where someone has discovered the culprit behind all the forum SPAM!

http://www.theadminzone.com/forums/s...ad.php?t=31168

Our problem appears to be originating from this website: http://www.botmaster.net/faq/

Specific features FAQ: http://www.botmaster.net/faq1/

Quote:

I am not a programmer, just an administrator of a Vbulletin site for the past 6 years. There are some things I'm not sure of, but there are other things I understand completely. I'll share what I understand to be a fact, and maybe you can help me figure out the things I'm not sure about.

This software has the capability to targets forum titles that are appropriate for the type of advertisement. If no forum is appropriate, the software posts the spam in the generic forums like off-topic or the most popular forum on the site. (I noticed a member here posted that she noticed the software was posting in obscure forums but then started posting in her more popular forums as she combated this problem. Everyone said she overestimated bots. Everyone was wrong.)

To put the icing on the cake, this software has the capability to KNOW when we delete ads, ban bot members, or block e-mail address domains, etc. We aren't crazy when we feel like the assault on our forums is getting stronger with every attempt we make to block this bot. It knows what we're doing and it is attacking stronger.

References are made in the software description that our sites are listed in it's target based on "Google PR." I do not know what Google PR means. Is this simply that it is attacking us because our sites come up on the top of google searches (mine does)? Or is this the result of our adding google ads to our sites (we added google ads to our site earlier this year)? Or is google somehow involved in this? If our forum software manufacturers can't fight this monster, can google do something about it for us (assuming google isn't involved in this---or a co-partner with botmaster).

This software has the capability to complete registrations even with the security image feature.

From the best I can tell, it appears to identify when forums are password protected, when confirmation is manual, and when posting goes to pre-moderation. It appears that this software doesn't know how to get around these things and will not bother attacking forums with these protections. Read the software descriptions for yourself and tell me if you read it that way too.

If you think about it, this software would probably not know how to read a second password requirement beyond it's user password. If we password protected our forums, and supplied the password to users (and new users via their registration confirmation e-mails), then the spam software would probably hit a brick wall. Or setting new members to go into a probation mode upon confirmation and manually switching legitimate users to registered uses while deleting the nonlegitimate spam. This is alot of work though. I'm liking the password protection on the forums the best, and I'm thinking of giving that a try unless you guys come up with a better idea.

Opinions?

These bastards need to be stopped!!

password protecting your forums to prevent spam attacks is the most retarded thing I've heard in a long time.

Quote:

and when posting goes to pre-moderation.

Then just use this hack then: http://www.vbhackers.com/f76/prevent-spam-6040/

ya - pretty easy to write something that pulls the additional passwords from the confirmation emails.

May slow down the script kiddies using out of the box bot, but anyone with real skills will get past this easily.

At the same time smart people can stay a step ahead. All the information to do so is there. If the Bot is able to see when a post is deleted, find a way to feed the bot what it wants to see. Make the bot think it is merrily doing it's job. feed it passwords that log into an empty forum. Delete posts by content. I am sure there is a way to stop it. Or to at least make it think it is working when it is not.

Is this a problem with EF getting hit or just a hit against all vBulletin forums?

All vBulletin Forums have spam problems. Some more than others though.

well, at least those guys know their business model.

$400 a copy and i guess they are selling quite some.

I just set vbulletin so that I have to manually approve all new members before they can post. I get about 10 - 20 new sign ups per day, usually half are spam-bots. I have learned to recognize them by email address and name. I haven't had one spam post in over 2 years. Takes me a few minutes a day, but it is much easier than cleaning up hundreds of spam posts.

Actually this thing was built for phpBB. And phpBB from what I hear gets the brunt of the spam posts but vbulletin popularity among spammes is catching on. VB is updated much more though so I guess that's why it isn't worse on VB.

I get around one a week out of around 150 sign ups, although the bot apologises for maybe posting in the wrong forum bless him, I really dont see it as a problem.
I use Invision, but can confirm some of the other users of the script do have problems, so vbulletin isn't alone.
I have seen one registration field, where you have to imput the random letter of a word, for instance what is the 4th letter of spammer, which sounds as if its a good idea, but whether it works or not I dont know, I cant even remember where i saw it.

Quote:

Below are listed main specification and features of XRumer

# Multithreaded submitting: over 50 simultaneously running threads possible! (30 threads are recommended for optimal performance under 128 Kbps bandwidth)
# Software can perform registration at forums (if necessary for posting messages) and automatically fill in the required fields. Upon successful registration XRumer posts the user-specified message and/or links.
# The powerful built-in proxy-server checking script locates available proxy-servers worldwide, choosing anonymous addresses among them.
# Software is able to work with lots of different types of forums and guestbooks: phpBB and PHP-Nuke with any modifications, yaBB, VBulletin, Invision Power Board, IconBoard, UltimateBB, exBB, phorum.org, wiki, different types of bulletin boards and even custom-written code.
# Attention: unique feature – software works around EVERY possible type of protection from automatic registration, including:
- Pictocode protection (tickets, captcha), which look something like: "Enter the number you see in the box". Details...
- E-mail activation protection. Details...
- Java-script protection. Details...
# During the process of posting a detailed log is created with precise path-links to posted messages so that you can check every link and every posted message afterwards.
# A built-in proprietary "Question-answer" system.
# A variations system, using which you can post up to 10000 messages all looking different but with similar contextual meaning and the user-defined hyperlinks in them. It helps to broaden the key queries (for Search Engine optimization) and protect your posts from being filtered out by Search Engines (that is, your posts will be included in SERPs).
# If the forum has more than one category, the software chooses the one most suitable for the message, otherwise it sends the message to off-top, flame sections or the like, and in case those do not exist - to the most visited category on the forum.
# BB-code can be used.
# The following forum base processing tools are included: repeated links deletion, hit descending sort, service denial according to customizable black list, and various filters. The program informs the users about availability of new versions and possesses many other powerful features.

The system is fully user-independent and requires minimum skills to handle: you only need to choose the proper links database, create a message text with one or several hyperlinks and hit the 'Start' button. THAT IS ALL.

XRumer software package includes the Hrefer program and databases with links to more than 72.000 forums.

$400... haha

I've been getting hammered lately by the spam....even an Xrummer "demo" post, LOL.

My solution was simple. All new users go into a restricted group. They have severely limited privileges and can only post in the introductions forum. Once that first post has been made, they are promoted (automatically) to the regular users group.

This is not fool proof, because obviously spammers that are dead set on spamming your forum will make a post and get the promotion, but it adds a layer of hassle that will discourage spammers and confound bots. It also keeps any spam that does occur pretty much just in the one forum, which makes it easier to deal with.

So now my protection looks like this:
Image verification at signup
no duplicate emails
email confirmation for activation
1 post required in newbie intro forum

Spam protection is like a house alarm. The alarm isn't going to stop an intruder that wants to get into YOUR house. However, it will discourage a burgler looking to break into ANY house, since he'll go for the easier pickings.

I do things such as ban IPs and email addresses - I also have a hack that doesnt let most spam posts through.

the sammer are killing me, spending most of my time on them now.

Thank for the heads up

-Dan

Dude there are tons of forum bots, I have a few myself (don't use them though, just for a rainy day ) but you can not really stop spam, just roll with it and delete it and get that hack Brent posted

If as an Administrator we check members at the time of signup and manually approve new members then the chances of spammers go down a lot. They always expect an instant sign-up.

ugh gotta hate bots lol

XRUMER is insane :shuriken:

I hate these people too. I had several small forums that I have almost had to lock down and stop accepting new members. It is really unfortunate.

over at vborg there is a mod for 3.6 called Is Bot, It has stopped 90% of my bot registrations, it calculates the time it takes for someone to go through the registration process, and if it is under a preset number of seconds it blocks the registration and emails webmaster email. I have mine at the default of 15 secs and most bots go between the registration pages in like 8 seconds or so. Thought i would pass along.

Quote:

Originally Posted by skyhawk133

password protecting your forums to prevent spam attacks is the most retarded thing I've heard in a long time.

I must agree.