Invasion of the spam bots?

Yogesh Sarkar

New Member
today I have had to ban several spambots/users in my forum and for the first time in over a year or so, porn posting spambots have managed to make it past the vbulletin registration measures and from see the who is online here, it seems it is true here as well.


Any one else with vb forums noticing something similar?

Edit: went through the profiles of some of the users listed in the screenshot above and all of them have same sort of profiles which spam bots registering at my site had.
Interesting... My site isn't super active, but I have never gotten anything like this... though I do use SMF :rolleyes:
We use phpBB3 and have yet to have a single spam bot ever actually make it to one of our forums. They certainly try regularly, but none have been successful. If things get bad enough, just do some custom coding. Ask a question on the form like, "What is 1+1?"
Ask a question on the form like, "What is 1+1?"
I have captcha, questions like those and email verification in place and still those spammer managed to get past. In fact this has started when a new spamming tool was launched which claims to have cracked the captcha of vbulletin, invision, phpbb, gmail etc.
We had the same problem at first. We have since changed the forum's rule so that all new members have to be cleared by an administrator before they can post, use search, or see the member's list.

It's a pain but it does keep the spammers out, and no one has complained about having to wait to be cleared.
I have captcha, questions like those and email verification in place

I find that at least a little difficult to believe. There are no bots out there (that I know of) that are intelligent enough to take something like a math problem (or other easy question) and actually read it, understand it, and come up with the correct answer. How about asking the user to type the domain name of the site, without the http://www.? How about putting an image of a balloon and asking the user to list the color of it? Write a sentence and have the user list the 4th word. Show a picture of an animal and have the user identify it, etc. etc. There is no bot in existence that is going to be able to figure that stuff out.

If they're still making it to the forum after all of that, there is some back door that is being exploited in the software, or the bot is making a darn lucky guess. :D
Bryan, humans start and then pass on the answer(s) to bots and bots 'take over' the spamming

Huh??? If humans are doing all the initial work, why bother with captchas or any form of security other than manually accepting users? There would be absolutely no other way around it. Though I seriously doubt humans are the ones doing the work. At least from what I've seen, they aren't doing the work. :confused:
Yeah, they're getting better at that, and unfortunately, you're not going to be able to stop everything. It's just a combination of having the right preventative measures in place.

We use questions, like I mentioned above, captchas, and email verification, with all foreign addresses blocked and soon to be all free email addresses blocked (i.e. Yahoo, Hotmail, Gmail, etc.). If a spambot makes it through all that, then at the end of the day, I lose. +1 for the spammers. And honestly, I don't feel too badly about it. I put everything in place that I felt was necessary to stop them, and on the very, very rare occassion, maybe it isn't good enough. I don't know. Like I said, I have never had a single spambot actually make it to be able to post on our main forum, and it has been in service since...2000? 2001? They try signing up every single day.

If one ever would make it, as soon as they post their first bit of spam, our moderators will delete the account. It really isn't a big deal. But to get 40-50 spambots actually making it to the forum in a day seems absolutely absurd to me. Something is not quite right with that. There are preventative measures that are obviously not in place.
The only way this is going to be fixable if we start going afer spammers and sue them for what ever little they are worth! If that is not possible then maybe hire someone to take down their bloody sites.

Unless and until the cost of spamming becomes more than profit they hope to make, it is not going to stop and will only increase in sophistication.
We use questions, like I mentioned above, captchas, and email verification, with all foreign addresses blocked and soon to be all free email addresses blocked (i.e. Yahoo, Hotmail, Gmail, etc.).
With services like emaildotcom available, where do you draw the line on the domains you're going to be blocking?

As for foreign addresses, many of us operate forums intended for international participation, so the foreign address block isn't a viable solution either.

I realize these methods are working well for you, but they certainly aren't the answer for everyone.

Jelsoft claims to be working on some possible solutions, but I anticipate these will only be temporary. CAPTCHA worked well for a time, perhaps the next method/s will be as effective.
Mike54, no absolutely. I totally understand that there are forums that need international participation, etc. I'm just saying what worked for me, as there are a lot of forums in the same position. As a US-based forum with absolutely no need for foreign participation, it's just one more door of protection I seal. There really isn't anything out there that's going to work for every situation. You just need to find what works for your forum's situation and try to lock it down as much as you can. Like I said, 40-50 bots creating accounts in a day seems ridiculous to me. There's surely something more than can be done.

As far as the email addresses, I block every single free provider I can find. If a user legitimately does not get an email address from their ISP, can't use a work email address, etc., they can email me, and I'll make exceptions. If somebody goes out of the way to email me something like that, chances are s/he isn't a spammer.