Forum attacked and invaded by bots.

[Daniil]

Maybe you should learn to read. But I'm afraid Maher might not look for any candidate at all, should it get worse on the forum.

Oh, sorry!
I was tired yesterday after one task. Can't understand, how I understood last 3 messages in topic as scarface's request to become an admin.

[scarface]

That's right, a few days ago I asked to become admin to join the war against the machines.
It seems that Maher is right, it's more and more difficult to stop them: https://community.elgg.org/discussion/view/1544516/how-are-bots-bypassing-google-recaptcha

[humbert]

@Scarface - thanks for believing I'd be a good administrator 

I wish that software bots use to bypass reCAPTCHA could be written as a Firefox addon. Many times these CAPTCHAs are vey hard to read. I'm also wondering if that software can read any CAPTCHA or just the easy ones.

[humbert]

This appears to be exactly what this vermin is doing - using humans to enter CAPTCHA and letting bots take over. This morning when I logged in I deleted 8 bot topics - this in under 24 hours.

I'd like to delete and ban the newly-created accounts too, but that has to be Maher.

[Vasudev]

Fuj->maybe Maher should try anti-spam programs like this one : http://akismet.com/

[Daniil]

Maybe a good idea is to add a pre-moderation for newbies on forum? I.e., posts from new members (who create less than 5-10 posts) will not be shown, before moderator read them? (Don't know, has the SimpleMachines this feature, on PhpBB 3.x it works fine).

[Daniil]

as Daniil said, many phbb forums using this method.
until a moderator or Admin don't allow, our posts are not shown on the forum. but their is less chance of this option in SMF.

You're not fully correct, Usman. I mean to use this pre-moderation only for newcomers. If use it for all of us, it'd be overwork for moderators and admin.

[humbert]

I agree with the idea of pre-moderation and I'll gladly do the job. What I'm not too sure about is whether or not Maher will agree. When I made him aware of this bot invasion, I proposed he raise my priveleges to being able to delete users. He didn't exactly say no, what he said was he's log on and take care of this matter himself. I'm assuming he has his reasons.

These botnets that manage their way around captcha, when they find a difficult one (i.e., difficult even for a human brain), do they just use brute force or what?

[Daniil]

My guess is they use software that is able to solve our captcha. The interval between http request and response is probably too long to make brute forcing a practical option. But no one can answer your question better than Maher, he has access to logs.

Кomrade Fuj, I don't think that script can read chars from our captcha. (At my work I have sex deals with signal and wave forms recognition by software, so I can say that this kind of programs is big and very complex software, creating by a number of programmers for many years). Even if we using a computer vision system like OpenCV, we would spend a lot of time to create soft for good recognition of captcha. And even if we do so, it can't answer the next control question correct.

So I think here we have much more simple mechanism of attack. At the internet segments all of ex-USSR countries we can see a lot of adverts like "Become яeach in 5 days, make a !!!TЯUE!!! Inteяnet buisines!" This adverts are created by spamers - hairy fat rapscallion, who don't want to develop soft but want to make some money. Teenagers is capturing by this ads with easy. Their job is simple:
1) Create an account to fill spamer's database.
2) Register on any forum (and bypass the captcha)
3) Sent account data to spamer.
4) PROFIT!!! 5 cents.

[Vasudev]

why not fight bots(enemy) with bots(Our friendly bots).