MyBB Community Forums

MyBB Community Forums > 1.8 Support > General Support > Chinese Spam Bots with Captcha and Security Question
Full Version: Chinese Spam Bots with Captcha and Security Question
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Darkrad

2018-04-03, 10:24 AM
So I am having a weird issue recently.

I have Google Captcha in my forum when you register, I also had unique security question which made my life much easier, prevented any bot from registering to forum for a long time. But it changed recently. Almost everyday I am seeing bots registering to forum and spamming, so I changed security question to something even more unique, something like "in what year our republic has been declared?" and apparently today they even passed that question and managed to register.

So I have following questions:
  1. Is it possible for bots to register WITHOUT answering those questions or captcha?
  2. Is it possible that those "bots" are actually humanbeing who can actually pass those security measures?
  3. If so, what might be their purpose in spamming the forum?
  4. Did you see anything similar in your forums like Chinese spam accounts managing to bypass unique security questions?
  5. What can I do about all this issue?

DocHoliday

2018-04-20, 03:00 PM
The solution to automatic bot registration is to not have a question, but rather instruct them to insert a specific semi complex string. As on my forum the security question on the registration reads like this:

To prove you are not a robot, please copy this exactly, into the box below: IamNOTaSpambot!2011

This will obviously only prevent automatic signups. Yes, humans will register to spam your forum.

You can use the MyBot plugin to automatically detect certain strings that you might find in spam posts, then the bot can moderate automatically. However be very careful choosing your strings as you could end up moderating legit members posts. You can also set the bot to only moderate posts made by new members. Have your bot place the posts in a closed forum that you can monitor.

laie_techie

2018-04-20, 03:13 PM
I have about 24 questions which are randomly chosen so bots can't be retrained with always providing the same answer.

DocHoliday

2018-04-20, 03:26 PM
The reason I do it that way is because I was contacted by members who failed the questions. They may know the answer but a simple typo and they get rejected. They are usually temporarily annoyed at the signup page anyway so this made it easier. Havnt had a problem with it in nearly a decade.
MyBB Community Forums > 1.8 Support > General Support > Chinese Spam Bots with Captcha and Security Question