Xrumer infestation

O

o hai guyz

New member
Jan 15, 2010
917
8
0
One of my legitimate content forums has been infested with xrumer spam as of yesterday. I've tried all the different captcha options and added questions to the registration process but somehow it's able to solve all of them, and moderators are wasting lots of time deleting posts and banning people nonstop.

Can someone give me some insight into how exactly it solves the q&a registration questions and/or some ideas on how to block it from registering? I've temporarily stopped it by requiring all new accounts to be verified by admins, but this isn't something I want to do permanently. (this is on phpbb)
 


Replace your "Username" "Password" and input boxes labels with an image of the text instead. (Xrumer can locate the proper box to post in simply by finding the box nearest to those labels).

Next, change form-names. Randomize that shit.

And that will do it. No need for captchas. As long as your not getting spammed by humans/indians, and no one is specifically attacking your site.
 
Botmaster just added 70K textcaptchas answers to the soft 2 days ago, sounds like it's the cause.
 
slate said:
Botmaster just added 70K textcaptchas answers to the soft 2 days ago, sounds like it's the cause.
Click to expand...
Haha, I just changed my answers as I was getting hammered that day on my forum.

The best way to stop bots is manual approval.

I do Q&A plus manual approval after IP inspection. And then we have a mod for every 20 posting members, so good luck spamming bro!
 
guerilla said:
Haha, I just changed my answers as I was getting hammered that day on my forum.

The best way to stop bots is manual approval.

I do Q&A plus manual approval after IP inspection. And then we have a mod for every 20 posting members, so good luck spamming bro!
Click to expand...

I went with this and it stopped. I'm guessing Xrumer detects when you have manual approval on and it just doesn't even try registering on those forums, because ever since enabling it I haven't had a single bot account attempt to register.
 
Captchas are worthless.

If you're getting Xrumer'd, it really just means your registration workflow/footprint matches pretty much every other forum.

Easiest way to differentiate is to add one of those "Are you human?" questions that isn't the same as everyone else's. For instance, everyone uses "What's 1 + 2?" or "What is <someword> backwards?"

I own some big boards. Shit like "What's the username of the forum's administrator?" or "How many moderators do we have? Look at domain.com/modlist.php" or "Go to this link and tell me what it says" works. You can even drop out of the heuristic with simpler questions if you want. Or you can make them more complex to filter out both non-naive English speakers and robots.

If you get Xrumer blasted, you know somebody manually keyed in your answer and it was probably pushed upstream to other Xrumer'ers. In that case, swap out your questions.

Spambot APIs (IP blacklists) are silly and don't work. Just make your workflow filter bots.

Finally, make sure you have a shadowbanned usergroup on your forum where the user doesn't know they're banned yet nobody sees their posts/threads. And then shadowban-until-manual-approval anybody posting from an IP address on your banned member IP list. Great for users evading bans and sneaky robots alike. Great for lulz, too.
 
Mahzkrieg said:
Shit like "What's the username of the forum's administrator?" or "How many moderators do we have? Look at domain.com/modlist.php" or "Go to this link and tell me what it says" works.
Click to expand...

This is quite new.. also let the answer page load a lot more slower than normal. Some of the sites I've encountered uses questions like this but asking them to go to another page to get the answer is a perfect idea!

Some softwares that I am using to do forum linking/post has the ability to pull up the question and my VA will be answering it manually. But that's inside the software. It will take much more time for my VA to pull up mozilla and get the answer by accessing the information.. also use a picture for the site

like 'Look at domain.com/modlist.php"<- and that shit is in a picture.. so that botters will not bother anymore cause they have to manually type in every single letter on the picture to register in your forums..

After this 1st wave of filtering go on manual approval.. then bam 90% of bots gone!
 
That's why I think the processes for filtering out automated software and filtering out human spammers should be conceptualized differently.

The first inch of effort towards keeping out automated bots ends up filtering out 98% of bots. And you can go from 98% to 99% by doing things like loading the question via javascript. And from 99% to 99.9% by making the question load in after X seconds since bots just don't sit around on a page with their javascript-enabled headless browser ready for the answer unless it's been programmed for your particular website. Hence the 0.01%.

In my experience, you end up hitting the critical mass necessary to attract substantial human spammer volume long before that remaining 1% (or 0.01%) of the bots is an issue.

In which case the game is completely different and you should employ a completely different set of concepts that are more organic. Like shadowbanning. And making newbies create a "Hey Everyone, I'm New Here!" thread in the Newbie Introductions forum (and then make 2 posts in it) before they even get posting privs to the rest of the forum. And disabling most bbcode until someone hits X posts.

Bottom line: It doesn't take much effort to make your website uneconomical to spam when there are millions of websites that fit Xrumer's stock heuristics or when the $10 going to some VA to spam your forum ten times could've instead been used to spam 100 forums ten times.

The other bottom line is to stop giving your genuine users a shitty experience because you're trying to filter out 1% of automated bots. And stop using ReCaptcha unless you're doing it as a charity for the OCR community.
 
The thing is human spam is difficult to handle but bot spams can be handled if you put any difficult question for registration.
 
You must log in or register to reply here.
Top Bottom
Back