PM Spam..

#1
SPAMBOT just hit my PM box with...

quote removed

Now unless I'm just "it" and got tagged, MODS, its not too hard to secure any forum, especially this flavor. This is a benign bot that's just a PITA; if it is an individual, well my apologies and they are retarded IMHO... vBulletin is big bucks and easily secured, so unless you guys want REAL vulnerabilities, try and take a look at the origin of this, certainly at minimum block the IP ASAP...

Just an FYI and looking at this I sound like a kjerk, not at all, I just love NEOSMART and don't want to see you guys go through all Hell if someone were to take your BB down...:smile:
 
Last edited by a moderator:

Mak 2.0

Mod...WAFFLES!?!?
Staff member
#2
Member Banned and IP will be banned shortly. We are working hard as we can to secure the site. But there is only a couple of us and a lot more spambots out there. While you may think it isnt hard to secure any site, it is harder than you think. CAPTCHA and ReCAPTCHA have both been duped by bots now. So neither of them are useful. Even some measures of trying to incorporate a question into the registration have been gotten around now by bots.

This is not the only forum i work on and it is a concern every where. vB is big bucks but it is not as easily secured as 1 might think. This is just 1 of at least 10 different vB sites i am on and all of them have these issues. Even 1 site has gone as far as blocking just about everyone from the Middle East over and they still get nailed with Bots. They just use a Proxy and even trying to ban all the proxy servers out there isnt working either.

We do thank you for the concern and we are working on trying to fix the issue. But it is far more complicated than it seems. Even banning whole IP Ranges has not stopped this issue. Proxies are out there and easier to access now more than ever.
 

Ex_Brit

If you're going through hell, keep going.
Staff member
#3
vBulletin can be a spambot's heaven if not kept up-to-date, believe me. McAfee Security moved to another client for their main forums. Their beta forums are still on vBulletin and we just had to update to 4.0.6 to stop a sudden flood of spammers. I'm a Moderator at both and it was no picnic believe me.

Unfortunately they chose Jive for the main forums......big mistake. Great for social networking but terrible for security without all kinds of patches.

Unfortunately Spambots find a way in to any host eventually, it's just a matter of time.

I see you are still on 3.7.1 here.....maybe time for an upgrade.....Mahmoud!!! I also see that you aren't using Recaptcha as a security measure on the registration pages....it's free.
 
Last edited:

mqudsi

Mostly Harmless
Staff member
#4
Hey Peter,

I used to use ReCaptcha, abandoning it for a "stupid question" test has been a huge improvement. We're planning on upgrading to vB4 at some point, just when is a bit vague right now.

And you're definitely right about the client-specific spam thing. When we used to use a different forum system (MyTopix, now long dead), we didn't get any spam registrations (of course, we were a lot smaller back then, but still...).
 

Ex_Brit

If you're going through hell, keep going.
Staff member
#5
Hi Mahmoud,

Hope you are well!

So that stupid question thing is actually better than ReCaptcha? Wow, I must tell the folks at McAfee.

By the way since the McAfee Beta forums switched to 4.0.6 the spam has stopped completely.
 

mqudsi

Mostly Harmless
Staff member
#6
Really! I purchased the vB 4 upgrade a couple of days, sort of as a way to try and incentivize myself to get around to doing the upgrade.
 

Ex_Brit

If you're going through hell, keep going.
Staff member
#7
Well good luck. One thing they found was that old skins no longer worked properly.

They stuck with ReCaptcha which comes with it. Seems to be working, for now.