News:

Wondering if this will always be free?  See why free is better.

Main Menu

Simple Machines Forums attacks

Started by Norv, February 19, 2011, 04:33:48 PM

Previous topic - Next topic

b4pjoe

5+ hours using only Arantor's mod. ZERO errors.

And yes, thanks Arantor.

ACAMS

#21
Quote from: Norv on February 19, 2011, 04:33:48 PM
Additional protection for your members accounts
2. Add verification to the login page
Login verification
This mod enhances the login page, by adding security verification, just as can be done during registration. We strongly recommend to use custom questions, rather than Captcha. Questions that a human would answer easily, but a bot could not guess work well.  Once you install it, the settings in your forum admin panel
Security and Moderation > Anti-Spam:
> Require verification on registration and login pages
> Visual verification image to display
> Number of verification questions user must answer
> Verification Questions
will be applied to both registration and login pages.
In addition, the mod enhances logging in your SMF error log.

I would like to have this Login verification mod, but it did not have an install option when I uploaded it to my 2.0 RC3 packages folder.

I searched mods in hopes of it being able to Parce to RC3 and it was not found.

That seems to be a MAJOR problem with SMF updating every two weeks here lately......simple updates screwes up the whole damn software and makes current mods not work. SMP is too plain and useless in my book without mods. I have had my modified theme for a year, and when I updated to RC3....IT GOT MESSED UP AND WOULD NOT WORK!!!!!!!.......took me two days to MAKE it work, and it does not look like it did at first!

If you guy's want to update every other day.....MAKE MODS BE COMPATIBLE!!!!!......there is no sense in changing it so much that my theme DOES NOT WORK!!!!


Is this mod planned for release so I can parse it to RC3?


EDIT:

I deleted the package from the folder and tried to upload through the forum (a trick that sometimes works) and I got this error.

The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Arantor

The changes since 2.0 RC3 are all bug fixes, security enhancements and enhancements so that most mods don't need to make theme edits. Unfortunately something like this has to.

ACAMS

I have LOTS of hand made and installed mods I don't want to lose, but the email login is causing trouble too, and I think this will fix the problem.

Can it be used on RC3?

Quote from: Arantor on February 19, 2011, 10:50:28 AM
Yes, it blocks totally on the bot's MO, and uncovered what I believe is a bug in SMF itself in the process - which the bot is actually exploiting, though indirectly. (I have documented the bug on the tracker, naturally)

I'm now happy that it's doing what it's supposed to, so I've removed the debugging log it did and provided a general error (English only, didn't see any point in doing that part properly)

Should install cleanly on all 1.1.x and current 2.0 versions.

StarWars Fan

Quote from: Arantor on February 19, 2011, 06:38:20 PM
I'm now hours and hours without a single bot hit... with 2 lines of code and my users noticed nothing ;) And no, the login CAPTCHA is not the answer. Mind you, I have a custom CAPTCHA anyway ;)

Arantor's 2 lines of code solved my problem for over 2 hours now with no problems and no other mods... THANK YOU ARANTOR!

Arantor

QuoteCan it be used on RC3?

Yes, it installs on 1.1.x plus RC3, RC4 and RC5.

ACAMS

I guess I need to install it by hand.....where can I find the code?

Arantor

No, I made the package info EXPRESSLY check for 1.1.x, 2.0 RC3, 2.0 RC4 and 2.0 RC5.

Norv

Please find Arantor's Login detector attached here: Login Detector mod. You shouldn't need to install it by hand, installing through package manager should work.

I understand the problems you're facing with RCs, however I have to recommend that you take into account upgrading your forum, as RC4 and RC4 Security Patch (which is only a mod for it) have important security fixes.

ETA: ninja-ed again. I'm slow today. :D
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

Arantor

Also it should be noted that if you're truly desperate, RC4's patch can be installed on RC3 with emulation. This is in no way a long term solution, though, it is a stop gap until you can properly upgrade.

ACAMS

OK, Login detector installed, but I wanted Login verification to work and can't find anything on it.

Also, what does  Login detector do?
Where do I see it?
How do I control it?

Can I get Login verification to work with RC3?

Arantor

QuoteAlso, what does  Login detector do?
Where do I see it?
How do I control it?

It stops the current bot attacks dead.

There's nothing to see, it's a two line patch that traps the current attacks and just makes them fail quietly. No configuration options provided, none are necessary.

QuoteCan I get Login verification to work with RC3?

Doubtful.

ACAMS

If I update to RC4 will I lose all my mods and themes?

Joshua Dickerson

Check the mod's page to see if they install on your version or just try it. Use a backup.
Come work with me at Promenade Group



Need help? See the wiki. Want to help SMF? See the wiki!

Did you know you can help develop SMF? See us on Github.

How have you bettered the world today?

live627

Quote from: ACAMS on February 19, 2011, 09:23:54 PM
If I update to RC4 will I lose all my mods and themes?
Yes, just like when you upgraded to RC3. But why not go for RC5?

Aleksi "Lex" Kilpinen

#35
Disabling Tor Access and setting up a Honeypot and installing httpBL worked for very well for me, and I've also been able to keep other bots like spammers at bay with this setup very well.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Robert.

Thanks for the tips, Norv and thanks Arantor for the mod. :)

Aoife

Quote from: LexArma on February 20, 2011, 12:45:56 AM
Disabling Tor Access and setting up a Honeypot and installing httpBL worked for very well for me, and I've also been able to keep other bots like spammers at bay with this setup very well.

I'd love to be able to use httpBL but don't run my own server.  I've installed Arantor's patch and it's cut down the number of login attempts significantly but my main forums are still getting hit with registration attempts by bots that are blacklisted in the Project Honey Pot database. I closed registration several days ago so they can't get in, just fill up my error log.

Thanks to all who have been and are still working on these issues! I appreciate everyone's efforts!



Arantor

The registration attempts are a totally different vector of attack, almost certainly spammers trying it on, not the bots trying to break into accounts.

Aoife

Quote from: Arantor on February 20, 2011, 09:50:28 AM
The registration attempts are a totally different vector of attack, almost certainly spammers trying it on, not the bots trying to break into accounts.

ya, I realize that. Just commenting on it is all, and just a minor annoyance compared to the hack attacks which aren't happening now, thanks to you and your mod.  :)

Advertisement: