The Era Of Big Spam Is Over.

[CMerritt]

You're leaving the timer visible (The countdown) - alerting the human spammers a timer exists. Alot of those use auto-register programs the timer would otherwise catch. You're tipping them off.

Spammers defeated recaptcha long ago. All it does is annoy legitimate humans. I recommend turning it off and use none of the other native vB human verification.

The settings of the new Ozz Mod - how did you set them?

Would need a admin credential login to check your anti-spam settings to verify everything is set up right. You would be surprised how often it is not.

The new mod is set as follows:

Active: Yes
Dots: 2
Commas: 2
Semicolons: 1
Colons: 1
Hyphens: 2

Prevent Hostname settings:
Ban: Yes
Hostnames: comma separated list copied from file downloaded from first post here
WhoIs: Yes
Useragents: none
Send PM: no

Spambot setting:
Enable: Yes
Min time: 30
Max Time: 0
Action: Show 'No Permission' page
REdirect: None
Force Wait: Yes
All notification is turned off

Ban Spiders settings:
Activate: Yes
Ban Spiders: Yes
Redirect to own ip: Yes
Spider List: copied from file in first post; each on own line
Write to log: No
New Thread: No
Email: No

Spam Management settings:
Anti-spam: Akismet
Post threshold: 5
Anti-spam storage: 7

 

[Max Taxable]

Spambot setting:
Enable: Yes
Min time: 30
Max Time: 0
Action: Show 'No Permission' page
REdirect: None
Force Wait: Yes
All notification is turned off

For the bolded - I recommend "stealth" mode, shows 'thanks for registering' message but creates no account. I changed your settings accordingly.

The new mod is set as follows:

Active: Yes
Dots: 2
Commas: 2
Semicolons: 1
Colons: 1
Hyphens: 2

I made this:

Active: Yes
Dots: 1
Commas: 0
Semicolons: 0
Colons: 0
Hyphens: 1

If there any legitimate human users employing commas, semicolons or colons in their email username I will eat my hat.

AdminCP reports only 2 new users today - are you deleting the spammer accounts?

All your settings and lists looked good. :first:

 

[CMerritt]

Thanks! And yes, I've been going through and deleting new regs that are spam over the last few days.

I'll keep an eye out and see what comes through today.

 

[CMerritt]

Thanks! And yes, I've been going through and deleting new regs that are spam over the last few days.

I'll keep an eye out and see what comes through today.

Have had about 300 spam registrations since the last time I wrote and they've picked up in frequency each day. Any other suggestions?

 

[Max Taxable]

Have had about 300 spam registrations since the last time I wrote and they've picked up in frequency each day. Any other suggestions?

Yes, you need to start collecting their user agent strings and post them here, for adding to the lists.

Any change to any of the settings since I last adjusted them? Still using the countdown, tipping botnet admins off that you have a timer involved?

EDIT: Human spammers gonna see the timer.... I went back into your AdminCP and disabled the force wait.

 

[CMerritt]

Yes, you need to start collecting their user agent strings and post them here, for adding to the lists.

Any change to any of the settings since I last adjusted them? Still using the countdown, tipping botnet admins off that you have a timer involved?

EDIT: Human spammers gonna see the timer.... I went back into your AdminCP and disabled the force wait.

Thanks much.

What's the best way for collecting the user agent strings and posting here? Want to make sure I post whatever data is most helpful.

 

[Max Taxable]

Thanks much.

What's the best way for collecting the user agent strings and posting here? Want to make sure I post whatever data is most helpful.

I've tried to get [MENTION=1]Ozzy47[/MENTION] to make a Mod for this, that automatically captures this information and posts it in the spam account's User Notes on their account profile. For retrieval at your convenience.

But in the meantime, I did a little template edit that lets you readily see all UA strings in the who's online page. (Online.php)

Here's that: Always show User Agent string in Who's Online v4.2.0 and up - vBulletin.org Forum

Problem with that is, you have to be personally monitoring WoL to capture the information. But it's a start.

You just want to copy/paste the entire UA string of the known spammer, so we can review and see if there's anything unique in the string we can block, also to see if there is a commonality in hostname, service provider, etc. for adding to the hostname block list.

If you want to collect alot of them into a .txt file and upload here as a attachment that works great.

 

[Ozzy47]

Updated download to remove Opera from being blocked.

 

[too_cool_3]

Hi [MENTION=1]Ozzy47[/MENTION], I have installed the mods recommended in your first post following the instructions to a T. Thanks for putting this list together. I will report back and let you know how they are working.

I have also compiled a spiders list to be used with the mod Ban Spiders by User Agent that combines the Spam List provided as a download in the first post of this thread with the default list in the latest version of Ban Spiders by User Agent and [MENTION=3]Max Taxable[/MENTION]'s post here. Please feel free to have a look through and if it's good you can update your Spam List download.

View attachment 507

---------------
I have one question regarding Ban Spiders by User Agent. Since many of the User Agents in the list contain words like 'bot', 'spider' and 'crawl', will enabling the option Ban Spiders in List ban even good spiders from the forum???

e.g.
Google Spider (crawl-66-249-75-154.googlebot.com)
BingBot Spider (msnbot-157-55-39-186.search.msn.com)

 

[Max Taxable]

I have one question regarding Ban Spiders by User Agent. Since many of the User Agent's in the list contain words like 'bot', 'spider' and 'crawl', will enabling the option Ban Spiders in List ban even good spiders from the forum???

No.

 

[Ozzy47]

Same thing I said on vB.org in the mods thread.

 

[Ozzy47]

The list looks ok to me, nothing stands out as being wrong.

No, as:
Google Spider (crawl-66-249-75-154.googlebot.com)
BingBot Spider (msnbot-157-55-39-186.search.msn.com)

Are not the useragent strings, they look like this:
Google: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Bing: Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)

What you are looking at is a resolved IP address.

 

[too_cool_3]

Excellent, it's a combination of the 3 lists I mentioned in my last post. I imported them into excel, removed the duplicates and sorted alphabetically.

The reason I thought the mod used aggressive banning is because the mods options state the following and I interpreted it as meaning it will ban anything with 'bot' in the User Agent string:

You may enter just the name like Baidu and anything containing the string "Baidu" will be banned, if you were to enter Ya then anything containing "Ya" would be banned like Yandex and Yahoo, so it's best to use the full bot name if you can just like the ones already entered!

 

[EasyEazy]

Done all of what you said at the start of this post. Also got rid of my original spam kapatcha and the difference in server load is night and day.

Nice work Ozzy

 

[Ozzy47]

Excellent, glad to hear. And yeah I hate captcha's, they are annoying, and are easily defeated by XRumer.

 

[too_cool_3]

Any idea of how the new 'No CAPTCHA reCAPTCHA' stands up to XRumer?

 

[Max Taxable]

Any idea of how the new 'No CAPTCHA reCAPTCHA' stands up to XRumer?

Only thing "new" about it is a checkbox. Big whoopie shit. Same checkbox in vBulletin is long defeated, the one where a new registrant acknowledges the rules?

Won't be long before the "new" recaptcha is defeated especially since google is using it for gmail registration. That makes it a huge target priority.

Games, puzzles, questions, pictures.... all just gadgets that annoy far more legitimate human users than the amount of bots they stop.

Anything you use for anti-spam that is obvious is going to be worked on first. The under the radar stuff we recommend? Well, think about it.

 

[too_cool_3]

Updated and re-uploaded the Ultimate Spider List txt file in post #90 to include the dot after MSIE1. Thanks to you Max Taxable and Alan SP @vb.org

 

[markoroots]

Hi there,
I have installed all the mods listed and I have also SoM.
But many users are saying that when they try to register and they click on a confirmation email to confirm the registration, the system say to them that them are banned.

What to do???

 

[Ozzy47]

Well I can just about guarantee that is not from any of the mods I recommend. I suggest disabling SOM, via Plugins & Products --> Manage Products and see if the issue still persists.