Something has to be done to keep these bots off of the site. Are they actually going through the process or inserting their userid/password into the database directly? The site is becoming useless and it's not fair to the moderator(s) to have him or them spend all of their time clearing them out.

A lot of lists just put new members on moderate status for a week or so. But a good Captcha would help tho they have been cracked. I doubt that this list would attract the attention of that sort of hacker.

What is Captcha? I'm thinking that the next step may be "Please provide a valid email address. We will send a trail member activation key to your email."

I'm going to be gone for a couple days, so relax and ride through it.

Bill

No worries Bill, I know you have been swamped, the captcha thing is the picture with the letter/numbers obscured so a machine can't "screen scrape" them, i.e. more lines through them, etc. I'm not sure sending the activation thing to email will stop these bots, they are probably set up to submit a valid email and programatically check it for the activation key. Unfortunately there is no way to keep them all out but could weed out a few more with some stronger requirements during the registration phase.
Thanks for all you do on here,
Pat

Biil, Here is some wikipedia info on captcha's. I really hate (but appreciate) all the time you are having to spend weeding this nonsense out.

http://en.wikipedia.org/wiki/Captcha

Pat -

Please remember that I am just a moderator, not an administrator. As I told someone the other day, my job is to follow the parade and clean up after the elephant - I never get to march in front and wear the fancy hat. From my end of the parade, I don't really know what goes on up there.

That being said, I am under the impression that we are not seeing machine bots. These are probably humans, though I have no clue why they are doing this - just for the thrill, I guess. I understand that some of them keep score, and are in competition with other like-minded idiots.

About a year ago, we went through a terrible interval where the machine bots were suddenly killing us. And it was real spam - someone was trying to sell something in every post. Chris installed a new front end to defeat machine bots, and the spam dropped to zero overnight. I don't know the details, but things were quiet until this latest invasion.

The advantage of "send us a valid email" is that once identified, the ISP can be black-listed, and nothing more from that ISP will get through. ISPs don't like this, of course, so it encourages them to crack down on the abusers.

Bobby -- thanks for the link. I'll peruse it tomorrow. Obviously I need to get a lot smarter about this issue. In the meantime, I'll just keep that shovel handy.

EDIT: OK, I just took a look at the Registration page (I know, I should have done it a long time ago), and it appears that there is a Captcha image-verification test. This is apparently what Chris installed a year ago, and I'm not sure how a bot would get past it. There is also a send-me-an-email-address block, but no indication that the address will be checked for validity and stored as a banned-ISP control measure. We'll see what the next step is.

Bill

What is Captcha? I'm thinking that the next step may be "Please provide a valid email address. We will send a trail member activation key to your email."

I'm the admin of another vBulletin forum and email verification really is the best way to attack that problem. It's a little cumbersome but is a one-shot deal for most users. Adding moderators helps, too, if you can find a few who are ready, willing, and able.

Well I haven't been on the list that long so this is probably inappropriate, but I'll volunteer to help. I haven't done any moderating in years tho I once ran a couple of very large Compuserve forums before they sold out to the devil...Heh.

BK

Guys,
Sorry for some of the delays, but I finally got a real job, and have been adjusting to working 40 hours again instead of lounging around. ;) There is a huge problem with these spammers, and the whole vbulletin community is affected. The Captcha's aren't getting them. They have valid emails, and they ARE authenticating. We do know that they're bots, and that most of them are originating from Chinese based IP addresses. What we also know is that there has been a purchase through Russia of a large block of IP's from a chinese domain. We're pushing VBulletin to make some changes, and honestly, I haven't finished reading all of the posts on the VB site, but we're working on it. There are some best known methods that we're looking at, but it also affects users signing up. There is a balance that needs to be achieved.

I am working it. I know it's frustrating, and I know it's bothersome. There isn't an easy way out of this like before, but we're figuring out what they're doing and how they're doing it, and that will help us stop it.

Keep reporting them as you see them, and we'll wipe them out.
Ct..

Perhaps we should start a "Report Spammer Here" thread in this section that is a central point to report spammers. That will help you guys going through multiple reports of the same person.

Dave