[nycphp-talk] Bypassing Registration forms on vBulletin forums ... I guess other forums are having similar problem too?
mikesz at qualityadvantages.com
mikesz at qualityadvantages.com
Tue Oct 14 03:41:22 EDT 2008
Hello NYPHP,
I am seeing that Registration forms are taking a huge beating from
scammers and spammers today, especially forum sites. I spend most
of my time lately collecting and filtering data to find the freaks
before they find the membership. Use to be and "every now and again"
but now its thousands per day and you can't tell now whether its a
robot or cheap labor doing the form input. Aside from my own sites
that are getting pounded daily I have several client site that average
500 badguy hits a day now and those are just the ones I have a
"known badguy" status, they are hijacking and adding new addresses
everyday, spammers mostly, all forum sites. Just unbelievable, and of
course, mustn't forget my recent episode with the porno pirate hijacking
my server is still giving me no joy either.
Anybody else having these kinds of problems?
I think someone suggested (here I think) that the scammer/spammers
were using CURL to access the database directly, is that possible? If
so how, and how can that be prevented.
In the trap that I have set up, I log the contents of $_REQUEST but I
don't see anything unusual about the submission and all of a sudden
the bad guy ends up in the system as a "Registered" user bypassing all
the captcha security and "moderation" step in the approval process,
like they are accessing the database directly but I don't see any of
this database being passed in $_REQUEST? Any ideas? Or where else I
need to be looking to trap the data that is being passed?
TIA for any pointers.
--
Best regards,
mikesz mailto:mikesz at qualityadvantages.com
More information about the talk
mailing list