Dearest mods, these spambots are getting out of hand!
Dearest mods, these spambots are getting out of hand! Posted on: 13.04.2012 by Tatum Ansaldo Is there anything that can be done to improve security or make it harder to spam? Every single day I go into my subscribed threads and there's a raft of 7 or 8 topics that have those copied posts with a load of random links from the same user. | |
| Chasidy Heckenbach 18.04.2012 |
Originally Posted by Xonetacular
* scan post for any [IMG] tags * fetch the images - or at least HEAD (contains http headers) - don't store but check that they actually return a mime image type and not just a bunch of redirects that end up at a normal html page etc * block post if it fails these checks as for captchas - the old style mangled words and/or numbers are easy to get past using captcha solving services (like death by captcha dot com) any captcha that *doesnt* just display an image to be solved have a much better chance of being effective - like dripsteps idea. the captcha solving services work on the basis that there is an image that the bot can save and send to the service to be solved and that a simple answer can be entered to solve it. edit: i really don't mind writing the code to do this - as it's getting bloody annoying i must have flagged at least 4 or 5 posts yesterday just from the threads that i looked at |
| Romelia Stankard 18.04.2012 | just put a captcha at signup... I'm really surprised there isn't one.
Originally Posted by zestoi
|
| Somer Vanstraten 16.04.2012 |
Originally Posted by zestoi
A good captcha should help anyway, and, the ultimate solution ( ahah quite invasive ) could be to log off ALL the accounts, and force the user to make a login with captcha (only one time, a check over existing user). Next times you login will be without captcha. This, and signup captcha, should eliminate them all. I know, this is not the nicer way |
| Tatum Ansaldo 13.04.2012 | Is there anything that can be done to improve security or make it harder to spam? Every single day I go into my subscribed threads and there's a raft of 7 or 8 topics that have those copied posts with a load of random links from the same user. |
| Chasidy Heckenbach 18.04.2012 |
Originally Posted by Xonetacular
* scan post for any [IMG] tags * fetch the images - or at least HEAD (contains http headers) - don't store but check that they actually return a mime image type and not just a bunch of redirects that end up at a normal html page etc * block post if it fails these checks as for captchas - the old style mangled words and/or numbers are easy to get past using captcha solving services (like death by captcha dot com) any captcha that *doesnt* just display an image to be solved have a much better chance of being effective - like dripsteps idea. the captcha solving services work on the basis that there is an image that the bot can save and send to the service to be solved and that a simple answer can be entered to solve it. edit: i really don't mind writing the code to do this - as it's getting bloody annoying i must have flagged at least 4 or 5 posts yesterday just from the threads that i looked at |
| Romelia Stankard 18.04.2012 | just put a captcha at signup... I'm really surprised there isn't one.
Originally Posted by zestoi
|
| Yong Aptekar 18.04.2012 | What about putting a question on the signup page, or rotating questions? Something simple like "name 3 DJ gear companies" or "who makes the S4". I don't know how bots operate, so it may or may not work. Or we could be the most elite DJ community and go invitation only. Haha JK. |
| Tatum Ansaldo 16.04.2012 | Just to clarify, I'm not bashing the mods here, just wondering if there was any way to avoid the spam somehow. Some kind of captcha or similar for a user's first 5 posts? |
| Somer Vanstraten 16.04.2012 |
Originally Posted by zestoi
A good captcha should help anyway, and, the ultimate solution ( ahah quite invasive ) could be to log off ALL the accounts, and force the user to make a login with captcha (only one time, a check over existing user). Next times you login will be without captcha. This, and signup captcha, should eliminate them all. I know, this is not the nicer way |
| Chasidy Heckenbach 16.04.2012 | not going to stop most bots - there's plenty of "captcha solver" services out there. the bot saves the captcha image, submits it to the service via their api, an actual person enters the string that gets sent back via the api, then the bot enters the string... works with simple captchas anyway. a captcha that makes u click on the result or something would help... |
| Somer Vanstraten 16.04.2012 | captcha in the sign up form? Bit annoying but should do the job Spam bots everywhere!! |
| Chasidy Heckenbach 15.04.2012 | i'll keep clicking the "report spam" button when i see them then |
| Latoria Kavulich 15.04.2012 | ironically, the post above me was a spammer. we do our best guys, just keep reporting the spammers when you notice them and we will deal with them asap. |
| Chasidy Heckenbach 13.04.2012 | i don't believe it would be too hard to add some code to vbulletin to help catch these - they mostly seem to fall into a pattern of posting a bit of text (scraped from the same thread often, but not always) and then 3 images that aren't actually images. easiest way would be to automatically delete posts that contain images that don't respond with a 404 (i.e: the user just got the url wrong initially) but with a valid status code (200, 301, 302 etc) but the content-type of the actual url isn't an image. would mean fetching the urls, or at least requesting the 'head' but can't see how it would be too hard to implement. i'd be willing to help/do it if wanted. edit: these are all probably from some new rules added to xrumer/scrapebox. a quick dig on a site like blackhatworld dot com may well shine some more light on the situation... |
<< Back to Q & AReply