vBulletin Porn Spammers threaten .BIZ users

[Nexus]

Here's a thread about it on vBulletin.com.
http://www.vbulletin.com/forum/showthread.php?t=130527

Basically, the spammers are using BOTS to sign-up to vBulletin messageboards automatically. Even with image-verification turned on, they are somehow getting through. Eventually they post porn spam to your forum. I've been seeing this at one of the forums I run, and its very irritating. I've seen conversations beginning to pop up around the net, related to this rising new issue. Right now, I have the impression these spammers are "seeding" as many boards as they can before pulling the "trigger" and going on a posting frenzy.

I've blocked the following IP addresses:
200.73.174.183
12.216.140.10
12.202.237.194
66.218.19.68
12.207.135.72

I've also blocked the following e-mail domain names:
hottamlideals.biz
lacedwhitepanties.biz
lightblondevagina.biz
bakedpotato2005.biz
bagelsandcreamcheese.biz

I was a bit stung to read one of the vBulletin developers note the following as a solution:

I would add this to the Email Ban list:
.biz

~ Steve Machol
vBulletin Team
Support Manager

A lot of scarey "baby out with the bath water" solutions going around. The level of paranoid intolerance will probably worsen as spam continues to rise to new levels. The Net @ large has gotta get a grip, or things will start splitting at the seams.

~ Nexus

 

[armstrong]

banning .biz would be a stupid mistake. How long will it take them to move to .info, .us, etc? They choose .biz now, I guess, because of the cheap reg. If the price difference goes away, they'll just move back to .com.

 

[Nexus]

banning .biz would be a stupid mistake. How long will it take them to move to .info, .us, etc? They choose .biz now, I guess, because of the cheap reg. If the price difference goes away, they'll just move back to .com.

Exactly. Considering all the free .INFO deals, I'm VERY surprised they didn't hit that extension first. Considering the names seems suspiciously ALL dotBiz, for no particular reason... I don't know. IS there a reason? Traits: ALL @ eNom. All the same Nameservers ( NS1.BAGELSANDCREAMCHEESE.BIZ ).

Don't know what this means:
Registrant Name: byard johnson
Registrant Organization: oster eating monoploly inc
Registrant Address1: Trypioti,5 Pano Deftra,
Registrant Address2: P.C. 2460 Nicosia, Cyprus
Registrant City: Nicosia
Registrant State/Province: NI
Registrant Postal Code: 2460
Registrant Country: Cyprus

Searching for "Byard" on Google, I found yet another mention:
http://freespirits.chosenones.net/archive/index.php/t-369.html

Someone tried, twice, from two different Internet providers (InsightBB and Verizon), to make multiple registrations, using random nicknames and the following e-mail - [email protected]
The owner of the domain bakedpotato2005.biz is:

Seems he's using multiple ISP's as well. The idea that this forum master actually HALTED registrations sounds sad though. I began by BANNING the users, but then realized their names would "a. CONTINUE TO APPEAR IN THE 'newest member' BLURB" and "b. STAY IN THE SYSTEM SOMEHOW".

~ Nexus

 

[Redleg]

What kind of usernames did he/they register with?

In most cases I've experienced that spambots uses - ! # etc. in the beginning of their usernames, just to get at the top of (alphabetically sorted) memberlists.

I've disallowed all usernames beginning with those characters in my forum (phpbb), and 99,9% of the spambot registrations disappeared..

 

[Nexus]

Unremarkeable names...

npowpgao94
tu1br8owgj
9ao252uhuv
ckxz6fqhc9
zf4btxopku
qhvl3xedqj
kebm54asi9
iq0qfs2zt4

Like someone mashing the keyboard nice and easy...

~ Nexus

 

[Peter]

in all honesty this isnt exactly a new problem.

this sort of thing has been going on for a long time.

 

[CreativeLogic]

First off, Steve Machol is not a developer but rather the Support Manager like it says under his name. That is a fix that he believes to be one to fix it. You should have your image verification if you're worried about this and block the IPs. If the problem still persists then you can modify the vbulletin image verification script. You will need to make a few modifications to it which should be fairly simple.

 

[Rob]

I have seen this problem on the official vB site - people are having bots signing up and spamming. One person suggested banning .biz email addresses from registering.

 

[Nexus]

in all honesty this isnt exactly a new problem.
this sort of thing has been going on for a long time.

"Sort of thing", sure. That's why the image verification feature was put in place. Blogs have been combatting junk posts for a while. Reading the title of this thread, I was just highlighting this recent spate, and comments that were made.

First off, Steve Machol is not a developer

I stand corrected. vBulletin's "support manager" suggests to block all .BIZ e-mail addresses from signing up. I don't think it get's any better when you say it that way though. Same implications. The image verification hasn't been helping from what I hear. That's been one of the complaints. Feel free to follow the link above so you know what's being discussed already.

~ Nexus