Spambot Password Attack

Notices and what's new on SHP and the forums
User avatar
Collector
Grand Poobah
Posts: 11002
Joined: Wed Oct 08, 2008 12:57 am
Location: Sierraland
Contact:

Spambot Password Attack

Post by Collector » Sat Jan 15, 2011 5:47 pm

It seems that there has been an improvement in the spambots' ability to get past the CAPTCHA. I found about a dozen or so newly registered accounts by spambots today. Not all had been activated and because of the minimum post count requirement to be able to post without approval, none of the posts got through. I hate to ban too many IPs since it might block legitimate users as well as I don't like toughening the CAPTCHA settings too much as it makes it hard for real people to get past. I had been using the 3D CAPTCHA, which seemed to be easier for humans to read that the noise type, but had been effective against spambots. I have set it back to the noise type for now.

If anyone knows someone that is having trouble registering because of this, please PM me. There looks like there are some changes to CAPTCHA in the latest phpBB, so I may be upgrading the board, soon.
01000010 01111001 01110100 01100101 00100000 01101101 01100101 00100001

Image

User avatar
Tawmis
Grand Poobah's Servant
Posts: 10434
Joined: Wed Oct 08, 2008 1:19 am
Gender: Not Specified
Contact:

Re: Spambot attack

Post by Tawmis » Mon Jan 17, 2011 9:52 pm

I wish the additional question thing that worked with phpbb2 worked with phpbb3 (it may, I have never tested it) - but it's the one where you create your own question. And anything Sierra related would stop any spam bots... like you could ask, "Who was the woman who created King's Quest?" or any variation there of that any Sierra fan is bound to know.

Omni
Noob
Posts: 6
Joined: Tue Sep 14, 2010 1:35 am

Re: Spambot attack

Post by Omni » Tue Jan 18, 2011 12:19 am

I would have failed that Question.

Also looks like reCAPTHCA was broken wide open recently and it is not just this board suffering a lot of spam attacks.

User avatar
DeadPoolX
DPX the Conqueror!
Posts: 3925
Joined: Mon Oct 27, 2008 3:00 pm
Gender: XY
Location: Canada
Contact:

Re: Spambot attack

Post by DeadPoolX » Tue Jan 18, 2011 1:18 am

Omni wrote:I would have failed that Question.
Maybe, but you can look the info up online. A spambot can't do that. :)
"Er, Tawni, not Tawmni, unless you are doing drag."
-- Collector (commenting on a slight spelling error made by Tawmis)

User avatar
Tawmis
Grand Poobah's Servant
Posts: 10434
Joined: Wed Oct 08, 2008 1:19 am
Gender: Not Specified
Contact:

Re: Spambot attack

Post by Tawmis » Tue Jan 18, 2011 11:52 am

Omni wrote:I would have failed that Question.
Also looks like reCAPTHCA was broken wide open recently and it is not just this board suffering a lot of spam attacks.
Really?
I figured that'd be one everyone knew...

But like I said, the question could be anything - even what's the last name of the couple who founded Sierra? Or something... Or which of these Leisure Suit Larry games was never made: LSL1, LSL2, LSL3, LSL4, LSL5, LSL6 or LSL7?
DeadPoolX wrote:
Omni wrote:I would have failed that Question.
Maybe, but you can look the info up online. A spambot can't do that. :)
Exactly.

User avatar
Collector
Grand Poobah
Posts: 11002
Joined: Wed Oct 08, 2008 12:57 am
Location: Sierraland
Contact:

Re: Spambot attack

Post by Collector » Wed Mar 23, 2011 3:11 pm

It seems that the bot attacks on passwords has started here. If you find that you are having trouble logging in and the password recovery is not working, send an email to me or Tawm. Also, Let me know when you were having the problems so I can narrow down the IP log to nail where this is coming from. I fully expect it to be a Russian IP.
01000010 01111001 01110100 01100101 00100000 01101101 01100101 00100001

Image

Rath Darkblade
The Cute One
Posts: 4079
Joined: Fri Oct 24, 2008 5:15 am
Location: Lost in Translation
Gender: Not specified
Contact:

Re: Spambot Password Attack

Post by Rath Darkblade » Thu Mar 24, 2011 5:42 am

I couldn't log in as of last night (23 March). I couldn't recover my password, so I asked for a new password, and I will now change my password to something long and hard to guess. ;)

User avatar
AndreaDraco
Village Elder
Posts: 3464
Joined: Wed Oct 08, 2008 3:07 am
Gender: Male
Location: Italy
Contact:

Re: Spambot Password Attack

Post by AndreaDraco » Tue Mar 29, 2011 7:01 am

It happened to me today.

I requested a new password and I was good to go.
Talk to coffee? Even Gabriel isn't that addicted!

User avatar
Rudy
Village Elder
Posts: 1687
Joined: Tue Oct 21, 2008 6:54 am
Gender: M
Location: Slovenia
Contact:

Re: Spambot Password Attack

Post by Rudy » Tue Mar 29, 2011 9:21 am

Rath Darkblade wrote:I couldn't log in as of last night (23 March). I couldn't recover my password, so I asked for a new password, and I will now change my password to something long and hard to guess. ;)
It isn't t4wm1$1$r34LLY4w3s0m3 by any chance, is it? :lol:
Sierra Chest creator, Sierra collector/curator.

User avatar
Tawmis
Grand Poobah's Servant
Posts: 10434
Joined: Wed Oct 08, 2008 1:19 am
Gender: Not Specified
Contact:

Re: Spambot Password Attack

Post by Tawmis » Tue Mar 29, 2011 9:26 am

Rudy wrote:
Rath Darkblade wrote:I couldn't log in as of last night (23 March). I couldn't recover my password, so I asked for a new password, and I will now change my password to something long and hard to guess. ;)
It isn't t4wm1$1$r34LLY4w3s0m3 by any chance, is it? :lol:
:lol:

I save that for special people. :D

User avatar
Collector
Grand Poobah
Posts: 11002
Joined: Wed Oct 08, 2008 12:57 am
Location: Sierraland
Contact:

Re: Spambot Password Attack

Post by Collector » Tue Mar 29, 2011 1:53 pm

He is "4w3s0m3", isn't he. :lol:
01000010 01111001 01110100 01100101 00100000 01101101 01100101 00100001

Image

Rath Darkblade
The Cute One
Posts: 4079
Joined: Fri Oct 24, 2008 5:15 am
Location: Lost in Translation
Gender: Not specified
Contact:

Re: Spambot Password Attack

Post by Rath Darkblade » Wed Mar 30, 2011 6:21 am

Rudy wrote:
Rath Darkblade wrote:I couldn't log in as of last night (23 March). I couldn't recover my password, so I asked for a new password, and I will now change my password to something long and hard to guess. ;)
It isn't t4wm1$1$r34LLY4w3s0m3 by any chance, is it? :lol:
Err... nope. Sorry, Tawm, I haven't been as creative as that. ;)

Besides, I don't think I should give any hints on my password here. Spambots have ears, y'know. ;)

User avatar
audiodane
A Member Of Cap'n Tawmis' Scurvy Crew
Posts: 524
Joined: Sun Aug 29, 2010 12:14 am
Location: ..strange but true..
Gender: Confident

Re: Spambot Password Attack

Post by audiodane » Mon Apr 04, 2011 12:22 pm

I've seen boards that have as the prompt "what is 37 minus 5?" or something of the sort. Do bots do well with things like that? Is is it a matter of something that needs to change frequently because bots share their results with other bots?

..dane

User avatar
Tawmis
Grand Poobah's Servant
Posts: 10434
Joined: Wed Oct 08, 2008 1:19 am
Gender: Not Specified
Contact:

Re: Spambot Password Attack

Post by Tawmis » Sun Apr 10, 2011 11:46 am

cpages2 is locked out because of the password attack - so it's prosilver again so he can do the capcha... Once he's in, he will reply here so myself or Collector can change it back.

cpages2
Sierra Obsessed
Posts: 147
Joined: Tue Dec 21, 2010 11:56 am
Location: Palm Harbor, FL
Gender: Male
Location: Palm Harbor, FL
Contact:

Re: Spambot Password Attack

Post by cpages2 » Sun Apr 10, 2011 3:18 pm

im back!

Missed you all :)
Love Vintage Games??? Check out our site for news and "unboxing" videos of the classics:
www.YouCantBeSRSLY.com

Post Reply