Do you have an AngryUser ?

[ManOnDaMoon]

Same here, I had to set manual approbation on new registered users in order to stop the wave while I was away.

EDIT : Oh, and they seem to come from Russia or Ukraine, but several of them logged in later with Chinese IP addresses.

 

[Oleg-Sentia]

Confirming this as well. Our second site is currently under attack of russian spammers it seems. Is this xenforo related?

It is not xenforo related, but the last release of hacking program supports XF.
Here U can buy new release http://go****biz.com/showthread.php?t=31526
Instead of asterisks please insert a word "fu ck". Russian language, google translate will help.

P.S. I am not hacker, i'm only admin of one of XF forums.
Now I switched off recaptcha and using q-a.

P.P.S. The algorithm of registration is close to next:
- Bot make Registration
- I received a letter of registration, but the "Who's Online" tells that he does not finish the registration and so in this situation a session is not closed
- guests appears with other browser name (really that is only a parameter in this programm) but with the same IP address it lights up that he has already authorized.
- I go to the admin panel, the user is registered.

It seems small changes in XF code can close this hole.

 

[Digital Doctor]

P.P.S. The algorithm of registration is close to next:
- Bot make Registration
- I received a letter of registration, but the "Who's Online" tells that he does not finish the registration and so in this situation a session is not closed
- guests appears with other browser name (really that is only a parameter in this programm) but with the same IP address it lights up that he has already authorized.
- I go to the admin panel, the user is registered.

It seems small changes in XF code can close this hole.

That sounds like the bot registering and then another bot replying to the registration email.

 

[Craig]

I had the same thing, and then in one day i got hit bad with roughly 100 spam registrations from Russia, Ukraine, and some China.

I now use question and answer that is specific to part of my site i haven;t had any problems with it.
I also banned the members IP Addresses

 

[Oleg-Sentia]

I also banned the members IP Addresses

I made the group without writing rights for this bots and every time move each one to it.
They have to work for me increasing attendance.

 

[tenants]

It is not xenforo related, but the last release of hacking program supports XF.
Here U can buy new release http://go****biz.com/showthread.php?t=31526
Instead of asterisks please insert a word "fu ck". Russian language, google translate will help.

P.S. I am not hacker, i'm only admin of one of XF forums.
Now I switched off recaptcha and using q-a.

P.P.S. The algorithm of registration is close to next:
- Bot make Registration
- I received a letter of registration, but the "Who's Online" tells that he does not finish the registration and so in this situation a session is not closed
- guests appears with other browser name (really that is only a parameter in this programm) but with the same IP address it lights up that he has already authorized.
- I go to the admin panel, the user is registered.

It seems small changes in XF code can close this hole.

That link just points to an un-modded XRumer, its an older version too

Can you have a look at what happens when your users register with FaceBook (just create a new account)... do these users bypass your normal workflow?

Also, look at your access logs on your server (search for the IP address of the bots at the point of registration)

I have a sneaky suspicion these ones are getting around the "security" by using the "register with FaceBook"....
This gets around almost everything (there isn't even CAPTCHA with FB Registration). So one fake FB account can be used to "easy" register on thousands of forums without any bot prevention mechanism getting in the way
If that is so, I've just added a free resource to work with whatever CAPTCHA you usually use to prevent this.

 

[Oleg-Sentia]

That link just points to an un-modded XRumer, its an older version too.

U R not right, sorry. Last message (http://www.go****biz.com/showthread.php?s=8b7a0d75dc7f4db8c9f76de7ff39e4dc&t=31526&page=10)
release is from 19/Oct/2012:

На днях состоялось очередное обновление, приуроченное главным образом к изменениям в РеКапче.
Нововведения и улучшения в XRumer 7.5.31 Elite

+ многократно улучшена распознаваемость упрощённой РеКапчи (т.е. Ваш IP не должен быть забанен данным сервисом! Если забанен, приостановите рассылку на 1-2 часа)
+ добавлена возможность отключить регистрацию хоткеев в приложении (Ctrl+Enter и т.п.), через меню "Настройки -> Горячие клавиши" (по умолчанию они теперь отключены)
+ устранён баг в системе расписания, из-за которого не читалась последняя позиция в базе при смене текущего проекта
+ устранён баг, из-за которого программа отказывалась генерировать список тексткапч в случае, когда Log_tc.txt существует, но его размер = 0
+ скорректирован механизм дописывания в конец textcaptcha.txt
+ устранён баг ложного срабатывания при проверке синтаксиса textcaptcha.txt
+ улучшена редактируемость профилей на европейских phpBB
+ исправлено сохранение юникода в подписи проекта
+ устранён критический баг, часто мешающий нормальному запуску программы
+ дополнен MakeToIndex.ini
+ улучшен сбор nodes.txt в системе "Антиспам"
+ улучшена собираемость топиков на форумах VBulletin в системе "Антиспам"
+ в англоязычной версии программы комментарии в AntiSpamServer.ini переведены на английский язык
+ в системе "Антиспам" снижена вероятность ответа в свой собственный топик, а также устранены другие небольшие погрешности в логике данной системы
+ также в системе "Антиспам" добавлен файл xnickmask.ini - в нём задаются маски для извлечения никнеймов из анализируемых топиков
+ оптимизирован один из общих модулей распознавания капчи
+ исправлен редкий баг, возникающий при обработке капчи типоразмера 180 x 40
+ в инструменте обучения текстовым капчам устранена проблема с добавлением имён полей с рандомной составляющей

---
Также близится к завершению наш конкурс по тексткапчам с призовым фондом более $15.000 - по его завершении и после проверки результатов (в ноябре), мы получим очередной очень мощный прорыв в пробиваемости и эффективности: знания XRumer-а благодаря участникам конкурса вырастут более чем на 70.000 новых тексткапч. Пробив вырастет сразу по всем наиболее популярным движкам - VBulletin, XenForo, phpBB, IPB, SMF и другим.

Google translates so

The other day, a regular update, dated mainly to changes in the reCAPTCHA.
Innovations and improvements in XRumer 7.5.31 Elite
+ Repeatedly improved detectability simplified reCAPTCHA (ie your IP should not be banned from this service: If banned, pause newsletter for 1-2 hours)
+ Adds the ability to disable the logging in the application hotkeys (Ctrl + Enter, etc.), the menu item "Settings -> Shortcuts" (by default they are now disabled)
+ Fixed a bug in the system scheduling, because who does not read the last item in the database whenever the current project
+ Fixed bug where the program fails to generate a list tekstkapch when Log_tc.txt exists but its size = 0
+ Adjusted mechanism append to the end of textcaptcha.txt
+ Fixed bug false positives when checking syntax textcaptcha.txt
+ Improved editability profiles on European phpBB+ Fixed saving Unicode signature project
+ Fixed a critical bug, often interferes with normal program launch
+ Added MakeToIndex.ini
+ Improve the collection nodes.txt in the "spam"
+ Improved collection of topics on VBulletin forums in the "spam"+ English-language version of the comments AntiSpamServer.ini translated into English+ In the "spam" reduced probability response to its own topic, and eliminating other small errors in the logic of the system
+ Also in the "spam" file is added xnickmask.ini - it gives a mask to extract the nickname of the analyzed topics
+ Optimized one common module captcha
+ Fixed a rare bug that occurs when processing captcha size 180 x 40
+ A training tool captcha text to fix the problem by adding the field names with a random component
---Also nearing completion our competition by tekstkapcham with a prize fund of more than $ 15,000 - has been completed and after the test results (in November), we will get another very powerful breakthrough in the penetration and effectiveness: knowledge XRumer-and thanks to the participants of the competition will grow more than 70,000 new tekstkapch. Having broken the rise from all the most popular engine - VBulletin, XenForo, phpBB, IPB, SMF and others.

 

[tenants]

okay... it has a link to the latest version :S

But... as mentioned,

• It is XRumer
• It is an unmodified version of XRumer

XRumer is very well known by most spam prevention devs
BTW, the latest version is always here: http://ixrumer.com/ (and sold via botmasterlabs.net)

 

[Oleg-Sentia]

the latest version is always here: http://ixrumer.com/

Thank U, I do not need.

 

[tenants]

<chuckles>