Forums flooded with spam, reCaptcha hacked?

Brian Turner

January 9, 2011

The New Year has seen an unwelcome development, in the form of massive spamming against online forums.

While forum owners are used to having to deal with spam, the past week has seen a veritable flood far in excess of normal volumes.

The result has been that vbulletin, one of the biggest forum software providers, has been forced to make a public announcement drawing owner attention to anti-spam combat measures.

The issue appears especially marked for forum owners using the Google-owned reCaptcha system for human verification at registration.

According to a recent report at AllSpammedUp, security engineer Jonathan Wilkins asserted at the end of last year that reCaptcha’s security has been broken.

A recent update to Xrumer spam software, used to target forums, blogs, and email forms, has coincided with the recent surge, reinforcing suggestions that Google’s reCaptcha system has been hacked.

While Google appear to deny that reCaptcha has been hacked, Gmail accounts are routinely created through automated means by Xrumer software and used to validate registration of spam users to forums.

A similar issue came up at the end of 2009 – we had been using the recaptcha system here, but a sudden spam surge caused us to drop the system.

A key reason for the forum spam is for commercial interests to gains links from lots of websites, in order to try and manipulate the Google Search engine’s results ranking system.

Because the links tend to carry very little individual weight, spammers therefore aim to attack forums in volume.

Luckily, vbulletin users at least have the option to set their own custom questions and answer at registration, to help combat automated registrations by Xrumer and related software.

vbulletin forum admins are strongly advised to consider dropping any recaptcha protections they may have built in, and instead use the default custom question setting.

Forum admins are also recommended to set “registered” member group profile pages to “private”, so that Google and other search engines will be unable to view spam profiles.

This simple step would deprive forum spammers of the very thing they seek, as well as preventing Google associating their forums with any dodgy links posted by the spammers to their member profiles.

Forum admins could also benefit by ensuring that “xrumer” is a banned word for member registrations, thus helping prevent Xrumer test runs from being published to forums, which always lead to new waves of spam.

In the meantime, forum admins are warned to be vigilant, and that any sign of spam should be removed as soon as possible to minimise the risk of copycat spammers.






 

Post a comment

Your email address will not be published. Required fields are marked *

Visited 59108 times, 9 so far today