smf 2.0. first bot joined/made an account today. :(

Started by MacGig, July 05, 2011, 01:40:13 PM

Previous topic - Next topic

MacGig

had my first bot create an account today, so I think, since installing SMF 2.0. I check every IP and email in http://botscout.com/search.htm

this users IP was ok, but the email and name was in the bot db.

Looks like my out smarting the bots did not last long, a week or two? ... their now registering accounts again it would seem.. just one so far. :(

how is this possible? how can they get past the captcha and questions I made? does this mean the captcha is broke on smf 2 like it is in 1.x.x. versions?

is it possible a person registered this account and not a bot?

Sir Osis of Liver


If the bot can't read the captcha or answer the verification questions, it may bounce the registration to a spam farm, where subhumans are chained to computers and do the registrations for a couple of cents per thousand.

Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Antechinus

Captcha is useless these days. I don't even have it enabled on my site and it makes no difference.

MacGig

sure looks like Captcha is useless. why did they bother putting it in 2.0 if it's not going to work? why cant' someone create something better?

should I try installing reCaptcha or is that a waste of time too?

Antechinus

Wouldn't bother, IMO. Recaptcha is just another captcha, basically. We left captcha in because people think it's good and therefore they expect to see it. If we removed it we'd get complaints about how we don't care about stopping spammers.

MacGig

One could also argue if you know it's broke but are not trying to fix it, perhaps you don't care about spammers?

wish I were a programmer, id try to fix it myself. :D

Antechinus

It's pretty much impossible to fix. IOW, it's an obsolete weapon so you might as well drop it from your arsenal. The basic problem is that captcha relies on obscuring text to make it harder for bots to read. As bots get better they reach a point where to make it too obscure for them, you also have to make it too obscure for humans. This has already happened. :)

MacGig

another bot joined today, from USA. 2 total so far. captcha's not working we know... even in 2.0. SMF may as well remove that feature from the program and make the file smaller for downloading. ...  :(

so how do they know my questions that I created? that's what I don't get. looks like the questions are useless too... ???

looks like the only way to keep them out is change to admin approval, then manually check their names, IPS, emails against something like  www.botscout.com/search.htm

sort of a pain, who has time to do this? especially on a busy forum?

why do they go through so much trouble to get into a forum, then never post? I don't get it.. someone enlighten me. I mean guests can read every post on my forum, so why go through so much trouble to create fake accounts?

Illori

if your questions are too simple like math questions the bots can crack them. make the questions unique to your forum.

MacGig

they are unique to the forum topic. a few math ones but not using numbers.  1+four-Seven=

enter the first 5 letters of this word: bigwordhere
enter the last 4 letters of this word: bigwordhere.
enter the following word: bigwordhere

that sort of questions...

xrunner


Illori

then you must be having human spammers register. make the questions a bit harder and they will even not take the time to register.

MacGig

could be human. I thought of that.  the IP was in the botscout database. I'll try making harder questions. not easy to do. what I think is hard could be easy for someone else.

how can I stop the bots and search engines from crawling the forums? I see the bots on there all day long and it sort of bugs me. I know they are trying to "get in". is there something I can do to make them leave eventually? get bored and go somewhere else? lol

Illori

you can look into a robots.txt file but only the good search engine bots would be stopped by that. there is no real way to stop a spammer/bot from trying to register or view pages on your forum unless their ip is banned, if you are going that far you might as well lock up your forum and keep it off the internet.

MacGig

I've been banning IPS with cpanel, but with millions of bots on the web, that is pointless. they can get new ips anyway I hear.

robots.text is useless I have read... so it looks like even with smf2, the spammers win... and probably always will be one step ahead I guess.

I still don't get why they go through all the problem to crack a forum to get fake accounts, then never post. all the content is viewable to guests so their not doing it for the content.

xrunner

Quote from: MacGig on July 11, 2011, 10:00:31 AM
I still don't get why they go through all the problem to crack a forum to get fake accounts, then never post. all the content is viewable to guests so their not doing it for the content.

Are they creating signatures with ads in them? A while back I had them doing that to my forum. I think they believe the ads can be searched by search engines. Check the profiles and see if they have put ad links in them. That would be why they don't post, because they don't believe they need to make posts.

MacGig

sigs are disabled... I think a few did that years ago when they were enabled... good idea though I should take a look... my forum had over 450 bots... if not more... Im admin of this one forum to help a friend. he got it online back in 2004 and bascially did nothing to it... it sat for years with no updates, no one tweaking the settings.. the bots overtook the place. .. Im still trying to clean up the mess. lol

I may have to manually check all new accounts, even though I did not want to do that.

xrunner

Quote from: MacGig on July 11, 2011, 10:12:59 AM
sigs are disabled...

Yea, but they don't know that unless they join. They join and try to make a sig, then when they find out they can't, they just leave, leaving you with a new member who will never post.

MacGig

very true. that seems to be what they have done. and are doing.

xrunner

Quote from: MacGig on July 11, 2011, 10:33:06 AM
very true. that seems to be what they have done. and are doing.

Are the member names kinda like the email account names they are using, such as Jenny22 / [email protected]?

If they are I can almost guarantee they are spammers. I've seen that many times.

MacGig


Eudemon

if it's human spammer register, it's impossible to stop them
unless you only allow registration through invitation

xrunner

I just had this spammer register, and they didn't make any posts. Here's the type of name/email they use -
 
valeriedanielle10

[email protected]

And here's the signature they made (links removed) -

Signature:

sales training perth
sales training videos
Sales Training

lloydb

There are plenty of humans aspiring to be spam bots and working on that, for long hours each day. It is not just the bots that do it. If you want to stop spam completely, you need a system that humans can't solve.

One simple benefit that xrumer is famous for, is back links. (Wikipedia has some info, or add the .com to it) It can solve captchas and create a forum profile with a link back to a site. Since it is over $500, people will pay people who have it to create backlinks for them, if they can't afford it. It is a software sold from Russia.

If I see a forum profile with a link back to a scumball site, I just delete it. Don't give them what they want.

Advertisement: