It seems the forum is starting to become more and more of a target for spammers.   The last four sign ups all came within the last 24 hours and all four are spam bot accounts.

Bloody Vikings....

bclarkie wrote:It seems the forum is starting to become more and more of a target for spammers.   The last four sign ups all came within the last 24 hours and all four are spam bot accounts.

How does the bot actually create an account when a code from an image is required?

I believe there is an option in the forum software that will force new members to be accepted "manually".  It might be worthwhile to turn that setting on temporarily, until the bot IPs have been logged and blocked.

deimos3428 wrote:I believe there is an option in the forum software that will force new members to be accepted "manually".  It might be worthwhile to turn that setting on temporarily, until the bot IPs have been logged and blocked.

IP blocking is pretty much useless these days.  There are far to many virus infected machines that can be used as proxies or zombies.  You might get some results if huge swaths of the earth were blocked (ie all of Asia, Africa, South America) but you'd potentially block legitimate users and you'd still be vulnerable to attacks routed through Europe or North America.


As for the verification image (captcha), there are several methods to defeat it:

1.  Automated OCR.  The image used by to register here has a lot of noise and the letters do move around veritically and horizontally, but the letters are always black, in the same font, and they don't get angled or distorted.  It would be reasonably easy to have a bot crack the images used here (and probably almost every other board running this software).

2.  Depending on how the forum generates the verification code it may be possible to manually decipher one captcha and then use the same text / hash to register everywhere.  When the verification page is generated the forum selects a text string and prints it on the image, it then (probably) hashes the text with a secret key and sets the hash as a hidden form field or a cookie.  When the user submits the form, the text they enter is then hashed with the same secret key and compared to the hidden field or cookie.  If the server doesn't use the current time/date as a component of the verifcation process or it doesn't keep a record of which codes its generated recently and reject any that it didn't generate recently (even if they match) the board might be vulnerable.

3.  The spammers could also be using a "hive mind" system.  For example, if the spammer has a website of his own he could pass the image verification on to a visitor to his site in exchange for free acess to porn (or something similar).  In this example, a visitor would try to gain acess to a protected directory on the spammer's site.  When his browser makes the request, the spammer's server gets a site from a database of message boards and downloads its registration page.  The spammer's server then disects the registration page from the forum and builds an access control page for the protected directory.  When the visitor trying to gain access to the spammer's site enters the text from the image, the spammer's server posts it back to the forum (along with the spammer's registration details) and the account is created.

NetRodent wrote:IP blocking is pretty much useless these days.

I don't agree, but in any event, manual user activation eliminates these sorts of spamming posts almost entirely, it's just inconvenient.

Suspicious user registrations can then be noted in the logfiles and their specific IPs identified/blocked/reported/pingflooded/whatever at the admin's whim.  When the rate of bogus requests drops, you can return to automatic activation.

Captchas are becoming less effective.  With the availability of cheap labor in the developing world, people are being paid to decipher them.  It's far cheaper and more accurate to hire a human to do the job.

mbassoc2003 wrote:Why not just get new users to require approval of their membership from the board. Give access to approve any of the board moderators, or designated members.

I'm not sure if that's possible or not, but I think that's beyond the scope of the VB.  We really just handle the data collection and occasionally fight it out over some of the numbers.

I've got the same problem over at the Illustration Exchange (since I'm using the same software - Foul helped me get it going, in fact). I'm using registration approval, though - it's somewhat of a hassle, but it at least prevents any kind of SPAM posts. When a new user registers, it's very easy to see from the profile whether or not they are legit, and I just immediately delete them if they're bogus.


Pat

deimos3428 wrote:I believe there is an option in the forum software that will force new members to be accepted "manually".  It might be worthwhile to turn that setting on temporarily, until the bot IPs have been logged and blocked.

That would be great, but Scott travels a lot, and isn't often around to be able to monitor new memberships in a quick manner---not knocking Scott at all, just the realities of his schedule.