Do you have a vBulletin Forum?

4 replies
vBulletin forums hit by reCAPTCHA cracking spam bot




Since the holidays ended, security vendors have been happily telling me that spam levels have dropped dramatically. The spammers, they say, have taken some time off.


That may well have been the case as far as email spam was concerned, but back in the real world -- which includes any business running a vBulletin forum for customer support -- things have been far from quiet. In fact, there's something of a spam crisis going on right now as it appears the bad guys have worked out how to crack the reCAPTCHA system that safeguards vBulletin-powered forum registrations from automated bots.

Google officially remains adamant that there is no problem with the reCAPTCHA system, which it operates. A Google spokesperson told PC Pro that it has"found reCAPTCHA to be far more resilient than other options while also striking a good balance with human usability".
However, the simple fact is that currently it seems to be as much use as an ashtray on a motorbike to anyone operating a vBulletin forum. In fact, it became pretty useless on 4 January when spammers apparently got their collective hands on a piece of software that circumvents reCAPTCHA and allows for a fully automated registration process. The bots have been busy, very busy indeed, ever since.
It seems to be as much use as an ashtray on a motorbike to anyone operating a vBulletin forum
A number of small businesses running vBulletin-based support forums have noticed a dramatic increase in the number of new member registrations during the past week. At first they were naturally quite pleased with this, until it dawned on them that the new members all hailed from Russia and had started to post spam of the worst possible kind (child porn and rape video links, for example). Over the weekend the software had obviously started to get more widely distributed as new member registrations turned up in volume from numerous locations around the world, all intent on posting spam.


For some, the forums provide more than just customer support, they actually are the business itself. For them, this has been a troublesome week, with huge demands on their resources both in terms of the bandwidth being used by the spammers and the manpower required to keep track of them and delete their accounts and their postings.
A Google source who did not wish to be quoted directly confirmed that the company had recently noted a higher amount of spam getting through on some forums, but insisted there was no evidence to suggest it was automated or impacting on larger sites.

On the front line

I disagree, having been on the front line with one such large site that was victim to an attack. The registrations came through at such a rate that it beggars belief to think it was anything but automated. Those registrations stopped dead when reCAPTCHA was eventually supplemented with an alternate method of validation, as instantly as flicking a switch. If the attack was not automated, and if humans were manually completing the registrations, adding another layer of verification would have made no difference.




Yet that same Google source insists the company modifies algorithms "rapidly to respond to new types of automated attacks" and any type of spam increase will not remain for long if it's bot-produced. The evidence suggests otherwise when one large forum was under attack from the 4th January until the 11th January, with hundreds and hundreds of automated registrations until an additional layer of validation was introduced. I'm not sure what the Google definition of rapid response is, but eight days wouldn't be mine.


What to do?

Thankfully there is a relatively easy solution available, and it has proved to be 100% effective for those which have now implemented it: simply add the vBulletin Question and Answer Verification option into the registration process. This requires human thinking to be able to complete a registration, by asking a question such as "what colour was the white cloud?" or "what is the fourth word in this sentence?" for example.


To do this, enter your vBulletin Admin Control Panel and choose 'Human Verifications Options|Image Verification|Question & Answer|Save' then click on 'Add New Question' and save your question before clicking on 'Add New Answer' and then saving that.


Of course, if you just have one question and answer the spammers will soon get wise to it, so it's best to have multiple Q&A sets. Then, vBulletin will choose one at random to present as verification during the registration process.


I'm also advising clients to add another layer of protection at the same time by implementing the vbStopForumSpam plug-in modification, available for free to registered vBulletin license holders from the vBulletin site, which employs a RBL database approach to blocking known spam IP and email addresses. During the registration process it will then check the data against the known spammer list and reject it if there's a match.


Read more: PCPro Magazine
Hope this helps some?

Brian
#forum #recaptha #spam #vbulletin
  • Profile picture of the author sparrow
    this is a good article

    recently this is being taken to a new level which requires you to view a video and then waiting till the end to see an answer to place in a box which takes care of human automation with the decapture systems out there

    I wonder what will come next

    Ed

    Originally Posted by Hackbridge View Post

    Hope this helps some?

    Brian
    {{ DiscussionBoard.errors[3173988].message }}
  • Profile picture of the author imediazone
    Banned
    I have a vbulletin forum and i did not encountered any spams, i think those type of forums is the most secured forums ever
    {{ DiscussionBoard.errors[3174002].message }}
  • Profile picture of the author ncmedia
    [DELETED]
    {{ DiscussionBoard.errors[3174009].message }}
    • Profile picture of the author tryinhere
      Originally Posted by ncmedia View Post

      I do this now and the bots/xrumor are pretty sophisticated.

      * Ask a custom question ie. How did you hear about us? Most bots use 'google' and also have batches of the same b-days, or if they fill in their interests/hobbies etc. they will be repetitive/odd.

      .
      i wrote a custom question that stopped humans so that had to go / and yes wiped off all of the rape incest and torture with pictures from a forum in the last week.

      but here is my riddle me question if spam is illegal and people can drop in it for spam, is there any words that can be added to a sites terms like

      we do not allow automated bots etc to use this forum, and yes before i hear cries of that will not stop them , i agree but some where these ass wipes are illegally using sites to spam bull crap and getting away with, it is like they have some god given right to illegally enter a site and create false id and post crap, and surly this must be up there with spam.

      and no comment to the people who peddle this crap
      Signature
      | > Choosing to go off the grid for a while to focus on family, work and life in general. Have a great 2020 < |
      {{ DiscussionBoard.errors[3174062].message }}

Trending Topics