Skip to navigation

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.

// Home / Blogs

Posted on January 12th, 2011 by Davey Winder

vBulletin forums hit by reCAPTCHA cracking spam bot

spam

Since the holidays ended, security vendors have been happily telling me that spam levels have dropped dramatically. The spammers, they say, have taken some time off.

That may well have been the case as far as email spam was concerned, but back in the real world — which includes any business running a vBulletin forum for customer support — things have been far from quiet. In fact, there’s something of a spam crisis going on right now as it appears the bad guys have worked out how to crack the reCAPTCHA system that safeguards vBulletin-powered forum registrations from automated bots.

Google officially remains adamant that there is no problem with the reCAPTCHA system, which it operates. A Google spokesperson told PC Pro that it has “found reCAPTCHA to be far more resilient than other options while also striking a good balance with human usability”.

However, the simple fact is that currently it seems to be as much use as an ashtray on a motorbike to anyone operating a vBulletin forum. In fact, it became pretty useless on 4 January when spammers apparently got their collective hands on a piece of software that circumvents reCAPTCHA and allows for a fully automated registration process. The bots have been busy, very busy indeed, ever since.

It seems to be as much use as an ashtray on a motorbike to anyone operating a vBulletin forum

A number of small businesses running vBulletin-based support forums have noticed a dramatic increase in the number of new member registrations during the past week. At first they were naturally quite pleased with this, until it dawned on them that the new members all hailed from Russia and had started to post spam of the worst possible kind (child porn and rape video links, for example). Over the weekend the software had obviously started to get more widely distributed as new member registrations turned up in volume from numerous locations around the world, all intent on posting spam.

For some, the forums provide more than just customer support, they actually are the business itself. For them, this has been a troublesome week, with huge demands on their resources both in terms of the bandwidth being used by the spammers and the manpower required to keep track of them and delete their accounts and their postings.

A Google source who did not wish to be quoted directly confirmed that the company had recently noted a higher amount of spam getting through on some forums, but insisted there was no evidence to suggest it was automated or impacting on larger sites.

On the front line

I disagree, having been on the front line with one such large site that was victim to an attack. The registrations came through at such a rate that it beggars belief to think it was anything but automated. Those registrations stopped dead when reCAPTCHA was eventually supplemented with an alternate method of validation, as instantly as flicking a switch. If the attack was not automated, and if humans were manually completing the registrations, adding another layer of verification would have made no difference.

captcha

Yet that same Google source insists the company modifies algorithms “rapidly to respond to new types of automated attacks” and any type of spam increase will not remain for long if it’s bot-produced. The evidence suggests otherwise when one large forum was under attack from the 4th January until the 11th January, with hundreds and hundreds of automated registrations until an additional layer of validation was introduced. I’m not sure what the Google definition of rapid response is, but eight days wouldn’t be mine.

What to do

Thankfully there is a relatively easy solution available, and it has proved to be 100% effective for those which have now implemented it: simply add the vBulletin Question and Answer Verification option into the registration process. This requires human thinking to be able to complete a registration, by asking a question such as “what colour was the white cloud?” or “what is the fourth word in this sentence?” for example.

To do this, enter your vBulletin Admin Control Panel and choose ‘Human Verifications Options|Image Verification|Question & Answer|Save’ then click on ‘Add New Question’ and save your question before clicking on ‘Add New Answer’ and then saving that.

Of course, if you just have one question and answer the spammers will soon get wise to it, so it’s best to have multiple Q&A sets. Then, vBulletin will choose one at random to present as verification during the registration process.

I’m also advising clients to add another layer of protection at the same time by implementing the vbStopForumSpam plug-in modification, available for free to registered vBulletin license holders from the vBulletin site, which employs a RBL database approach to blocking known spam IP and email addresses. During the registration process it will then check the data against the known spammer list and reject it if there’s a match.

Tags: , , , , ,

Posted in: Real World Computing

Permalink

Follow any responses to this entry through the RSS 2.0 feed.

You can skip to the end and leave a response. Pinging is currently not allowed.

17 Responses to “ vBulletin forums hit by reCAPTCHA cracking spam bot ”

  1. stasi47 Says:
    January 12th, 2011 at 5:22 pm

    “large forum was under attack from the 4th January until the 11th January, with hundreds and hundreds of automated registrations(…)

    Allow me to put it into perspective…
    “hundreds and hundreds” – that sounds to me like a number around 2000 registrations.

    Let’s speculate it was indeed like 2000 registrations….

    2000 divided by 8 work days is about 30 registrations per hour. With just two registrations per minute it looks to me like that the registration process was merely automated. The reCAPTCHA wasn’t thus circumvented, it was still processed by a human eye in some country notorious for low wages.

     
  2. Adrian Harris Says:
    January 12th, 2011 at 5:42 pm

    Hi,

    I oversee the operations of the software mentioned in this article, vBulletin.
    We have made an announcement for all customers utilizing vBulletin, providing them with methods outside of reCAPTCHA for combating spam.

    http://www.vbulletin.com/forum/showthread.php/370694-Increased-Spamming-Attempts-and-Ways-to-Combat-It

    If any customer of vBulletin has any concerns, they are welcome to contact us at support@vbulletin.com

    Thanks,
    Adrian

     
  3. Simon Says:
    January 13th, 2011 at 7:58 am

    So the problem is not actually reCaptcha, but the way it’s implemented on vBullentin forums?

     
  4. Mark Says:
    January 13th, 2011 at 8:36 am

    Its not just vBulletin Forums we run IP.Board with reCAPTCHA and we have had hundreds of Spam Bots join. We have had to put all new members on manual activation

     
  5. Anticapturist Says:
    January 13th, 2011 at 10:43 am

    I believe text-based captchas lost any sense. Any their complication (letters distortions, etc.) just make them relatively more easy (attractive) to machines than to human users.

    I wonder why non-typing-text based ones, like KeyCAPTCHA, with opposite paradigm (to be more easy to humans and imposible to machines) are not being widely used?

     
  6. Tony Says:
    January 14th, 2011 at 4:15 pm

    I have to say that Google are actually one of the biggest purveyors of spam. Prett much all the forms that come through my website, and all the registrations, are from gmail accounts.

    Google doesn’t care. They said there’s no way to prove that it really was gmail that the spam came from. But for vBulletin they have to receive a validation email, so they are real addresses.

    But Google cares way more about incoming spam, rather than what it generates.

     
  7. Dean Says:
    January 16th, 2011 at 2:05 am

    Hi,

    I don’t use forum software and i must say for the past 2 weeks or more i have noticed an increase of spam. I have used reCAPTCHA for several years now and it’s always worked but lately it does not seem upto the job. I am a developer and have since had to implement more spam measures.

    I think Google is not being truthful as i myself and many others are noticing reCAPTCHA is no longer working as it should. It seems spambots are very easily cracking the captcha(s).

    I think Google is to blame, obviously not for the spam but it’s strange how the reCAPTCHA has just suddenly seemed to have died as it is no longer working anymore :(

    Goodbye reCAPTCHA.

     
  8. murgi Says:
    February 20th, 2011 at 4:43 pm

    God help us.. seriously, my site has been recieving spam like never before.. just got something like 100 users yesterday.. and i got recaptcha all setup.. trying to add some more layers of spam protection right now.

    as for google, seriuosly i dont care wat they got to say, i know recaptcha is dead.. its powers are over :(

     
  9. Rodney Says:
    March 17th, 2011 at 6:23 pm

    We have also been hit hard by this. Knew it was bot related as I had registrations turned off for a month or so and within 5 minutes of turning on, I had 3 new registrations. Can’t understand why people get off on causing issues for others. Where is the fun in that?

     
  10. Del Says:
    July 7th, 2011 at 10:09 am

    Even worse than the recatcha cracking bots are the spam bots that by passes the registration process all together with posts from users that have not registered with names like plepdaype, StaimapathInhext but have noticed these posts occur when google[bot] or yahoo[bot] are online in the forum even though they themselves are not registered.

     
  11. HotNoob Says:
    November 9th, 2011 at 6:33 pm

    reCaptcha was cracked a long time ago, it just seems too have recently gone main stream.

     
  12. الشيخ الروحاني Says:
    March 9th, 2012 at 9:43 pm

    thank you but reCaptcha was cracked a long time ago

     
  13. minolaa Says:
    May 24th, 2012 at 5:20 am

    In the past Pepsi has been known for making and distributing oddly flavored versions of their famous Pepsi soda. They’ve made their soda clear, white, clear, red, and now they’re going blue with Pepsi blue.

     
  14. dellauk Says:
    September 24th, 2013 at 1:11 pm

    There are plenty of anti-spam plugins that bloggers can use to try and prevent the posting of comment spam. These vary in effectiveness, and amount of administration involved in ensuring that genuine posts are not categorised as spam or vice versa.
    If you can prevent the majority of spammers from targeting your site in the first place, then you will reduce time spent on moderation and the chances of letting spam through.
    Spam Hammer 3-Series is a well-known high-value anti-spam cloud plugin, now available for WordPress blogs

     
  15. camila deget de la picior Says:
    July 8th, 2014 at 12:40 pm

    Hi, There’s no doubt that your blog mayy be
    having internet browser compatibility problems. Whenever I take a
    liok at your blog in Safari, it looks fine however when opening in Internet Explorer, it’s got some overlappihg issues.
    I simply wanted to give you a quick heads up! Other than that, fantastic website!

     
  16. Martin Brampton Says:
    August 13th, 2014 at 8:59 am

    ReCaptcha etc are horrible for human users – if it isn’t very important to me, I go away rather than have to use them. So I refuse to use them on my own web sites.

     
  17. Moises Says:
    October 15th, 2014 at 8:12 pm

    What’s up mates, nice piece of writing and good arguments commented at this place, I am genuinely enjoying
    by these.

     

Leave a Reply

Spam Protection by WP-SpamFree

* required fields

* Will not be published

Authors

Categories

Archives

advertisement

SEARCH
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010