News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Flood of fake users

Started by BMcDonald, January 26, 2015, 06:50:01 PM

Previous topic - Next topic

BMcDonald

Hi.  I just recently installed your BBS and discovered today that a TON of fake users had registered and posted piles of spam crap.  I eventually found where to require admin approval, but it seems it would be a good idea for your base install to have that set by default?

Anyway, now I have to deal with the bot registering one after another after another fake user that I have to process and delete one at a time.  I'm entering their IP numbers in the ban list, but every single one has a different IP number.

Does anyone know of a simpler way to stop this attack?

Night09

Goto admin>members>members and in the list choose to delete them and remove their posts.

If you goto Configuration>Security and moderation>Anti spam you can set some registration questions. A quick search all this has been answered thousands of times. ;)

BMcDonald

Thank you.  I did try to search the issue. None of the ways I posed the question returned any results.

Night09

Best setting some questions and then set to email approval once you know your mail works. Make sure the questions are not too easy so a bot can get the answer as its certain there are bot databases of answers doing the rounds.

Another thread nailed it by suggesting the following ideas

Enter the 4th 5th and 9th characters:  07wqhe0fuugr  (random strings)

Answer would be qhu

Thats the basics anyway.

Arantor



Illori

Quote from: Night09 on January 26, 2015, 06:55:18 PM
Goto admin>members>members and in the list choose to delete them and remove their posts.

you can only delete the posts with the user from their profile one by one.

Night09

You can actually mass delete all the users and then reattribute the posts as guest to a fake account collecting them all together to be deleted in one go.

BMcDonald

Thank you all for your prompt help.  The verification question did the trick!

Arantor

That's now the second time you've recommended them, are you involved with them?

Also... actually... questions work *really* well based on our experience (and we have more experience with that than we do with an otherwise unheard-of CDN that will give users problems in terms of proxying just like CloudFlare does)

Arantor

Best by whose definition?

QuoteOne issue I can tell you that you will have right away. IP bans won't work, because you will get the CDN server address.

Well, yes, that was fairly evident, however you're actually only partially correct. Incapsula exposes the real IP address as X-Forwarded-For and Incap-Client-Ip, the former of which is actually checked for against the ban list - assuming you ban the right IP address (but SMF won't expose that to you), and in any case the latter should be used anyway for filtering the correct IP address, but that's a one line patch, more if you actually verify the incoming as having come from one of the whitelisted addresses that Incapsula say they use.

Kindred

I disagree with the concepts of black lists in general.... it is far too easy to get falsely added to the list and far too difficult to get your IP removed form the list, once it is on there.

As for " Yes, any time you don't understand how a proxy works there will be "issues""
Well, that covers about 99% of the internet -- and probably around 90% of the folks who just want to set up a forum.

Questions WORK.
Questions are not silly, if well designed, and are less intrusive/problematic than CAPTCHA ever was.
Questions are something that we have in the core product
Questions are something that admins, who just want to set up a simple forum, understand

in short... CDN/Proxy is mostly pointless for 90+% of the folks who plan to run a forum.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Advertisement: