Hi Folks!
So I've upgrade to the latest version of vbulletin, which should have some security fixes. The 4.0 series has been out for some time, yet it was a major change so I delayed upgrading until others had time to find all of the newly added bugs. I would guess there were a few because the used to always provide an upgrade for even the easiest fixes and now they are providing patches. That keeps them from having to bump the version numbers up and muddies the waters, so to say,
So the most major change I made was to user registration. The image verification method re-captcha, that came out of digitizing books at Carnegie Mellon University and displayed words that the software there couldn't convert to text appears to be cracked. So spam bots were able to automatically register.
To stop that, I've changed two options. First, before upgrading, I had made new registered user be moderated. This is what lead me to see that bots were registering. The process was too fast and they were still registering. Second, after upgrading, I put in a Q&A human verification with my own dumb questions. The end result, 12 real people registered yesterday. All were spammers. Almost all from southern Asia (i.e. India, Bangladesh, and Vietnam).
Next I need to find or write a plug in to allow or block signups from a list of allowed countries. Fairly easy to write one. Would rather find one but while I've looked, I haven't found one yet. Once I have that, and see it's working, I ought to be able to turn off moderation of user registration.
Third, I'm watching the internet addresses of new registrations and blocking large chunk in Asia. This is really not a solution because there are so many, but until I have to country blocker in, this is a work around.
Forth, I'm pruning down the users by deleting those that haven't posted at all or haven't posted in a few months. Certainly this might hit a few legitimate people but will get rid of those spammers that sign up today to spam in October.
Fifth, I've removed the homepage property from the user profile statistics page. If you are legitimate, place such info in your signature and there is an add on already installed that uses ranking including length of registration and number of posts to keep spammers from using it.
Sixth, I installed an add in that automatically looks at information in the http data being sent to look for signatures of robots. I.e. the bots try to sent http headers acting like they are running IE4 or whatever to fool the software from detecting them. This plugin will block those bots and in the case of a false positive has a way for the real person to verify they are human and get through. Also it uses a central database of known bot internet addresses and blocks those, but as I've said there are so many Ips, that's like trying to plug holes in a sieve. But it will block someone running a central bot host. Don't think it will help it the bots are compromised computers. But adding all of these steps will make it harder for bots to register.
Last, as far as posting spam, the posting is a basic function of the board. So if a legitimate user joins, makes a couple real posts, and then posts spam, there isn't anything that can be done automatically to stop it other than moderating all posts. So rather than trying to do that, if any of you here that have been here a while and want to be a moderator, let me know. I'll get with Mama to get her opinion on the final list. Then when one of you see spam, you click a check box and then push a moderate button. Poof.
[ATTACH=CONFIG]237[/ATTACH]
Thanks for bearing with us as we try to stop these evil doers.
Matt
So I've upgrade to the latest version of vbulletin, which should have some security fixes. The 4.0 series has been out for some time, yet it was a major change so I delayed upgrading until others had time to find all of the newly added bugs. I would guess there were a few because the used to always provide an upgrade for even the easiest fixes and now they are providing patches. That keeps them from having to bump the version numbers up and muddies the waters, so to say,
So the most major change I made was to user registration. The image verification method re-captcha, that came out of digitizing books at Carnegie Mellon University and displayed words that the software there couldn't convert to text appears to be cracked. So spam bots were able to automatically register.
To stop that, I've changed two options. First, before upgrading, I had made new registered user be moderated. This is what lead me to see that bots were registering. The process was too fast and they were still registering. Second, after upgrading, I put in a Q&A human verification with my own dumb questions. The end result, 12 real people registered yesterday. All were spammers. Almost all from southern Asia (i.e. India, Bangladesh, and Vietnam).
Next I need to find or write a plug in to allow or block signups from a list of allowed countries. Fairly easy to write one. Would rather find one but while I've looked, I haven't found one yet. Once I have that, and see it's working, I ought to be able to turn off moderation of user registration.
Third, I'm watching the internet addresses of new registrations and blocking large chunk in Asia. This is really not a solution because there are so many, but until I have to country blocker in, this is a work around.
Forth, I'm pruning down the users by deleting those that haven't posted at all or haven't posted in a few months. Certainly this might hit a few legitimate people but will get rid of those spammers that sign up today to spam in October.
Fifth, I've removed the homepage property from the user profile statistics page. If you are legitimate, place such info in your signature and there is an add on already installed that uses ranking including length of registration and number of posts to keep spammers from using it.
Sixth, I installed an add in that automatically looks at information in the http data being sent to look for signatures of robots. I.e. the bots try to sent http headers acting like they are running IE4 or whatever to fool the software from detecting them. This plugin will block those bots and in the case of a false positive has a way for the real person to verify they are human and get through. Also it uses a central database of known bot internet addresses and blocks those, but as I've said there are so many Ips, that's like trying to plug holes in a sieve. But it will block someone running a central bot host. Don't think it will help it the bots are compromised computers. But adding all of these steps will make it harder for bots to register.
Last, as far as posting spam, the posting is a basic function of the board. So if a legitimate user joins, makes a couple real posts, and then posts spam, there isn't anything that can be done automatically to stop it other than moderating all posts. So rather than trying to do that, if any of you here that have been here a while and want to be a moderator, let me know. I'll get with Mama to get her opinion on the final list. Then when one of you see spam, you click a check box and then push a moderate button. Poof.
[ATTACH=CONFIG]237[/ATTACH]
Thanks for bearing with us as we try to stop these evil doers.
Matt
am 
so :o happy!!