Advertisement:

Author Topic: Being logged out by bots trying to log in  (Read 135337 times)

Offline HamishM

  • Jr. Member
  • **
  • Posts: 124
Re: Being logged out by bots trying to log in
« Reply #320 on: February 18, 2011, 10:34:22 PM »
Using 1.1.13

I have the Avatar Verification Mod as the first hurdle before getting to the registration page, that coupled with RECAPTCHA keeps the bots from trying to register.........

I have now installed the EMAIL login mod, works a treat and have removed the .htaccess from my server banning the offending IP's.
Now have a normal error log again......... ;D
« Last Edit: February 19, 2011, 01:10:25 AM by HamishM »

Offline Norv

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 18,313
  • Blue Wolf
Re: Being logged out by bots trying to log in
« Reply #321 on: February 18, 2011, 11:18:01 PM »
Yes, the email login, if possible at all to use for your forum, really helps at this moment. It may not be appropriate for any forum though.
Thank you for letting us know.

Also, if your forum is currently targeted by Tor addresses (quite a number of forums are, though not all) you may want to try this: Tor Blocker, as a short term solution against them. Please note that Tor users can very well be legitimate, innocent users... unfortunately at this moment the malicious users are using it heavily, and if you want to identify and block them for now, this mod is useful.

We're working on a few more possibilities and we'll come back on this.
To-do lists are for deferral. The more things you write down the later they're done… until you have 100s of lists of things you don't do.
File a security report | Developers' Blog | Bug Tracker

Also known as Norv on D* | Norv N. on G+ | Norv on Github

Offline CountryLady

  • Jr. Member
  • **
  • Posts: 178
  • Gender: Female
    • OurCountryHaven
Re: Being logged out by bots trying to log in
« Reply #322 on: February 19, 2011, 02:14:58 AM »
Just a note to add a "Thank You~!" to all who are working on this issue.
I'm not a very knowledgeable forum owner, and I really depend on people like y'all to resolve these Technology problems.

What has worked well for me is the old-fashioned labor intensive research and ban IP Ranges. My members come mostly from just a couple of countries, so I can ban huge blocks of IPs with no problems for me. There are a few bots trying to crack passwords but they get banned now and can't get to the forum.

Still, it will be good to get a special mod to block all the attacks.

Thanks again folks. :D

Offline xrunner

  • Sophist Member
  • *****
  • Posts: 1,019
  • Gender: Male
  • Karma +584/-1
Re: Being logged out by bots trying to log in
« Reply #323 on: February 19, 2011, 09:03:09 AM »
I turned off the Tor-blocker this morning to see what would happen, it had been running for a few days. Sure enough, the password errors started up immediately. I don't think the systems are looking at the fact their attempts to access the forum are being blocked.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,051
    • Arantor on GitHub
Re: Being logged out by bots trying to log in
« Reply #324 on: February 19, 2011, 09:05:09 AM »
They're not, no.

I do have a patch that is two lines and nails the attempts dead in the water, without the hassle or risk of blocking genuine users that Tor might have - but I still want a little more proof that it's not hitting any genuine users. I've lost count of the hundreds of bot hits I had and so far still no false positives.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline Spuds

  • SMF Hero
  • ******
  • Posts: 1,798
  • Gender: Male
Re: Being logged out by bots trying to log in
« Reply #325 on: February 19, 2011, 10:39:18 AM »
Quote
I do have a patch that is two lines and nails the attempts dead in the water
Great news, thanks for continuing to work on this, be nice to have something other than a sledgehammer!  Does this do something similar to the block but based instead of on the IP its based on the whats and wheres MO of the bot?

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,051
    • Arantor on GitHub
Re: Being logged out by bots trying to log in
« Reply #326 on: February 19, 2011, 10:50:28 AM »
Yes, it blocks totally on the bot's MO, and uncovered what I believe is a bug in SMF itself in the process - which the bot is actually exploiting, though indirectly. (I have documented the bug on the tracker, naturally)

I'm now happy that it's doing what it's supposed to, so I've removed the debugging log it did and provided a general error (English only, didn't see any point in doing that part properly)

Should install cleanly on all 1.1.x and current 2.0 versions.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline xrunner

  • Sophist Member
  • *****
  • Posts: 1,019
  • Gender: Male
  • Karma +584/-1
Re: Being logged out by bots trying to log in
« Reply #327 on: February 19, 2011, 10:59:04 AM »

Should install cleanly on all 1.1.x and current 2.0 versions.

Cool, I'm trying it now ...

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,712
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Being logged out by bots trying to log in
« Reply #328 on: February 19, 2011, 10:59:53 AM »
Interesting.  :)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline busterone

  • SMF Hero
  • ******
  • Posts: 2,150
  • Gender: Male
  • Devil Dog
    • The Demon's Den
Re: Being logged out by bots trying to log in
« Reply #329 on: February 19, 2011, 11:11:54 AM »
I am curious about Arantor's idea as well.  This present attack may just be a precursor for another larger one later down the road.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,051
    • Arantor on GitHub
Re: Being logged out by bots trying to log in
« Reply #330 on: February 19, 2011, 11:19:03 AM »
The attack has already occurred on other platforms, not just SMF.

Thing is, if the underlying login mechanism is altered to fix the issue I reported, this entire attack pattern just fails anyway.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,021
  • 戦場ヶ原、蕩れ!
    • srvrguy on GitHub
    • @motokochan on Twitter
    • Nekomusume Moe
Re: Being logged out by bots trying to log in
« Reply #331 on: February 19, 2011, 11:27:01 AM »
Arantor, I think I found an issue with the way you are "fixing" the issue and sent you a PM about it.

For the public: This possible issue would likely impact less than 1% of legitimate users if any.
Motoko-chan
Director, Simple Machines

Just because it's pouring down doesn't mean we're gonna drown. There's a time when all you can say is let it rain - Mat Kearney (Let It Rain)

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,051
    • Arantor on GitHub
Re: Being logged out by bots trying to log in
« Reply #332 on: February 19, 2011, 11:31:49 AM »
I replied, but just for those following, this fix is not a broad solution to the issues that are involved, it's a *specific* bullet for this specific issue, based on the exact MO of the bots making these attempts, and won't solve any other issues.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline busterone

  • SMF Hero
  • ******
  • Posts: 2,150
  • Gender: Male
  • Devil Dog
    • The Demon's Den
Re: Being logged out by bots trying to log in
« Reply #333 on: February 19, 2011, 11:33:19 AM »
Understood. I wondered if that were the case, considering you were studying their MO closely.

Offline xrunner

  • Sophist Member
  • *****
  • Posts: 1,019
  • Gender: Male
  • Karma +584/-1
Re: Being logged out by bots trying to log in
« Reply #334 on: February 19, 2011, 11:37:44 AM »
I uninstalled the Tor blocker, and confirmed I was still getting bot login errors. I then installed Arantor's Mod. I can conform it does work on the forum I'm having a problem with.

Offline nend

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 1,755
  • 2 deep n2 the code
    • sicommnend on GitHub
    • SIComm.us
Re: Being logged out by bots trying to log in
« Reply #335 on: February 19, 2011, 11:47:11 AM »
Still no activity from these bots on all my sites across different domains for the last couple days. I wonder if my host has done any blocking.  :-\

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,051
    • Arantor on GitHub
Re: Being logged out by bots trying to log in
« Reply #336 on: February 19, 2011, 11:48:27 AM »
Still no activity from these bots on all my sites across different domains for the last couple days. I wonder if my host has done any blocking.  :-\

Or they just didn't like you much :P Not all my forums got hit either, I should point out.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline nend

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 1,755
  • 2 deep n2 the code
    • sicommnend on GitHub
    • SIComm.us
Re: Being logged out by bots trying to log in
« Reply #337 on: February 19, 2011, 12:03:35 PM »
Still no activity from these bots on all my sites across different domains for the last couple days. I wonder if my host has done any blocking.  :-\

Or they just didn't like you much :P Not all my forums got hit either, I should point out.

All my forums where getting hit hard by this bot a couple days ago. Just wondering.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,051
    • Arantor on GitHub
Re: Being logged out by bots trying to log in
« Reply #338 on: February 19, 2011, 12:05:55 PM »
I'm still getting the bots trying it on.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline krick

  • Jr. Member
  • **
  • Posts: 173
    • tank + paladin = tankadin
Re: Being logged out by bots trying to log in
« Reply #339 on: February 19, 2011, 12:12:10 PM »
I just installed Arantor's Mod and removed the giant list of "deny from" entries from my .htaccess.

It appears, at least for the time being, that Arantor's Mod is working against the bot tide.