I have several drupal sites and I constantly get barraged with requests for accounts. I have Image CAPTCHA setup on all these sites and still I'm still getting 20 requests a day, mostly from China. Anyone able to share what these people/automatons are trying to do? How are they getting through CAPTCHA? How can I stop them? I am running a pretty old version of Drupal on a couple of sites, but even with almost current versions they flood in.
Thanks for any help you can offer.
--- Wayne Johnson, | There are two kinds of people: Those 3943 Penn Ave. N. | who say to God, "Thy will be done," Minneapolis, MN 55412-1908 | and those to whom God says, "All right, (612) 522-7003 | then, have it your way." --C.S. Lewis
There are lots of ways they get passed CAPTCHA. It is a pain. I have had very good success with both reCAPTCHA and Mollom. On Oct 30, 2012 9:58 AM, "Wayne Johnson" wdtj@yahoo.com wrote:
I have several drupal sites and I constantly get barraged with requests for accounts. I have Image CAPTCHA setup on all these sites and still I'm still getting 20 requests a day, mostly from China. Anyone able to share what these people/automatons are trying to do? How are they getting through CAPTCHA? How can I stop them? I am running a pretty old version of Drupal on a couple of sites, but even with almost current versions they flood in.
Thanks for any help you can offer.
Wayne Johnson, | There are two kinds of people: Those 3943 Penn Ave. N. | who say to God, "Thy will be done," Minneapolis, MN 55412-1908 | and those to whom God says, "All right, (612) 522-7003 | then, have it your way." --C.S. Lewis
-- [ Drupal support list | http://lists.drupal.org/ ]
Try the spambot module. It checks email addresses against known stammers.
Ken Sent from my Verizon Wireless BlackBerry
-----Original Message----- From: Wayne Johnson wdtj@yahoo.com Sender: support-bounces@drupal.org Date: Tue, 30 Oct 2012 08:57:36 To: support@drupal.orgsupport@drupal.org Reply-To: support@drupal.org, Wayne Johnson wdtj@yahoo.com Subject: [support] Spammers
Mollom blocks around 95% of spam sign ups and comments for me, but it's still not absolute.
You can also block countries via GeoIP and apache, I've had some success with this because most bad requests come from China, Russia, and Africa (I've blocked many more as well). The obvious problem is that you block potentially legitimate users, and this may not be acceptable depending on your website.
Another great option is the quiz module for captcha (I forget the name) but you basically write your own short random questions with simple answers. No robot can get past those without human aid.
The final and worst bit that I'll add, is that there's no way to stop the spammers entirely. If they think they can profit off of your site they will spend money on paying people to sit there and answer captcha questions.
Best of luck.
On Tue, Oct 30, 2012 at 12:07 PM, Ken Robinson kenrbnsn@rbnsn.com wrote:
Try the spambot module. It checks email addresses against known stammers.
Ken Sent from my Verizon Wireless BlackBerry
-----Original Message----- From: Wayne Johnson wdtj@yahoo.com Sender: support-bounces@drupal.org Date: Tue, 30 Oct 2012 08:57:36 To: support@drupal.orgsupport@drupal.org Reply-To: support@drupal.org, Wayne Johnson wdtj@yahoo.com Subject: [support] Spammers
-- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
Hi Nancy, unfortunately blocking individual IPs and blocks of IPs does not guarantee you're blocking a specific country. There is a GeoIP Apache module that translates IP addresses into geographic location, and happens at the web server layout. This is much different than the built in IP-Blocking that happens in the drupal layer and is much less flexible.
I would not recommend blocking blocks of IP addresses w/o Geo look up information, as you're not guaranteed uniform IP address allocation globally.
On Tue, Oct 30, 2012 at 12:51 PM, Ms. Nancy Wichmann nan_wich@bellsouth.net wrote:
You don't need any modules to block IPs. Go to admin/config/people/ip-blocking
Nancy Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.
From: Patrick Avella You can also block countries via GeoIP and apache,
-- [ Drupal support list | http://lists.drupal.org/ ]
The only module you'll need for all spam (comments, bogus account creation, etc)... works awesome. http://drupal.org/project/botcha
On Oct 30, 2012, at 11:21 AM, Patrick Avella wrote:
Hi Nancy, unfortunately blocking individual IPs and blocks of IPs does not guarantee you're blocking a specific country. There is a GeoIP Apache module that translates IP addresses into geographic location, and happens at the web server layout. This is much different than the built in IP-Blocking that happens in the drupal layer and is much less flexible.
I would not recommend blocking blocks of IP addresses w/o Geo look up information, as you're not guaranteed uniform IP address allocation globally.
On Tue, Oct 30, 2012 at 12:51 PM, Ms. Nancy Wichmann nan_wich@bellsouth.net wrote:
You don't need any modules to block IPs. Go to admin/config/people/ip-blocking
Nancy Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.
From: Patrick Avella You can also block countries via GeoIP and apache,
-- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
Still not a guarantee. There is no guarantee for stopping spam. Just ask Google, Hotmail, Facebook, Twitter, etc.
One of the big things going on now is that companies are paying people to create accounts. They also use proxies from computers infected with viruses, which makes it extra hard to catch.
For one client, that has seen over 40,000 spam account in the past 2 months (we tried Mollom, Botcha, every Captcha method and Bad Behavior). I have been trying numerous, custom modules and methods. I have one that is working really well right now. I'm afraid to release it though, since if the spammers get a hold of it then they can see the work around.
What you need to do is be very vigilant. Record the request headers and look for things in there that might give it up. Try to limit the number of registrations for a period of time for each IP. Block the countries, if they are all coming from a certain one. Actually you can block the registration page for those countries.
But, as I said in the beginning, there is not a fool-proof way. If someone does come up with it, then their name would be about as common as Bill Gates and their wallet close to the same size. The big companies spend millions trying to fight spam accounts and are still losing out on the battle.
Jamie Holly http://www.intoxination.net http://www.hollyit.net
On 10/30/2012 5:00 PM, Lynn wrote:
The only module you'll need for all spam (comments, bogus account creation, etc)... works awesome. http://drupal.org/project/botcha
On Oct 30, 2012, at 11:21 AM, Patrick Avella wrote:
Hi Nancy, unfortunately blocking individual IPs and blocks of IPs does not guarantee you're blocking a specific country. There is a GeoIP Apache module that translates IP addresses into geographic location, and happens at the web server layout. This is much different than the built in IP-Blocking that happens in the drupal layer and is much less flexible.
I would not recommend blocking blocks of IP addresses w/o Geo look up information, as you're not guaranteed uniform IP address allocation globally.
On Tue, Oct 30, 2012 at 12:51 PM, Ms. Nancy Wichmann nan_wich@bellsouth.net wrote:
You don't need any modules to block IPs. Go to admin/config/people/ip-blocking
Nancy Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.
From: Patrick Avella You can also block countries via GeoIP and apache,
-- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
I've been impressed with Honeypot http://drupal.org/project/honeypot which adds a field only bots see (like botcha) and also uses a time limit. If a form is completed in less than a configurable time (default 5 sec) it is rejected. Bots usually fill forms in milliseconds and can't afford to hang around for longer so this is a particularly effective defence. I think captcha and recaptcha are almost useless now and depending on spammer lists (requiring lots of calls to an external service) can be slow.
Neil
On Tue, Oct 30, 2012 at 7:17 PM, Jamie Holly hovercrafter@earthlink.netwrote:
Still not a guarantee. There is no guarantee for stopping spam. Just ask Google, Hotmail, Facebook, Twitter, etc.
One of the big things going on now is that companies are paying people to create accounts. They also use proxies from computers infected with viruses, which makes it extra hard to catch.
For one client, that has seen over 40,000 spam account in the past 2 months (we tried Mollom, Botcha, every Captcha method and Bad Behavior). I have been trying numerous, custom modules and methods. I have one that is working really well right now. I'm afraid to release it though, since if the spammers get a hold of it then they can see the work around.
What you need to do is be very vigilant. Record the request headers and look for things in there that might give it up. Try to limit the number of registrations for a period of time for each IP. Block the countries, if they are all coming from a certain one. Actually you can block the registration page for those countries.
But, as I said in the beginning, there is not a fool-proof way. If someone does come up with it, then their name would be about as common as Bill Gates and their wallet close to the same size. The big companies spend millions trying to fight spam accounts and are still losing out on the battle.
Jamie Holly http://www.intoxination.net http://www.hollyit.net
On 10/30/2012 5:00 PM, Lynn wrote:
The only module you'll need for all spam (comments, bogus account
creation, etc)... works awesome.
http://drupal.org/project/botcha
On Oct 30, 2012, at 11:21 AM, Patrick Avella wrote:
Hi Nancy, unfortunately blocking individual IPs and blocks of IPs does not guarantee you're blocking a specific country. There is a GeoIP Apache module that translates IP addresses into geographic location, and happens at the web server layout. This is much different than the built in IP-Blocking that happens in the drupal layer and is much less flexible.
I would not recommend blocking blocks of IP addresses w/o Geo look up information, as you're not guaranteed uniform IP address allocation globally.
On Tue, Oct 30, 2012 at 12:51 PM, Ms. Nancy Wichmann nan_wich@bellsouth.net wrote:
You don't need any modules to block IPs. Go to admin/config/people/ip-blocking
Nancy Injustice anywhere is a threat to justice everywhere. -- Dr. Martin
L. King,
Jr.
From: Patrick Avella You can also block countries via GeoIP and apache,
-- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
I had the same problem, but CAPTCHA solved it. It won't protect you against idiots ( humans ). Try IP blocking, although I have never used it, or ignore them if you do not require real user to register. Good luck
Tom
On Tue, Oct 30, 2012 at 3:57 PM, Wayne Johnson wdtj@yahoo.com wrote:
I have several drupal sites and I constantly get barraged with requests for accounts. I have Image CAPTCHA setup on all these sites and still I'm still getting 20 requests a day, mostly from China. Anyone able to share what these people/automatons are trying to do? How are they getting through CAPTCHA? How can I stop them? I am running a pretty old version of Drupal on a couple of sites, but even with almost current versions they flood in.
Thanks for any help you can offer.
Wayne Johnson, | There are two kinds of people: Those 3943 Penn Ave. N. | who say to God, "Thy will be done," Minneapolis, MN 55412-1908 | and those to whom God says, "All right, (612) 522-7003 | then, have it your way." --C.S. Lewis
-- [ Drupal support list | http://lists.drupal.org/ ]
I did some googling and found out how to block spambots in my htaccess file. Even found a list of known bots and it worked.
On Tue, Oct 30, 2012 at 11:57 AM, Wayne Johnson wdtj@yahoo.com wrote:
I have several drupal sites and I constantly get barraged with requests for accounts. I have Image CAPTCHA setup on all these sites and still I'm still getting 20 requests a day, mostly from China. Anyone able to share what these people/automatons are trying to do? How are they getting through CAPTCHA? How can I stop them? I am running a pretty old version of Drupal on a couple of sites, but even with almost current versions they flood in.
Thanks for any help you can offer.
Wayne Johnson, | There are two kinds of people: Those 3943 Penn Ave. N. | who say to God, "Thy will be done," Minneapolis, MN 55412-1908 | and those to whom God says, "All right, (612) 522-7003 | then, have it your way." --C.S. Lewis
-- [ Drupal support list | http://lists.drupal.org/ ]
I have random captcha (captcha-pack), gotcha, and registration quiz. Never get more than one or two spam-registration per month, but about thousand of spam-registrations are blocked each month.
Jarry
On 30-Oct-12 16:57, Wayne Johnson wrote:
I have several drupal sites and I constantly get barraged with requests for accounts.
-
Jamie Holly -
Jarry -
Ken Robinson -
Linda Romey -
Lynn -
Ms. Nancy Wichmann -
Neil Adair -
Patrick Avella -
Steve Kessler -
Tomasz Kisielewski -
Wayne Johnson