Baanboard.com

Baanboard.com (http://www.baanboard.com/baanboard/index.php)
-   About Baanboard.com (http://www.baanboard.com/baanboard/forumdisplay.php?f=12)
-   -   Registration Bots from @gmail.com/@mail.ru etc (http://www.baanboard.com/baanboard/showthread.php?t=53851)

patvdv 2nd October 2008 01:52

Registration Bots from @gmail.com/@mail.ru etc
 
Hi all,

We are getting a very large amount of auto-registrations from spambots over the last couple of hours that are using @gmail.com/net/org or @mail.ru registration addresses. I am therefore banning the entire @gmail.com/net/org & @mail.ru domains temporarily for the use of registering new accounts. This will not affect members already registered with such an e-mail address.

george7a 9th October 2008 10:07

How are they passing the image verification test?

I know that some forums keep the text that is in the image somewhere inside the PHP code. I checked BB but I could find the leak.

patvdv 9th October 2008 22:31

Hi George,

Nothing is hardcoded in the actual source code, the registration bots are just getting smarter all the time with OCR getting better as well. Most CAPTCH)A mechanims of the free e-mail address systems have been cracked by now (gmail, hotmail, ...) so that gives the spammers a wealth of free e-mail addresses to use (see: http://it.slashdot.org/article.pl?si...45242&from=rss). I will need to upgrade the board software to the most recent version to make it more difficult for the spammers.

george7a 13th October 2008 13:09

And they made a company out of it for blind people!

george7a 13th October 2008 15:59

How about adding another question to the sign up forum which is similar to:
Quote:

How much is X + Y ?
Of course X & Y should change always.

- George

patvdv 13th October 2008 21:00

Hi George,

I believe such questions are part of the security scheme in the next release of the forum software. So I will implement it in the near future. Nevertheless, even that measure is not abuse-proof unless the questions are formulated in such a way that they can be be answered by using for example rainbow tables.

george7a 27th October 2008 11:00

More than 2 weeks has passed and I have not seen a spammer!

Good job Pat!

patvdv 28th October 2008 21:27

Hi George,

Thanks. They seem to come in waves so let's not declare victory just yet.

patvdv 4th November 2008 11:02

Hi all,

I am letting @gmail addresses pass again for registration.


All times are GMT +2. The time now is 04:56.


vB.Sponsors
©2001-2017 - Baanboard.com - Baanforums.com