1000's of Fake Users Being Created with Auto Script Bypassing Captcha CAPTCHA

himagarwal - September 4, 2009 - 15:05

One of my drupal 5.7 website where I'm using Math Captcha (Captcha module 5.x-3.1) in User Registration page has lots of fake users. Lots of users have same IP address and some others are also fake which seems very real according to their name and email address.

Please let me know how should I delete the already fake users and stop further creation of fake users?

» Login or register to post comments

Some questions

kaakuu - September 4, 2009 - 16:40

How do they bypass captcha ? Do the same happen if it set to text or image captcha ?
Are you the only admin ? Maybe you should submit an urgent issue under Captcha ?

I don't know how do they

himagarwal - September 4, 2009 - 16:49

I don't know how do they bypass the captcha. I have just converted Math Captcha to Image Captcha in a hope that it will not allow auto script to run. Yes, I'm the only admin and even there is no moderator.

I'm really in pain with this problem......can someone please help!

=-=

VM - September 4, 2009 - 16:53

core and all modules should be updated to the latest versions.

5.7 is 12 releases behind, that said, the issue could be a bug that's already been fixed. I'd have to figure that because your core is so outdated your modules are likely outdated as well.

If after updating your installation and modules the problem is still persistent, report back. Hopefully with some more debug information.

For example? how do you know its an auto script and not a human?

Use troll to ban the ip.

naveenkumar - September 4, 2009 - 17:08

Use troll to ban the ip. http://drupal.org/project/troll

@VeryMisunderstood I used

himagarwal - September 4, 2009 - 17:22

@VeryMisunderstood

I used troll module and searched for IP address, where almost 300 users showed up for the same ip address. And when I checked some users email, they all had @mail.ru in it.

@naveenkumar

Thanks Naveen, for your help. I'm already using this module but the only drawback of this module is that it doesn't have checkbox option so can't do mass action and does not have delete option. It only allows ban/block.

However, what I'm thinking is that. I will assign all the users who have posted in my website to a new temporary role and then all those users who are left behind will be deleted. I know, it will also delete most of other users who are real but didn't made any post in website....but this is the only thing that came to mind.

Is there a better way to do this? Any suggestion would be great!

I'm also updating this drupal 5.7 website to drupal 6.

mail.ru is very suspicious

kaakuu - September 4, 2009 - 17:54

It may not be a problem with Drupal per se.
You can run your site via unmaskparasites.com to see if there are any malware is planted in your server.
You may also need to inform your host to check that they have proper security patches against known vulnerabilities.

.

himagarwal - September 4, 2009 - 18:22

Thanks. I checked with unmaskparasites.com and it reports "not currently listed as suspicious"

Is it possible to delete all the users except who have made node and/or comment post?

same problem

Emily Rodrigues - September 4, 2009 - 21:10

I feel your pain. I'm having the same issue. I'm using 5.x with image captcha and I'm getting about 70+ fake accounts created per day. They "discovered" our site about 5 weeks ago and I've been battling them daily.

(My spammers are using any free account they can for the email address... no one kind, hotmail, gmail, yahoo, live, live in other countries, etc.)

We have a decent bit of custom code so platform updates are a big deal for us. It would be terrific, if you do update your drupal version, if you post here if that did the trick and stopped the spammers. I'd be very grateful to know.

Good luck to you,
Emily

:-(

himagarwal - September 5, 2009 - 04:18

In my website they are creating around 10-20 users per day which makes me feel that if they are real. And even the username, name, and other profile fields (like country, where spammer actually uses different real country names) used by them are so real that it is very difficult to know who are spammers and who are real people unless a thorough manually checking is done.

But what good news is for my website that I've been using "userpoints" for all user who make any posts/comments. So I'll delete all users without userpoint i.e. post/comments. I know this will delete real users along with fake users but this is the only thing that can be done.

I think this is a big issue and should be made infront of right eyes.

I have deleted around 80% of

himagarwal - September 5, 2009 - 06:39

I have deleted around 80% of my website users. Now there is a gap between user 5 to user 15 i.e. there is no user/6 or user/7 so on. Is there a way I can possible sort this so that users are lined up in serial i.e. user/5 then user/6 then user7 8,9,10.....so on.

Is this possible?

=-=

VM - September 6, 2009 - 17:19

not without a lot of manually mucking around in the db which I don't suggest.

Try this module

anatoa - October 12, 2009 - 11:01

Our Anatoa module is designed to catch fake profiles created by 'real' people (bypassing CAPTCHA). It would be interesting to see how effective it is in this case. Feel free to give it a try: http://drupal.org/project/anatoa

Cheers
Anatoa

Anatoa Profile Fraud Protection - Keep your members safe!
http://www.anatoa.com/

@anatoa, I would like to know

himagarwal - October 13, 2009 - 08:33

@anatoa,

1. Can it check for existing users?
2. Can it work simultaneously with mollom (drupal.org/project/mollom)?
3. Can it work with APK (drupal.org/project/advanced_profile)? I'm not using drupal core profile.