Spambot Password Attack

Notices and what's new on SHP and the forums

Spambot Password Attack

Postby Collector » Sat Jan 15, 2011 6:47 pm

It seems that there has been an improvement in the spambots' ability to get past the CAPTCHA. I found about a dozen or so newly registered accounts by spambots today. Not all had been activated and because of the minimum post count requirement to be able to post without approval, none of the posts got through. I hate to ban too many IPs since it might block legitimate users as well as I don't like toughening the CAPTCHA settings too much as it makes it hard for real people to get past. I had been using the 3D CAPTCHA, which seemed to be easier for humans to read that the noise type, but had been effective against spambots. I have set it back to the noise type for now.

If anyone knows someone that is having trouble registering because of this, please PM me. There looks like there are some changes to CAPTCHA in the latest phpBB, so I may be upgrading the board, soon.
01000010 01111001 01110100 01100101 00100000 01101101 01100101 00100001

Image
User avatar
Collector
Grand Poobah
 
Posts: 10372
Joined: Wed Oct 08, 2008 12:57 am
Location: Sierraland

Re: Spambot attack

Postby Tawmis » Mon Jan 17, 2011 10:52 pm

I wish the additional question thing that worked with phpbb2 worked with phpbb3 (it may, I have never tested it) - but it's the one where you create your own question. And anything Sierra related would stop any spam bots... like you could ask, "Who was the woman who created King's Quest?" or any variation there of that any Sierra fan is bound to know.
User avatar
Tawmis
Grand Poobah's Servant
 
Posts: 8789
Joined: Wed Oct 08, 2008 1:19 am
Gender: Not Specified

Re: Spambot attack

Postby Omni » Tue Jan 18, 2011 1:19 am

I would have failed that Question.

Also looks like reCAPTHCA was broken wide open recently and it is not just this board suffering a lot of spam attacks.
Omni
Noob
 
Posts: 6
Joined: Tue Sep 14, 2010 1:35 am

Re: Spambot attack

Postby DeadPoolX » Tue Jan 18, 2011 2:18 am

Omni wrote:I would have failed that Question.

Maybe, but you can look the info up online. A spambot can't do that. :)
"Er, Tawni, not Tawmni, unless you are doing drag."
-- Collector (commenting on a slight spelling error made by Tawmis)
User avatar
DeadPoolX
DPX the Conqueror!
 
Posts: 3921
Joined: Mon Oct 27, 2008 3:00 pm
Location: Canada
Gender: XY

Re: Spambot attack

Postby Tawmis » Tue Jan 18, 2011 12:52 pm

Omni wrote:I would have failed that Question.
Also looks like reCAPTHCA was broken wide open recently and it is not just this board suffering a lot of spam attacks.


Really?
I figured that'd be one everyone knew...

But like I said, the question could be anything - even what's the last name of the couple who founded Sierra? Or something... Or which of these Leisure Suit Larry games was never made: LSL1, LSL2, LSL3, LSL4, LSL5, LSL6 or LSL7?

DeadPoolX wrote:
Omni wrote:I would have failed that Question.

Maybe, but you can look the info up online. A spambot can't do that. :)


Exactly.
User avatar
Tawmis
Grand Poobah's Servant
 
Posts: 8789
Joined: Wed Oct 08, 2008 1:19 am
Gender: Not Specified

Re: Spambot attack

Postby Collector » Wed Mar 23, 2011 3:11 pm

It seems that the bot attacks on passwords has started here. If you find that you are having trouble logging in and the password recovery is not working, send an email to me or Tawm. Also, Let me know when you were having the problems so I can narrow down the IP log to nail where this is coming from. I fully expect it to be a Russian IP.
01000010 01111001 01110100 01100101 00100000 01101101 01100101 00100001

Image
User avatar
Collector
Grand Poobah
 
Posts: 10372
Joined: Wed Oct 08, 2008 12:57 am
Location: Sierraland

Re: Spambot Password Attack

Postby Rath Darkblade » Thu Mar 24, 2011 5:42 am

I couldn't log in as of last night (23 March). I couldn't recover my password, so I asked for a new password, and I will now change my password to something long and hard to guess. ;)
Rath Darkblade
The Cute One
 
Posts: 3061
Joined: Fri Oct 24, 2008 5:15 am
Location: Lost in Translation
Gender: Not specified

Re: Spambot Password Attack

Postby AndreaDraco » Tue Mar 29, 2011 7:01 am

It happened to me today.

I requested a new password and I was good to go.
Talk to coffee? Even Gabriel isn't that addicted!
User avatar
AndreaDraco
Village Elder
 
Posts: 3461
Joined: Wed Oct 08, 2008 3:07 am
Location: Italy
Gender: Male

Re: Spambot Password Attack

Postby Rudy » Tue Mar 29, 2011 9:21 am

Rath Darkblade wrote:I couldn't log in as of last night (23 March). I couldn't recover my password, so I asked for a new password, and I will now change my password to something long and hard to guess. ;)


It isn't t4wm1$1$r34LLY4w3s0m3 by any chance, is it? :lol:
Sierra Chest creator, Sierra collector/curator.
User avatar
Rudy
Village Elder
 
Posts: 1665
Joined: Tue Oct 21, 2008 6:54 am
Location: Slovenia
Gender: M

Re: Spambot Password Attack

Postby Tawmis » Tue Mar 29, 2011 9:26 am

Rudy wrote:
Rath Darkblade wrote:I couldn't log in as of last night (23 March). I couldn't recover my password, so I asked for a new password, and I will now change my password to something long and hard to guess. ;)


It isn't t4wm1$1$r34LLY4w3s0m3 by any chance, is it? :lol:

:lol:

I save that for special people. :D
User avatar
Tawmis
Grand Poobah's Servant
 
Posts: 8789
Joined: Wed Oct 08, 2008 1:19 am
Gender: Not Specified

Re: Spambot Password Attack

Postby Collector » Tue Mar 29, 2011 1:53 pm

He is "4w3s0m3", isn't he. :lol:
01000010 01111001 01110100 01100101 00100000 01101101 01100101 00100001

Image
User avatar
Collector
Grand Poobah
 
Posts: 10372
Joined: Wed Oct 08, 2008 12:57 am
Location: Sierraland

Re: Spambot Password Attack

Postby Rath Darkblade » Wed Mar 30, 2011 6:21 am

Rudy wrote:
Rath Darkblade wrote:I couldn't log in as of last night (23 March). I couldn't recover my password, so I asked for a new password, and I will now change my password to something long and hard to guess. ;)


It isn't t4wm1$1$r34LLY4w3s0m3 by any chance, is it? :lol:


Err... nope. Sorry, Tawm, I haven't been as creative as that. ;)

Besides, I don't think I should give any hints on my password here. Spambots have ears, y'know. ;)
Rath Darkblade
The Cute One
 
Posts: 3061
Joined: Fri Oct 24, 2008 5:15 am
Location: Lost in Translation
Gender: Not specified

Re: Spambot Password Attack

Postby audiodane » Mon Apr 04, 2011 12:22 pm

I've seen boards that have as the prompt "what is 37 minus 5?" or something of the sort. Do bots do well with things like that? Is is it a matter of something that needs to change frequently because bots share their results with other bots?

..dane
User avatar
audiodane
A Member Of Cap'n Tawmis' Scurvy Crew
 
Posts: 524
Joined: Sun Aug 29, 2010 12:14 am
Location: ..strange but true..
Gender: Confident

Re: Spambot Password Attack

Postby Tawmis » Sun Apr 10, 2011 11:46 am

cpages2 is locked out because of the password attack - so it's prosilver again so he can do the capcha... Once he's in, he will reply here so myself or Collector can change it back.
User avatar
Tawmis
Grand Poobah's Servant
 
Posts: 8789
Joined: Wed Oct 08, 2008 1:19 am
Gender: Not Specified

Re: Spambot Password Attack

Postby cpages2 » Sun Apr 10, 2011 3:18 pm

im back!

Missed you all :)
Love Vintage Games??? Check out our site for news and "unboxing" videos of the classics:
www.YouCantBeSRSLY.com
cpages2
Sierra Obsessed
 
Posts: 147
Joined: Tue Dec 21, 2010 12:56 pm
Location: Palm Harbor, FL
Location: Palm Harbor, FL
Gender: Male

Next

Return to Announcements

Who is online

Users browsing this forum: No registered users and 1 guest