News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

bruteforce

Started by stinkyfax, February 15, 2011, 12:14:29 PM

Previous topic - Next topic

stinkyfax

Hello, I have a lot of mods which prevent bots from registration, it stops most but not all. Although 1 bot a month is not a big problem.
What I am aware of more is that somebody got angry for being banned from forum and now bruteforces forum with spoofed ip's by trying to find valid login/password combination. Since I have forum members with not smartest passwords, I am aware of this attacker succeed.
My idea: add captcha to login/password form. I couldn't find such a mod, would you mind helping me with one or advice something else?

Illori

there is a thread on this issue in the Building Your Community and other Forum Advice board. there is no current mod to add the CAPTCHA to the login form and i dont think anyone is interested in making one.

Arantor

The issue you're describing has been affecting lots of forums at the moment, run by bots.

A CAPTCHA on login wouldn't stop your troublemaker, and wouldn't really stop the current bot attack. Even if there were such a mod, it would be a royal pain to support since it would require custom work for every custom theme.

Norv

I think the topic Illori refers to is this:
http://www.simplemachines.org/community/index.php?topic=416928.0

Please, check it out, you may find useful advice on protecting your forum.
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

Illori


Norv

Just thinking it would be useful to specify, since we know these topics well right now, unfortunately. We're keeping an eye on the problems and the possible means to alleviate it.
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

stinkyfax

Thank you guys, I wouldn't mind having a temporary solution as captcha, I use default theme because 90 of mods don't support custom themes anyway.
Will look into topic in hopes finding something usefl

Leppie

Quote from: Norv on February 15, 2011, 01:52:11 PM
Just thinking it would be useful to specify, since we know these topics well right now, unfortunately. We're keeping an eye on the problems and the possible means to alleviate it.
is Arantor's patch going to be implemented for the final release of 2.0? it seems to be quite effective against those bots, much more effective than several other mods combined.

Arantor

No, I really shouldn't think it is, not as it is.

It deals with one very specific bot, nothing more. There are discussions afoot for a more general implementation, however.

calmstorm

May I suggest using KeyCaptcha?They have plugin/mod for SMF.


Arantor

And? It wouldn't stop this specific bot anyway. Only a CAPTCHA at login, my patch or a few specific other things would do that, and CAPTCHA at login has other consequences.

calmstorm

Ah.. it seems I misunderstood this discussion, I'm not aware that this bot is *supposed to be* specific to SMF. And this bot try to login, not register. I'm using KeyCaptcha for registration and post for now in our forum(not SMF, but want to migrate to/ create new SMF), so I'm not that familiar with the SMF yet. Sorry if that offend you.

Advertisement: