Lots of new members

Alycat · December 14, 2014, 01:36:00 AM

Over the last week or so I have been getting an increased number of new members, who register and post stupid questions ("so is this for account sum101?"). I have had about a dozen in the last 6 hours. I have changed registration to require admin approval.

Anyone else experienced this? Other than nuisance, what are they trying to achieve?

Is this something to worry about?

On SMF 2.0.9.

littleblue · December 14, 2014, 05:08:28 AM

I'm having the same problem, also on 2.0.9 - I changed registration settings to Admin Approval, but this morning one new member still managed to submit a post even though I had not approved them! I've just rejected 40 new registrations that happened over night and new ones are coming in as I type this. It's a nightmare!

I've also got three verification questions that new members need to answer during registration and there is NO way all these spammers are putting in the correct answers. What's going on there?

timetraveller · December 14, 2014, 05:23:17 AM

Me too. 26 overnight. Another 4 while I was logged on.
In theory they can't post until I've approved them and obviously I'm not approving them - I haven't had any get past the approval process fortunately.

I had the captcha setting on medium security and one question where the answer was in the question.
I've upped the captcha to high security and changed the question so the answer is not in it.
Waiting to see what happens.

Colin · December 14, 2014, 05:25:47 AM

Spam - my forum is flooded with spam, what can I do

timetraveller · December 14, 2014, 05:32:44 AM

So the captcha is effectively useless at the moment?

littleblue · December 14, 2014, 05:43:42 AM

I'll have to try some of the add-ons. The standard functionality definitely doesn't seem sufficient anymore with these new spammers/bots. It was all working well until a few weeks ago, and it's getting worse.

CyprusGrump · December 14, 2014, 05:49:57 AM

Same problem here...

I have three verification questions (all changed today), Captcha and Bad Behaviour...

But I've had new members signing up all morning....

Steve · December 14, 2014, 09:22:20 AM

Quote from: timetraveller on December 14, 2014, 05:32:44 AM
So the captcha is effectively useless at the moment?

Yep. Waste of time these days.

Douglas · December 14, 2014, 10:10:15 AM

Just got a report that we're being deluged by spam signups, as well (Hogville and FF) from Turkey, Poland, Germany.

Check to see where your signups are originating, please?

EDIT Listing ranges that seem to be most common...
190.112.224/20 # Curacao
188.138.0.0/17 # Germany
180.36.128.0/17 # Japan
5.167.120.0/21 # Russia
178.137.64.0/18 # Ukraine

Second edit: I need to note two things about our anti-spam stop measures...

On FearlessFriday, since this is centered specifically around the State of Arkansas High School Prep Sports, you have to know something about Arkansas High Schools in order to answer one of the random questions on signup.

On Hogville, the same holds true except that it's centered around the University of Arkansas Razorbacks and the collegiate athletic conference they play in.

Due to the nature of these signups, it appears that these signups are figuring a way around these questions.

Fearless is running 2.0.8; Hogville is running a MUCH older version of 2.x (will be updating to the latest this off-season (after all the College Football Bowl and Playoff games are played).

As others have noted, this has only been within the past 48 hours or so that we've seen this increase.

user1234 · December 14, 2014, 11:11:45 AM

Running version 2.0.9
For the last year or two I have required 5 of 6 questions to be answered for registration, that wound up netting about 2 or 3 people per week, showing up as "awaiting approval".
Visual verification set on "high".

Today we had 19 "awaiting approval" in just over the 9 hours between 1:05 and 10:19 AM, from Russia, to Latvia to France to etc..
Googling the IP addresses, they are all listed as chronic violators, on the "Stop Forum Spam" and/or "The Anti-hacker Alliance" sites.

Is there an explanation as to how spammers from all around, within a 9 hour period, are suddenly all be able to answer 5 of the registration questions?

Feels like the door has been broken down or the drawbridge dropped.
I changed a few of the questions a bit, and will report back if it continues.

krick · December 14, 2014, 12:50:57 PM

I'm seeing the same thing running 2.0.9. I woke up this morning to dozens of new signups some posting spam, some posting nonsense questions. Changing my verification questions seems to have no effect. I wonder if someone has found a new exploit.

vbgamer45 · December 14, 2014, 12:54:36 PM

Hmm I was going to say change verification questions/Add more to help.
I just did that on my site and seems to have helped.

Make sure you are setting the number of questions the they must answer equal to the number of questions you want displayed.

Arantor · December 14, 2014, 12:56:23 PM

First up, SMF is a high value target. It is worth the spammer bots' dev time to figure out how to beat the CAPTCHA. And as such, the CAPTCHA has been broken - even on high. If that is your only measure, it's broken.

Spammers are well known also to share the Q&A answers - once a human beats the questions, it's shared with the bot database. Changing questions regularly is, therefore, a good idea. As is setting more questions than you display at once, e.g. showing 3 questions from a pool of 10. Means they won't be able to get all the answers at once into the database.

timetraveller · December 14, 2014, 01:06:50 PM

Thanks for the responses.

Changing my question seems to have stopped them for the time being.
However, I'll get rid of the Captcha and put a bit more effort into the questions

Arantor · December 14, 2014, 01:12:41 PM

I'd also suggest looking at the wiki page previously mentioned, it offers some useful suggestions. There are a variety of anti spam mods available, and making your site further from the norm will certainly help.

As a very first line of defence, my Misc Anti Spam mod will help a little

littleblue · December 14, 2014, 02:27:32 PM

Quote from: Arantor on December 14, 2014, 12:56:23 PM
Changing questions regularly is, therefore, a good idea. As is setting more questions than you display at once, e.g. showing 3 questions from a pool of 10. Means they won't be able to get all the answers at once into the database.

I did that earlier today - before that, it was always the same three questions. Now it's 3 out of 10. At the moment, it seems to be working. Though it might just be a matter of time.

tjbalon · December 14, 2014, 02:31:08 PM

I was having this issue with my forum, installling Anti Spam:KeyCAPTCHA solved most of our problems. We used to have a queue of waiting for activation by the hundreds.

Currently 0 waiting, and no new spam accounts in 4 days.

Link to mod: http://custom.simplemachines.org/mods/index.php?mod=2839

Arantor · December 14, 2014, 02:40:24 PM

Yes but are you getting any real registrations? There were certainly issues with it at one time.

user1234 · December 14, 2014, 02:56:33 PM

Quote from: Arantor on December 14, 2014, 12:56:23 PMAs is setting more questions than you display at once, e.g. showing 3 questions from a pool of 10. Means they won't be able to get all the answers at once into the database.

Could you explain where this "pool" of 10 is kept? Do you mean just in a personal notepad?

Arantor · December 14, 2014, 02:59:09 PM

Yes, that is how it works.

News:

Lots of new members