Greetings all CZCC members. Many of you who visit the site during work hours here in North America will have seen some evidence of a spammer invasion today. So far today, there have been over 40 new 'members' joined today, solely to post all manner of spam on the site. Earlier in the day, they came mostly from (what appear to be) Russian networks. However as the day has progressed, I'm now seeing them from more local networks as well. I strongly suspect some sort of trojan-horse-bot going around and infecting un-protected computers. Can't confirm that, though.

I've been trying to sneak time throughout my day job to pop in and clean things up here. So hopefully not too much of this stuff has been visible for very long. I've learned the patterns to look for, and I have dealt with several of them even before their first post.

But at some point later tonight, I'm going to need to catch some sleep. And I suspect that overnight (North American time) these critters will join up and post en masse. Both Mike and Will (the other major moderators) are on the road, with limited online access. So there could be a pile of in-appropriate material on the site by morning.

If so, please be patient. Don't bother replying to any of them, just ignore them. If you want, you can report them via the 'Report post' button in the post, but I truly don't think that's necessary. I should be able to find and clean it all up in a few minutes once I get online in the morning.

Again, thanks for your patience as we try to keep this the best Z-car forum on the web.

I got a PM from one of them Just so you know, dunno if it makes any difference in the clean up process or not, or if it helps you decide what it is they are doing.

it seems to be an epidemic today, my local forum got hit as well, and I have heard a lot of others did also.

It seems they got around the visual verification so I added a specific question they have to answer and that seems to have stopped them, in addition to email verification after registering

it seems to be an epidemic today, my local forum got hit as well, and I have heard a lot of others did also.

It seems they got around the visual verification so I added a specific question they have to answer and that seems to have stopped them, in addition to email verification after registering

I figured it wasn't just us, had to be spamming everyone. I talked to Mike on the phone this afternoon and he is going to look into beefing up the registration process. Don't know how soon he can get to it, though.

I got a PM from one of them Just so you know, dunno if it makes any difference in the clean up process or not, or if it helps you decide what it is they are doing.

Makes no difference really, I'm permanently banning them all.

Since I've been registered for years I haven't looked at the registration page but the Captcha looks quite strong to me. Is it really possible that a bot is able to register as if it were a human? Clearly this is targeted at vBulletin sites. I wonder if there's a backdoor security hole that's allowing registration without going through the normal steps.

That is along the lines of what am thinking too Mike, I have a note in to the publisher...

Will

Just got back from vBulletin's support forum. vB isn't admitting anything yet, but there's been evidence posted there (server logs) that seem to indicate that someone has developed a way to bypass the image verification completely during registration. A hack using a custom crafted HTTP post string. Definitely looks like a back-door breach to me.

well I have not have had anyone register since I added the random question and reinstated the email confirmation, but to sleep peacefully I am tuning off new registrations overnight on my local forum.

I also went through all new registrations and moved any that were obvious spammers to the banned user group

Just got back from vBulletin's support forum. vB isn't admitting anything yet, but there's been evidence posted there (server logs) that seem to indicate that someone has developed a way to bypass the image verification completely during registration. A hack using a custom crafted HTTP post string. Definitely looks like a back-door breach to me.

Better follow-up than mine...thanks Arne!

Edited October 2, 200816 yr by hls30.com

Can you disable the registration page at least for the time being, until there is a fix. I'm sure people wouldn't mind waiting a day or to to register if the reason behind it was explained on the sign up page.

I agree - should shut down registration temporarily. Looks like a porn seach page this morning - not that I ever searched for porn .... mmm

Seriously - we should shut it down til we find a solution.

I had a quiet night on my forum by turning off registration, but I really think the "Question & Answer Verification Options" has stopped them, I will see how today goes