(2010-09-09, 09:53 AM)racoq Wrote: [ -> ]is it just me or the devs don't care about this issue?
I've never seen a lead developer discussing this mybb flaw
Of course they care.. It's just extremely hard to combat bot registrations because the developers of xrumer and the like aren't sitting still either.
A custom captcha might work best..
I have an extremely easy captcha on my forum for posting and registering , but hardly have botregistrations.. (maybe 5 a year or so..) Just because the bots don't recognize it (yet)..
(2010-09-09, 05:47 AM)blake Wrote: [ -> ]I have the same issues, I'm going to try to add a human verification to the site. I've gotten these bots.
AbelAnderson
VictorBustinzaVictorBustinza
They are most likely human anyway. Cheap labour hired to post a premade post in forums.
(2010-09-09, 05:47 AM)blake Wrote: [ -> ]I have the same issues, I'm going to try to add a human verification to the site. I've gotten these bots.
AbelAnderson
VictorBustinzaVictorBustinza
The "flaw" you are speaking of isn't a flaw. There is no way to stop all spam registrations. Human verification only works against bots. Like I said, they are probably humans thus they pass human verification.
I agree with Tommyk. I have 2 captcha systems working together AND COOPA (so they have to enter a b-day) and I don't think Bots can do this without human help.
I have yet to see any posts by them even after letting them sit for a few days so I'm thinking they are registering a set number before plugging them into whatever scripts they use to start the post spamming.
Well, if you think about it. you have 2 captchas and COPPA. So, for each captcha it would get twice as hard to bypass, thus twice as much or more resources. Then they simply need to put a birth date over a certain age. However, with two captchas and COPPA they would need to write/hire someone to write a custom script for your forum.
So if you think about server costs and processing power needed, along with bypass:fail ratios, it is probably much cheaper and easier to just employ cheap labor in asia and mddle eastern countries.
Spam bots adapt.
We also have a Recaptcha and it isn't effective enough against this threats.
also since the begining of this month we are using stop forum spam (Pirate Nervo referred it earlier), and although it helped combat fake profiles, we still have many regsitrations per day.
is there a plugin for registration that asks some random question (from many questions), and require correct answer? for example:
"how many words in this sentence?"
(2010-09-09, 09:06 PM)Maj Wrote: [ -> ]is there a plugin for registration that asks some random question (from many questions), and require correct answer? for example:
"how many words in this sentence?"
Yes, but it doesn't work. I tried it today and the option in the adminCP was missing that allowed you to specify the question (and never showed up on the new user registration page, I checked). It's one of them plugins where people say change the version to 16 by editing the file but that allows installation, but doesn't actually make the plugin compatible (dirty hack).
Who knows, maybe someday they cba to update it proper and fix this issue.
(2010-09-10, 02:33 AM)intenso Wrote: [ -> ]Who knows, maybe someday they cba to update it proper and fix this issue.
Why be like that?? You realise that no matter what checks we put in, if a human is registering them they'll always be able to get past them, and no matter what we do spam bots will always get past things before too long. If there was a simple way to stop spam full stop, everybody would be doing it and there would be no spam on the internet at all.
(2010-09-10, 07:49 AM)MattRogowski Wrote: [ -> ] (2010-09-10, 02:33 AM)intenso Wrote: [ -> ]Who knows, maybe someday they cba to update it proper and fix this issue.
Why be like that?? You realise that no matter what checks we put in, if a human is registering them they'll always be able to get past them, and no matter what we do spam bots will always get past things before too long. If there was a simple way to stop spam full stop, everybody would be doing it and there would be no spam on the internet at all.
I'm afraid you have misunderstood what I was trying to say. I was talking about the plugin that asks users simple questions like "what's the color of the lone rangers big white horse" and how it's broken/not compatible with MyBB 1.6. I'm not talking about MyBB or trying to say you all don't care about security, in fact I've not made any accusations unlike others in this post so why you would single out my comment on a totally unrelated issue just seems a little silly unless you have taken my comment about the plugin out of context.
I hope this clears things up for you.
I do apologise, I misread it
