Spammers still getting through registration

[Carlos]

You edited after I replied.

You misunderstand what I was trying to say, so I edited it more to be understood. There's one thing I hate: I hate being misunderstood. Whatever advice I give, people try to say "no, this and that." Annoys me. It's like... my help, or my suggestions don't really get registered to people.

And no, it's NOT like an index of passwords. Let's get real here, shall we?

YES it is! If your Q&A is the same one as the other forum, most likely the bots will get through no problem!

Wait, so if someone cracks my Q/A at my forum, there may be a security issue with my email? An I following this convo correctly?

Yeah, if the Q&A is the same. Of course.

This database does not just cover forums. It's just about everything out there. Your email address, your dropbox account, your twitter account (when they had captchas), your facebook asccount (when they had captchas), and on and on. The list goes on.

 

[Sheldon]

But my Q/A has nothing to do with any of my emails or passwords. I can't comprehend the relation. At all.

 

[Carlos]

But my Q/A has nothing to do with any of my emails or passwords. I can't comprehend the relation. At all.

Going by what this post says:

Your questions and the correct answers will end up in Xrumer's database share by all their ilk.

Your Q&A may end up in the hacker's hand. Meaning, that ...particular Q&A is not secret anymore. This means that you can't use that Q&A on another site or another program if you want to stay secure. So, if you have another PlayStation website (like PlaySt4tion.com), your Q&A is not even bot-proof. We're not talking about just about forums, man. Some forum owners are stupid enough to use generic Q&A and assume that their forum or whatever website they designed, is bot proof. [I'm not saying that you are, but...] I'm just saying as an example.

Like I said, xrumer isn't strictly to forums, it's everything out there. You have to look at it from a broad perspective.

Let me put it this way, a Call of Duty forum has a Q&A of "what is the color orange?" I mean, really? You want to be left open to spam?

 

[Biker]

Your Q&A was never secret to begin with. Come on now. Saying the answer to your Q&A is the same as a PIN or password is REALLY stretching things beyond the scope of reality here.

 

[Sheldon]

I'm still trying to figure out what this has to do with email security. You have yet to explain any of that.

 

[Carlos]

I'm still trying to figure out what this has to do with email security. You have yet to explain any of that.

Your Q&A for your e-mail address may be saved to the xrumer database if that particular answer is popular enough. Scale your mind, man.

Your Q&A was never secret to begin with. Come on now. Saying the answer to your Q&A is the same as a PIN or password is REALLY stretching things beyond the scope of reality here.

Your Q&A doesn't have to be secret to begin with! xrumer constantly adds your Q&A to their database on a daily basis, meaning whatever you put as an administrator is no longer secret to THEM. But what happens if xrumer is hacked? Your Q&A is out in the hacker network, and therefore in malicious minds. This could potentially go into bigger problems.

*facepalm* People fail to see the scale of the problem. Amazing.

 

[Sheldon]

I certainly fall then.

I have yet to find an email account that lets you create your own Q/A for protection.

 

[Biker]

There. is. no. problem.

You keep trying to place Q&A into the same realm as passwords and personal ID numbers. It doesn't work that way, never has. Your Q&A answer is not secret, otherwise you'd never, ever get a new registration.

 

[Russ]

Your Q&A for your e-mail address may be saved to the xrumer database if that particular answer is popular enough. Scale your mind, man.

Your Q&A doesn't have to be secret to begin with! xrumer constantly adds your Q&A to their database on a daily basis, meaning whatever you put as an administrator is no longer secret to THEM.

*facepalm* People fail to see the scale of the problem. Amazing.

Carlos... maybe you're failing to see the problem that bots are ever evolving just as you should with your protection. One solution can't 100% guarantee bot/spammer free but you do your best to combat it.

A good solid Q n A can absolutely stop spammers, and if you start to see spammers come in... you combat it by changing it again. Or use the suggested plugins

 

[Carlos]

I have yet to find an email account that lets you create your own Q/A for protection.

Yahoo, and Gmail either used to do it, or currently still doing it. There are a lot of e-mail networks out there, so it's not just them.

Live (now Outlook) still does CAPTCHA for retrieving your account pass.

There. is. no. problem.

There. is. problem.

You. just. don't. get. it.

You keep trying to place Q&A into the same realm as passwords and personal ID numbers. It doesn't work that way, never has. Your Q&A answer is not secret, otherwise you'd never, ever get a new registration.

What is xrumer? You tell me. Straight up. Do it.

 

[Alien]

 

[Carlos]

WTF?.com

EDIT: It's been 13 minutes. xrumer is an SEO program that also manifests a database [ahem; index] of Question and Answers of forums. It also parses [your forum's links] with whatever is on Google, Yahoo, and Bing's search engine results.

The program can post to forums, blogs, and other websites with CAPTCHA programs.

Here's the WIIIIIIKKKKKKiiiiiii! http://en.wikipedia.org/wiki/XRumer That's just XRumer, though, but there are other networks JUST like it. Why do you think they're able to get as many e-mail address[es] as the amount of bots that do this? Oh! Here's why:

As per the latest update to XRumer 7 the software is able to automatically register e-mail accounts on mail.ru (Russian IP addresses only) and Gmail. Support for creating e-mail accounts in an automated fashion on Hotmail and AOL have been completely removed. The technique employed by XRumer to bypass the CAPTCHA protection in Gmail and mail.ru is Averaging. A captcha is a challenge-response test frequently used by internet services in order to verify that the user is actually a human rather than a computer program. Commonly, captchas are dynamically created images of random numbers and/or letters. These images are distorted in some way so that the human eye can still recognize them but with the goal to make automatic recognition impossible. Captchas are used by freemail services to prevent automatic creation of a huge number of email accounts and to protect automatic form submissions on blogs, forums and article directories. [2] As of November 2012, Xrumer has once again cracked Recaptcha, and is able to successfully post to Forums/Blogs that use it.

Thing is, this is not just exclusive to blogs and forums. As mentioned it goes to article directories, but xrumer and other programs or networks like it widen the scope from just forums and blogs to just about everything else.

 

[Biker]

Captcha was broken years ago. Q&A is not a fool proof method to stop bots.

Seriously. You really need to bone up on what constitutes security these days. Q&A was never, ever a security method to protect a site. All it does is make things a little harder for bots to register.

Again, your attempt to put Q&A into the same realm as passwords and personal ID numbers is stretching things to the surreal.

 

[Carlos]

your attempt to put Q&A into the same realm as passwords and personal ID numbers is stretching things to the surreal.

Nope. Once that database of Q&A submissions is leaked out to the world - you can expect more security problems than ever. Hackers adore information networks like this. You're not seeing the big picture. And when it does.... happen. You'll remember this thread and go like "holy $#!^" because this thinking is years ahead of it's time.

 

[Sheldon]

/thread of the year for misinformation

 

[Carlos]

/thread of the year for misinformation

keep going.

 

[Russ]

Nope. Once that database of Q&A submissions is leaked out to the world - you can expect more security problems than ever. Hackers adore information networks like this. You're not seeing the big picture. And when it does.... happen. You'll remember this thread and go like "holy $#!^" because this thinking is years ahead of it's time.

Pretty sure if a hacker wants to target your website he'll answer the question and answer, I don't think he has to wait for the xrumor database to update to he can correctly bypass a q n a.

 

[Sheldon]

Carlos, I will tell you my Q/A answer. if you can use it to get into any account I have, I will paypal you $500.

 

[Carlos]

Pretty sure if a hacker wants to target your website he'll answer the question and answer, I don't think he has to wait for the xrumor database to update to he can correctly bypass a q n a.

It's not just about that. We're talking about millions of Q&A submissions worldwide. That means, the hacker that gets their hands on this - 1billion different actions at once. We're talking about massive amounts of data happening all at once.

Carlos, I will tell you my Q/A answer. if you can use it to get into any account I have, I will paypal you $500.

I'm not that good. And lmfao @ $500, doubt you'd give me that money.

 

[Biker]

There's just one, huge, humungous hole in your argument. Hackers don't want access to the forum. They want access to the server. Knowing the answer to my Q&A question (it's False, by the way) isn't a security breach. Having it known by thousands of bots isn't a security breach. Having it known by hackers isn't a security breach.

Again. Your answer to your Q&A is not a security issue. Never has. Never will be.