Bot signups

B

bro

Perch
Just out of curiosity, how do so many bots sign up for this forum? Given it has reCaptcha on the registration form it should be fairly safe. I have much simpler captchas or checks on some registrations and they're never affected by automated signups. Seems they must be bypassing it. It seems unlikely this forum would get human-powered bot signups.

e.g. Online now: SteantUnarbep, MeetsMergefew, INONDOVADIP, reommaBax, JentSypevep, WawOpepsyapex, unotrurtura, Upsecehem18vmecvvof, Wawdrurodsdew, obtaiteGemo, ploloboable, Infuviani, Suttonubm, FleliaJiche, TreaclePraige, RorExpepeTeet, cicyOveptirty, Shoultmuh

All of those look like bots to me. (Apologies if not, TreaclePraige... :) )
 
Agreed, and we have a couple anti bot measures in place and it still happens. :(

I was out yesterday to close on my house and get a quick load of stuff unpacked(it was starting to rain had no choice on timing) and had about a 6 hour period I was not watching things, I came back to over 500 spam posts. it was the first time I'd ever had that here. I've seen both signups, but it was the first time for that level of spam blasting.

May need to see what's happened on the bot tech side at the xenforo forums because something is being bypassed/exploited on both signups and posting now. What was worse is that we have an option on most posts for 'spam cleanup' and it wasn't there so it took a while to clean up all the post litter!
 
Just tried it out and I see you need to answer the email confirmation link as well to sign up. I've never actually seen a bot do that, and I do use some common unmodified registration forms like Joomla, but I suppose that's just as easily scripted. Doing some readin up on it, it does seem reCaptcha gets broken on occasions, when bots get trained up on Google's current data set. reCaptcha is a big target and worthwhile trying to crack.

I often modify registration forms so that they non-standard, usually just adding a stupidly simple captcha of my own design that bots won't have seen anywhere else. I've even had some for years where the captcha word doesn't ever change. Just something like "Enter 'human' here:" and then reject any that don't have that entered. It wouldn't work on a big target site, but it works fine for most sites, and it's easy to change the wording or use an image for that if the bots ever do get intelligent enough to actually read something new, which I don't believe most can do. They mostly hit forms that they already understand.
 
I changed to a simple version with random questions here for a bit to throw them for a loop maybe, we shall see.
 
You must log in or register to reply here.
Back
Top