vBulletin Spambot / Spam / Captcha - Analyse & Infos Liste der Anhänge anzeigen (Anzahl: 2) Moin,
ist man mal eine Woche weniger aktiv passiert's :( - das vbulletin wird mit Spambots geflutet.
Trotz nicht zaghafter Einstellungen beim vB Captcha (Zufällige Schriftart, Zufällige Schriftgröße, Zufällige Neigung) gibt es anscheinend clevere Programmierer die es ohne Probleme schaffen die Standard vBulletin Captcha zu entschlüsseln und wie bei der Boardunity bis zu 60 Profile am Tag anzulegen.
nicht nur die Registrierung meistern die Bots
* sie legen Profile an
* besuchen einen mit verschiedenen IP's und Browser Agents
* versenden PM's und Beiträge
* und machen aus meiner Sicht leider alles was auch normale User machen...
anbei mal ein Profil, Boardunity Statistik Registrierungen (seit der Spambot Plage) und ein Logauszug Beispiel eines Bots: Code:
200.63.42.75 - - [05/Oct/2008:05:50:19 +0200] "GET /register.php HTTP/1.0" 200 19608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; FDM)"
200.63.42.75 - - [05/Oct/2008:05:50:20 +0200] "POST /register.php?do=register HTTP/1.0" 200 21436 "http://boardunity.de/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; FDM)"
200.63.42.75 - - [05/Oct/2008:05:50:20 +0200] "GET /image.php?type=hv&hash=5b0f70716a590674e07b223e3a3e7a1b HTTP/1.0" 200 11991 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; FDM)"
200.63.42.75 - - [05/Oct/2008:05:50:22 +0200] "POST /register.php?do=addmember HTTP/1.0" 200 16252 "http://boardunity.de/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; FDM)"
200.63.42.75 - - [05/Oct/2008:07:21:09 +0200] "GET /register.php?a=act&u=3868&i=16600367 HTTP/1.0" 200 23185 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))"
200.63.42.75 - - [05/Oct/2008:07:21:09 +0200] "POST /login.php?do=login HTTP/1.0" 200 14651 "http://boardunity.de/register.php?a=act&u=3868&i=16600367" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))"
200.63.42.75 - - [05/Oct/2008:07:21:09 +0200] "GET /register.php?a=act&u=3868&i=16600367 HTTP/1.0" 200 24457 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))"
200.63.42.75 - - [05/Oct/2008:07:21:10 +0200] "GET /usercp.php HTTP/1.0" 200 28646 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))"
200.63.42.75 - - [05/Oct/2008:07:21:10 +0200] "GET /profile.php?do=editsignature HTTP/1.0" 200 31471 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))"
200.63.42.75 - - [05/Oct/2008:07:21:11 +0200] "POST /profile.php?do=updatesignature HTTP/1.0" 302 - "http://boardunity.de/profile.php?do=editsignature" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))"
200.63.42.75 - - [05/Oct/2008:07:21:11 +0200] "GET /index.php HTTP/1.0" 301 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))"
200.63.42.75 - - [05/Oct/2008:07:21:11 +0200] "GET /?= HTTP/1.0" 200 45494 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))"
200.63.42.75 - - [05/Oct/2008:07:21:11 +0200] "GET /profile.php?do=editprofile HTTP/1.0" 200 41201 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))"
200.63.42.75 - - [05/Oct/2008:07:21:12 +0200] "POST /profile.php?do=updateprofile HTTP/1.0" 302 - "http://boardunity.de/profile.php?do=editprofile" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))"
200.63.42.75 - - [05/Oct/2008:07:21:12 +0200] "GET /profile.php?do=editpassword HTTP/1.0" 200 28021 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))"
200.63.42.75 - - [05/Oct/2008:07:21:12 +0200] "GET /register.php?a=act&u=3868&i=16600367 HTTP/1.0" 200 24457 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))"
200.63.42.75 - - [05/Oct/2008:07:21:13 +0200] "GET /wbb2-gehacked-suche-sicherem-forum-t5695-neuester-beitrag.html HTTP/1.0" 301 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))"
200.63.42.75 - - [05/Oct/2008:07:21:13 +0200] "GET /wbb2-gehacked-suche-sicherem-forum-t5695.html HTTP/1.0" 200 170265 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))"
200.63.42.75 - - [05/Oct/2008:07:21:14 +0200] "GET /profile.php?do=addlist&userlist=buddy&u=3207 HTTP/1.0" 200 26444 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))"
200.63.42.75 - - [05/Oct/2008:07:21:15 +0200] "GET /profile.php?do=addlist&userlist=buddy&u=2000 HTTP/1.0" 200 26438 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))"
200.63.42.75 - - [05/Oct/2008:07:21:15 +0200] "GET /profile.php?do=addlist&userlist=buddy&u=3207 HTTP/1.0" 200 26444 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))"
200.63.42.75 - - [05/Oct/2008:07:21:16 +0200] "GET /profile.php?do=addlist&userlist=buddy&u=2000 HTTP/1.0" 200 26438 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))"
200.63.42.75 - - [05/Oct/2008:12:33:35 +0200] "GET /newthread.php?do=newthread&f=21 HTTP/1.0" 200 25756 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:37 +0200] "GET /register.php HTTP/1.0" 200 19446 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:37 +0200] "POST /register.php?do=register HTTP/1.0" 200 21342 "http://boardunity.de/register.php" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:38 +0200] "GET /image.php?type=hv&hash=bd56d79c93dda6fb6c1945e688580c13 HTTP/1.0" 200 10422 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:38 +0200] "POST /register.php?do=addmember HTTP/1.0" 200 22148 "http://boardunity.de/register.php" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:39 +0200] "GET /image.php?type=hv&hash=c7f14f8598ea3137160374d5567a4101 HTTP/1.0" 200 12082 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:39 +0200] "POST /register.php?do=addmember HTTP/1.0" 200 22148 "http://boardunity.de/register.php" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:40 +0200] "GET /image.php?type=hv&hash=e41745871013143d9b418b78895444b2 HTTP/1.0" 200 12520 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:40 +0200] "POST /register.php?do=addmember HTTP/1.0" 200 22013 "http://boardunity.de/register.php" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:41 +0200] "GET /image.php?type=hv&hash=98066aede5609d3ab2cd01e6b0d8713d HTTP/1.0" 200 9437 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:41 +0200] "GET /newthread.php?do=newthread&f=21 HTTP/1.0" 200 25625 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:41 +0200] "POST /login.php?do=login HTTP/1.0" 200 14623 "http://boardunity.de/newthread.php?do=newthread&f=21" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:42 +0200] "GET /newthread.php?do=newthread&f=21 HTTP/1.0" 200 45307 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:42 +0200] "GET /usercp.php HTTP/1.0" 200 28551 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:43 +0200] "GET /profile.php?do=editsignature HTTP/1.0" 200 31823 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:44 +0200] "POST /profile.php?do=updatesignature HTTP/1.0" 302 - "http://boardunity.de/profile.php?do=editsignature" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:44 +0200] "GET /index.php HTTP/1.0" 301 - "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:44 +0200] "GET /?= HTTP/1.0" 200 45940 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:45 +0200] "GET /profile.php?do=editprofile HTTP/1.0" 200 41270 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:48 +0200] "POST /profile.php?do=updateprofile HTTP/1.0" 302 - "http://boardunity.de/profile.php?do=editprofile" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:48 +0200] "GET /profile.php?do=editpassword HTTP/1.0" 200 27926 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:49 +0200] "GET /newthread.php?do=newthread&f=21 HTTP/1.0" 200 45307 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:50 +0200] "POST /newthread.php?do=postthread&f=21 HTTP/1.0" 302 - "http://boardunity.de/newthread.php?do=newthread&f=21" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:55 +0200] "GET /showthread.php?p=46333 HTTP/1.0" 301 - "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:56 +0200] "GET /453-interesting-things-t6256-p46333.html HTTP/1.0" 301 - "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:12:33:56 +0200] "GET /453-interesting-things-t6256.html?= HTTP/1.0" 200 55763 "-" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
200.63.42.75 - - [05/Oct/2008:21:14:31 +0200] "GET /register.php HTTP/1.0" 200 19513 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.0"
200.63.42.75 - - [05/Oct/2008:21:14:31 +0200] "POST /register.php?do=register HTTP/1.0" 200 21342 "http://boardunity.de/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.0"
200.63.42.75 - - [05/Oct/2008:21:14:32 +0200] "GET /image.php?type=hv&hash=05aa26e2da624e4e608da54ab571d128 HTTP/1.0" 200 9198 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.0"
200.63.42.75 - - [05/Oct/2008:21:14:35 +0200] "POST /register.php?do=addmember HTTP/1.0" 200 21769 "http://boardunity.de/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.0" Abhilfe schafft anscheinend die Frage & Antwort Einstellungen beim vBulletin, da die Bots kein deutsch kennen.
Ich werde die nächste Woche mal andere Schriftarten als die Standard Schriftarten des vbulletin Forums in der Boardunity einpflegen, da ich vermute das die Bots ziemlich genau auf diese Schriftarten geeicht sein sollten... (Bericht folgt)
freue mich über Eure Erkenntnisse, Beschwerden und Ideen :) |