Advertisement:

Author Topic: Simple Machines Forums attacks  (Read 1821640 times)

Offline b4pjoe

  • Jr. Member
  • **
  • Posts: 380
  • Gender: Male
    • B4print.com
Re: Simple Machines Forums attacks
« Reply #40 on: February 20, 2011, 10:53:49 AM »
Disabling Tor Access and setting up a Honeypot and installing httpBL worked for very well for me, and I've also been able to keep other bots like spammers at bay with this setup very well.

I'd love to be able to use httpBL but don't run my own server.  I've installed Arantor's patch and it's cut down the number of login attempts significantly but my main forums are still getting hit with registration attempts by bots that are blacklisted in the Project Honey Pot database. I closed registration several days ago so they can't get in, just fill up my error log.

Thanks to all who have been and are still working on these issues! I appreciate everyone's efforts!

Check out QuickLinks at the HoneyPot site. It's for people that don't have server access.

Offline robbie93

  • Sr. Member
  • ****
  • Posts: 733
    • R&H
Re: Simple Machines Forums attacks
« Reply #41 on: February 20, 2011, 11:10:29 AM »
I woke up to nine pages of errors today guys, it seems one set of errors have been replaced by another I'm now getting nine pages of these.

Guest
195.191.54.64   
Type of error: User 
http://robbie93andhotchildxox.net/index.php?action=login2
The letters you typed don't match the letters that were shown in the picture

Offline busterone

  • SMF Hero
  • ******
  • Posts: 2,106
  • Gender: Male
  • Devil Dog
    • The Demon's Den
Re: Simple Machines Forums attacks
« Reply #42 on: February 20, 2011, 11:20:21 AM »
I'd love to be able to use httpBL but don't run my own server.  I've installed Arantor's patch and it's cut down the number of login attempts significantly but my main forums are still getting hit with registration attempts by bots that are blacklisted in the Project Honey Pot database. I closed registration several days ago so they can't get in, just fill up my error log.

Thanks to all who have been and are still working on these issues! I appreciate everyone's efforts!
You don't need to have server level access to use the httpBL mod or install a honeypot. As long as you have ftp access and Cpanel(or whatever control panel your host uses), the mod works. See the documentation at http://www.projecthoneypot.org In short, install the honeypot within your webspace directory structure somewhere, get an API key, install httpBL, and enter the honeypot's url and your API key in the admin section of the mod. Hide your links in your forum and any other site you may have running and you are done. 

Offline Aoife

  • Semi-Newbie
  • *
  • Posts: 99
  • Gender: Female
  • Guild Leader/Web Admin
    • Divine Alliance of Mok'Nathal
Re: Simple Machines Forums attacks
« Reply #43 on: February 20, 2011, 11:33:18 AM »
I'd love to be able to use httpBL but don't run my own server.  I've installed Arantor's patch and it's cut down the number of login attempts significantly but my main forums are still getting hit with registration attempts by bots that are blacklisted in the Project Honey Pot database. I closed registration several days ago so they can't get in, just fill up my error log.

Thanks to all who have been and are still working on these issues! I appreciate everyone's efforts!
You don't need to have server level access to use the httpBL mod or install a honeypot. As long as you have ftp access and Cpanel(or whatever control panel your host uses), the mod works. See the documentation at http://www.projecthoneypot.org In short, install the honeypot within your webspace directory structure somewhere, get an API key, install httpBL, and enter the honeypot's url and your API key in the admin section of the mod. Hide your links in your forum and any other site you may have running and you are done.

oh ok, kewl! I'll do that!  I do have a QuickLink installed too, btw - on all my sites and forums.  Thank you for the info!


Offline busterone

  • SMF Hero
  • ******
  • Posts: 2,106
  • Gender: Male
  • Devil Dog
    • The Demon's Den
Re: Simple Machines Forums attacks
« Reply #44 on: February 20, 2011, 11:45:36 AM »
Quite welcome.  :)

Offline Norv

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 18,313
  • Blue Wolf
Re: Simple Machines Forums attacks
« Reply #45 on: February 20, 2011, 11:50:48 AM »
I woke up to nine pages of errors today guys, it seems one set of errors have been replaced by another I'm now getting nine pages of these.

Guest
195.191.54.64   
Type of error: User 
http://robbie93andhotchildxox.net/index.php?action=login2
The letters you typed don't match the letters that were shown in the picture


None of these mods can STOP the bots from trying. Bots are trying. It's a fact of the internet.
Some of the mods log the attempts in SMF's error log (which IMHO it's useful for the admin to know that the attempts are happening on their forum), some don't, but they enhance protection nonetheless.
If you installed a mod that doesn't log anything, I would recommend to take a look in your webserver access log, to see if there are many requests to login2 or register2. You might find there are, meaning bots are still trying.

So what you see means probably that bots are trying, but they're stopped by Captcha on the login page. I strongly recommend activating a custom question too. Even a simple question like "3 + 2 = ?" would be useful.
« Last Edit: February 20, 2011, 11:57:05 AM by Norv »
To-do lists are for deferral. The more things you write down the later they're done… until you have 100s of lists of things you don't do.
File a security report | Developers' Blog | Bug Tracker

Also known as Norv on D* | Norv N. on G+ | Norv on Github

Offline codenaught

  • Customizer
  • SMF Super Hero
  • *
  • Posts: 14,655
  • Gender: Male
  • Formerly Known As akabugeyes
Re: Simple Machines Forums attacks
« Reply #46 on: February 20, 2011, 01:25:34 PM »
I assume that this is going to be addressed in the final release of 2.0. :)

Good luck continuing to handle all this nonsense. It's a shame how bad people force us to spend time on malicious prevention instead of on innovation at times.
Dev Consultant
Former SMF Doc Coordinator

Offline robbie93

  • Sr. Member
  • ****
  • Posts: 733
    • R&H
Re: Simple Machines Forums attacks
« Reply #47 on: February 20, 2011, 01:28:07 PM »


None of these mods can STOP the bots from trying. Bots are trying. It's a fact of the internet.
Some of the mods log the attempts in SMF's error log (which IMHO it's useful for the admin to know that the attempts are happening on their forum), some don't, but they enhance protection nonetheless.
If you installed a mod that doesn't log anything, I would recommend to take a look in your webserver access log, to see if there are many requests to login2 or register2. You might find there are, meaning bots are still trying.

So what you see means probably that bots are trying, but they're stopped by Captcha on the login page. I strongly recommend activating a custom question too. Even a simple question like "3 + 2 = ?" would be useful.

Ok, I added the question to the login page also, I'm not very good at mathematics so I used your example.  :D

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 63,567
Re: Simple Machines Forums attacks
« Reply #48 on: February 20, 2011, 01:32:08 PM »
Quote
I assume that this is going to be addressed in the final release of 2.0.

This specific bot with this specific hack, I doubt it. It's not elegant enough nor broad enough to catch the entire set of bad behaviours. It just targets the MO of this specific bot.

I should note that there is discussion underway about nailing down the entire subsystem that the bot uses to try getting in, which would make it a general strengthening rather than something specific.
And his eyes have all the seeming of a demon's that is dreaming,
And the lamp-light o'er him streaming throws his shadow on the floor

Offline Norv

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 18,313
  • Blue Wolf
Re: Simple Machines Forums attacks
« Reply #49 on: February 20, 2011, 01:44:23 PM »
I assume that this is going to be addressed in the final release of 2.0. :)

Good luck continuing to handle all this nonsense. It's a shame how bad people force us to spend time on malicious prevention instead of on innovation at times.

There will be improvements allowing to strengthen security. Thank you. :)
« Last Edit: February 20, 2011, 01:50:10 PM by Norv »
To-do lists are for deferral. The more things you write down the later they're done… until you have 100s of lists of things you don't do.
File a security report | Developers' Blog | Bug Tracker

Also known as Norv on D* | Norv N. on G+ | Norv on Github

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,636
  • The Jarred of spam bots, lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Simple Machines Forums attacks
« Reply #50 on: February 20, 2011, 02:00:38 PM »
As far as bots go, I have been battling them over a year with Bad Behavior (recently re-written) and Forum Firewall and quite frankly they are no longer a issue for me.  The American way:  Block first, ask questions later works great.  Every now and then I will see a straggler.   That is it!

I believe SMF should concentrate on the things that cause the errors in the error logs.  Because bugs are a favorite target of bots.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 63,567
Re: Simple Machines Forums attacks
« Reply #51 on: February 20, 2011, 02:09:15 PM »
The matter I refer to is something I consider a bug ;)
And his eyes have all the seeming of a demon's that is dreaming,
And the lamp-light o'er him streaming throws his shadow on the floor

Offline Masterd

  • SMF Hero
  • ******
  • Posts: 3,854
  • Gender: Male
  • Sapienti satis.
Re: Simple Machines Forums attacks
« Reply #52 on: February 20, 2011, 03:30:44 PM »
Thanks for the tips, Norv!
My Mods

Sugested that too. Hey ho. I'd link you to the original discussion but it's not visible to most people (seekrit team board stuff that is more dangerous than wikileaks).


Don't PM me for support! Use the appropriate support board!

It's the possibility of having a dream come true that makes life interesting.

Offline SomaliDoc

  • Semi-Newbie
  • *
  • Posts: 49
Re: Simple Machines Forums attacks
« Reply #53 on: February 21, 2011, 11:51:21 AM »
Login detector worked for me as well but still there is a problem that members can't login to the forums in the first try, they have to enter the password again to log in.

When they first log in, the login2 page show up with the message "Password Incorrect". but when they put the same correct password again they are in.

Is this problem related to the bot issue & How I can solve it?

Thanks

Offline Aoife

  • Semi-Newbie
  • *
  • Posts: 99
  • Gender: Female
  • Guild Leader/Web Admin
    • Divine Alliance of Mok'Nathal
Re: Simple Machines Forums attacks
« Reply #54 on: February 21, 2011, 12:02:21 PM »
Login detector worked for me as well but still there is a problem that members can't login to the forums in the first try, they have to enter the password again to log in.

When they first log in, the login2 page show up with the message "Password Incorrect". but when they put the same correct password again they are in.

Is this problem related to the bot issue & How I can solve it?

Thanks

I've had issues with this as well, without having any of the mods listed in this thread installed. It seems to happen after the members have requested a password reminder and change their passwords.



Offline b4pjoe

  • Jr. Member
  • **
  • Posts: 380
  • Gender: Male
    • B4print.com
Re: Simple Machines Forums attacks
« Reply #55 on: February 21, 2011, 12:46:17 PM »
I have the login detector and httpBL installed and have not seen this issue on RC5.

Offline SomaliDoc

  • Semi-Newbie
  • *
  • Posts: 49
Re: Simple Machines Forums attacks
« Reply #56 on: February 22, 2011, 08:50:22 AM »
Login detector worked for me as well but still there is a problem that members can't login to the forums in the first try, they have to enter the password again to log in.

When they first log in, the login2 page show up with the message "Password Incorrect". but when they put the same correct password again they are in.

Is this problem related to the bot issue & How I can solve it?

Thanks

I've had issues with this as well, without having any of the mods listed in this thread installed. It seems to happen after the members have requested a password reminder and change their passwords.




This is happening all the time even without requesting password reminder?
Anyone knows what it's going in my forum?

Offline ethankcvds

  • Jr. Member
  • **
  • Posts: 310
  • Gender: Male
Re: Simple Machines Forums attacks
« Reply #57 on: February 22, 2011, 11:29:40 PM »
Quote
Is there a maximum password length (some of my users want to go to the max)?

I don't believe there is. If there IS, it'll be something like 50 characters.

You'll laugh but it is true (On SMF 2.0 at least) that you can use a 99 + character password.
No Pm's for support please!

Offline RustyBarnacle

  • Sr. Member
  • ****
  • Posts: 722
    • Saving Tallingroth
Re: Simple Machines Forums attacks
« Reply #58 on: February 22, 2011, 11:57:20 PM »

Offline Joshua Dickerson

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 12,668
  • Gender: Male
    • joshuaadickerson on LinkedIn
Re: Simple Machines Forums attacks
« Reply #59 on: February 23, 2011, 01:40:18 AM »
Looks like your theme or a mod is broken.
Need help? See the wiki. Want to help SMF? See the wiki!

Did you know you can help develop SMF? See us on Github.

How have you bettered the world today?