Bot signups

Discussion in 'Chit-Chat' started by bro, May 11, 2013.

  1. bro

    bro Perch

    Just out of curiosity, how do so many bots sign up for this forum? Given it has reCaptcha on the registration form it should be fairly safe. I have much simpler captchas or checks on some registrations and they're never affected by automated signups. Seems they must be bypassing it. It seems unlikely this forum would get human-powered bot signups.

    e.g. Online now: SteantUnarbep, MeetsMergefew, INONDOVADIP, reommaBax, JentSypevep, WawOpepsyapex, unotrurtura, Upsecehem18vmecvvof, Wawdrurodsdew, obtaiteGemo, ploloboable, Infuviani, Suttonubm, FleliaJiche, TreaclePraige, RorExpepeTeet, cicyOveptirty, Shoultmuh

    All of those look like bots to me. (Apologies if not, TreaclePraige... :) )
  2. Stephen

    Stephen US Operations Staff Member

    Agreed, and we have a couple anti bot measures in place and it still happens. :(

    I was out yesterday to close on my house and get a quick load of stuff unpacked(it was starting to rain had no choice on timing) and had about a 6 hour period I was not watching things, I came back to over 500 spam posts. it was the first time I'd ever had that here. I've seen both signups, but it was the first time for that level of spam blasting.

    May need to see what's happened on the bot tech side at the xenforo forums because something is being bypassed/exploited on both signups and posting now. What was worse is that we have an option on most posts for 'spam cleanup' and it wasn't there so it took a while to clean up all the post litter!
  3. bro

    bro Perch

    Just tried it out and I see you need to answer the email confirmation link as well to sign up. I've never actually seen a bot do that, and I do use some common unmodified registration forms like Joomla, but I suppose that's just as easily scripted. Doing some readin up on it, it does seem reCaptcha gets broken on occasions, when bots get trained up on Google's current data set. reCaptcha is a big target and worthwhile trying to crack.

    I often modify registration forms so that they non-standard, usually just adding a stupidly simple captcha of my own design that bots won't have seen anywhere else. I've even had some for years where the captcha word doesn't ever change. Just something like "Enter 'human' here:" and then reject any that don't have that entered. It wouldn't work on a big target site, but it works fine for most sites, and it's easy to change the wording or use an image for that if the bots ever do get intelligent enough to actually read something new, which I don't believe most can do. They mostly hit forms that they already understand.
  4. Stephen

    Stephen US Operations Staff Member

    I changed to a simple version with random questions here for a bit to throw them for a loop maybe, we shall see.

Share This Page

JodoHost - 26,000 hosting end-users in 100 countries
Plesk Web Hosting
VPS Hosting
H-Sphere Web Hosting
Other Services