Anyone else being hit with more than the usual spam today?

Claudio Ba said:
Any bot can read numbers...so I think this idea won´t work. That´s why many bots read on q&a systems "which color red" and they just try to answer red. Many times they have success
Click to expand...
I have read about XRumer "learning system" that is a bit more complex (btw, it is scary how they intend to pay their users for solved Q&A they share).
By randomizing the answer and moving it elsewhere in the page (in footer, in a js popup,...), I believe it could be possible to confuse the software (not the people, of course). And of course, numbers are not a viable solution, but randomly generated alpha+num keys that a standard user can copy-paste are still not too close from being forbidding.
 
I installed KeyCaptcha and I'm still getting 3-5 bots a day! A lot better than 100 though... Is the hidden field the only thing they haven't gotten around? I'm afraid that KeyCaptcha doesn't have long since some have gotten around it.
 
If you like CAPTCHA, CustomImgCaptcha is one they will not get through for a long while (they are your own custom images).

The problem with most CAPTCHA is once it's popular, the set only needs to be trained against. With CustomImgCaptcha, every forum has their own set (as long as you change the default images), so there is no data to train against.

This is true for games, images, button, puzzles...etc, if it becomes popular it becomes a target, custom images can not be targeted.

But yes, none have got through FoolBotHoneyPot's hidden fields and custom registration page

CustomImgCaptcha and FoolBotHoneyPot work hand in hand (FoolBotHoneyPot provides that stats and tells you how many humans / bots pass/fail the CAPTCHA), but they can be used independently

You might also want to look at your other registration areas, some people don't realise that bots can get through FaceBook registration, there is a solution for that: http://xenforo.com/community/resources/facebookregcaptcha-spam-combat.1222/ ... It might be that they haven't gotten through keyCaptcha, but are simply exploiting your other un-protected areas.

There are lots more to try here too:
http://xenforo.com/community/resources/dealing-with-forum-spam.980/
or search the resources directly: spam (some of which are free)
 
turtile said:
I installed KeyCaptcha and I'm still getting 3-5 bots a day! A lot better than 100 though... Is the hidden field the only thing they haven't gotten around? I'm afraid that KeyCaptcha doesn't have long since some have gotten around it.
Click to expand...

Are they new registrants? Or simply registrations that were in the system before the install of KeyCaptcha.
 
I'm definitely getting hit with xrumer as one of the users that registered was xrumertest. I posted my url for the first time EVER the other day and its only happened since then so I am fairly sure they are scraping this site.
 
turtile said:
I installed KeyCaptcha and I'm still getting 3-5 bots a day!
Click to expand...

I've looked through the recent update again and there is nothing to suggest KeyCaptcha has been target again by XRumer (link: version 7.7.35)

Look at your access logs (see here) for registrations of these bots (search for their IP address) to see if they:

a) Registered through Facebook
or
b) The time at which they registered to see if they were registered before you installed KeyCaptcha (as ManagerJosh Suggested)
 
So I posted previously about a new spam service that we were planning to offer for a small fee. It seemed like people liked the idea, but not the idea of paying for it.

In light of the recent spam influx people have been seeing, we've decided to make this a free service to try and alleviate the pain people are going through.

If anyone is interested in signing up and trying out the service, you can do so here: http://spam-service.block8.co.uk/

You'll be emailed a license key and a link to download the XenForo addon. It's completely free to use.

Let me know what you think, especially if you use it - I'd love to know if it is working for you! :)
 
Dan Cryer said:
So I posted previously about a new spam service that we were planning to offer for a small fee. It seemed like people liked the idea, but not the idea of paying for it.

In light of the recent spam influx people have been seeing, we've decided to make this a free service to try and alleviate the pain people are going through.

If anyone is interested in signing up and trying out the service, you can do so here: http://spam-service.block8.co.uk/

You'll be emailed a license key and a link to download the XenForo addon. It's completely free to use.

Let me know what you think, especially if you use it - I'd love to know if it is working for you! :)
Click to expand...
Can it be used in parallel with other counter spam services?
 
Dan Cryer said:
Certainly, though I wouldn't recommend using it alongside anything that checks StopForumSpam, as that'd just mean twice the hits StopForumSpam has to deal with.
Click to expand...

So if you're hitting SFS as well, what advantages is there for using your counter spam add on in comparison to something like xenutils ?
 
ManagerJosh said:
So if you're hitting SFS as well, what advantages is there for using your counter spam add on in comparison to something like xenutils ?
Click to expand...

There was quite a lot of discussion about this in the other topic. In short, I can't really compare between this and XenUtils, as I've not used XenUtils, however here's a couple of differences:
  • We use a different set of spam service providers (currently StopForumSpam, CloudFlare, SpamHaus and a couple of others)
  • Being a hosted service, rather than just an addon, allows us to change the service as and when patterns in the spam registrations we're seeing change. We can add our own algorithms, remove ones that don't work, add new third party providers, and so on.
  • We maintain our own database too (as well as feeding data back to SFS, CloudFlare, etc) - and can use that to catch some spam registrations that they miss.
  • We can change how much we trust each individual service at any given time, as it becomes clear which are providing the best service at that time.
It really is just another option, it may or may not work out better for you than any other addon. I guess since it is now free, the best way to decide is to give it a try and see how it fares for you! :)
 
Dan Cryer said:
So I posted previously about a new spam service that we were planning to offer for a small fee. It seemed like people liked the idea, but not the idea of paying for it.

In light of the recent spam influx people have been seeing, we've decided to make this a free service to try and alleviate the pain people are going through.

If anyone is interested in signing up and trying out the service, you can do so here: http://spam-service.block8.co.uk/

You'll be emailed a license key and a link to download the XenForo addon. It's completely free to use.

Let me know what you think, especially if you use it - I'd love to know if it is working for you! :)
Click to expand...
Signed up and running on my Dev board. I've re-enabled registrations, so will see if any bots get through, and will look to run on live board after a week or so of testing.
 
I found that how I word the Q&A does the trick. For example, up until the election I asked "Who will be the next President? The choices were obviously either "Obama" or Romney." It seems bots can't speculate about the future. With the election over I need a new question. I have a temporary one that will become obsolete today. The question is "What will you eat on Thanksgiving? Choices are "Turkey, yams, stuffing, cranberry, cranberries, cranberry sauce." That's worked fine for the past two weeks. Now I'm stumped.

Any ideas?
 
Diana said:
I found that how I word the Q&A does the trick. For example, up until the election I asked "Who will be the next President? The choices were obviously either "Obama" or Romney." It seems bots can't speculate about the future. With the election over I need a new question. I have a temporary one that will become obsolete today. The question is "What will you eat on Thanksgiving? Choices are "Turkey, yams, stuffing, cranberry, cranberries, cranberry sauce." That's worked fine for the past two weeks. Now I'm stumped.

Any ideas?
Click to expand...
What day of the week does new years eve land on? (for 2012)
 
Diana said:
I found that how I word the Q&A does the trick. For example, up until the election I asked "Who will be the next President? The choices were obviously either "Obama" or Romney." It seems bots can't speculate about the future. With the election over I need a new question. I have a temporary one that will become obsolete today. The question is "What will you eat on Thanksgiving? Choices are "Turkey, yams, stuffing, cranberry, cranberries, cranberry sauce." That's worked fine for the past two weeks. Now I'm stumped.

Any ideas?
Click to expand...

What Holidays are coming up?

Hannakah
Christmas
Kwanza
New Years
Winter Solstice
 
"What's your sexual preference?" gay, straight, bi, female, male... which throws a "trick" in it lmao. female / male are genders.. not sexual preferences.. however, gay, straight, and bi.. should be allowed as answers though. because if YOU'RE gay, then answering "straight", and "bi" won't really be YOUR preference.. haha. Bots won't KNOW your preferences.. unless ya get gay with them lmao. :P

not aimed towards anyone specific of course. also, not sure about allowing 3 right answers out of 5 total would be good either.. hmm
 
It's tricky. The answer has to be something any sentient human would know, but that requires guessing.

I think bots would know which day of the week a holiday falls on or the standard upcoming holidays, they might be able to know the choices of sexual preferences as well (plus I wouldn't want new members to think I'm getting too personal). The idea is good because everyone would know their sexual preference and there are a limited number of choices (still, it's something the bot might figure out).

I think the part of the question that throws them off is the word "will." "What will you.... " or "who will..." It forces the bot to speculate about the future, something that does not compute. A friend suggested "What will you eat the next time you go to McDonalds?" Everyone knows you eat either hamburgers and/or french fries, but a bot might still be thrown off by the "what will you..." part of the question. I might try that one although I'd rather not use a brand name in the question.
 

Similar threads

TimWilson
  • Question Question
XF 2.2 Restricting thread-starting permission in one forum only
Replies
7
Views
551
TimWilson
TimWilson
A
Extremely annoying member
2 3
Replies
58
Views
4K
Suzanne O
Suzanne O
Vercingetorix
Activity Summary emails are the digital equivalent of junk mail.
Replies
3
Views
1K
Vercingetorix
Vercingetorix
mattrogowski
Confusing app_api_validate_request event behaviour
Replies
0
Views
346
mattrogowski
mattrogowski
M
  • Question Question
XF 2.2 Disable automatic link shortening with ellipsis/periods/dots? URLs displayed with dots will be broken when copy-pasted.
Replies
0
Views
471
MaximilianKohler
M
Top Bottom