News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Abusive member banned - coming back with proxy IP's

Started by EL34, November 22, 2015, 07:01:20 AM

Previous topic - Next topic

EL34

I had an abusive member that got booted from the forum

He is on the ban list, but now he has figured out how to use a proxy server to disguise his real IP address

I have the forum set up so all members must be approved manually by me, the Admin
I am catching his fake membership applications because his email addresses are not real
They bounce back after it's found out they cannot be delivered

I have my Mods on high alert just in case he gets by me

Is there any way at all to defend this sort of thing?

Here's an email I got this morning from his real email address


ban me? lol.
Proxy site...I win.   Now Im going to hack you for the fun of it.  Idiot.
Forum History -> EZBoard -> YABB -> SMF 1.1.19 -> SMF 2.0.19

a10

2.0.19, php 8.0.23, MariaDB 10.5.15. Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.

EL34

This member has already been banned and has no access to the forum
That mod looks like it annoys current members that has access
Forum History -> EZBoard -> YABB -> SMF 1.1.19 -> SMF 2.0.19

Kindred

really... no... there is not much that you can do.

On the other hand - as long as you are running 2.0.11 and do not have any mods which have compromises  there are no currently known hacks to SMF.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

EL34

Thanks Kindred

I added an IP deny rule to my server for his real IP just in case
That will keep him from viewing all my web site on my cloud server

That's only if he does it from his real IP address
Forum History -> EZBoard -> YABB -> SMF 1.1.19 -> SMF 2.0.19

Jade Elizabeth

Unfortunately this sort of thing happens a lot in the forum world and can be a real annoyance.

You can try this mod to block proxies. If any of your members are using them legitimately explain politely you're going to use it until this guy grows up (but don't say grows up cause you'll make him worse).
http://custom.simplemachines.org/mods/index.php?mod=2729

You may also find some relief with this mod:
http://custom.simplemachines.org/mods/index.php?mod=2502

You can also install Stop Spammer and HttpBL but they don't play with Bad Behaviour mod iirc but I THINK honeypot will trap proxies too.

Good luck, I hope this fella backs off and cools down soon. Be sure to keep your SMF up to date when it releases new versions.
Once proud Documentation Writer and Help Squad Leader | Check out my new adult coloring career: Color With Jade/Patreon.

EL34

Thanks,
I have had Stop spammer and HttpBL installed for many years
They work great!

I always update SMF as soon as I see there is an update

I deleted this guys forum account
But before I did, I reported him as a spammer

Unfortunately he keeps trying to log in as me and keeps trying to change my password
His IP changes on every attempt

I am monitoring the logs and doing forum backups
Forum History -> EZBoard -> YABB -> SMF 1.1.19 -> SMF 2.0.19

Jade Elizabeth

Sounds like someone needs to get a hobby ha ha.

Give this a whirl:
http://custom.simplemachines.org/mods/index.php?mod=2181

This may also help a little:
http://custom.simplemachines.org/mods/index.php?mod=1353

You might also like this one, but be sure to post a little notice about the change...Alternatively, you can change your username (not your display name) and he won't be able to guess and log in with it :). That's the least disruptive option.
http://custom.simplemachines.org/mods/index.php?mod=1665

Good luck!
Once proud Documentation Writer and Help Squad Leader | Check out my new adult coloring career: Color With Jade/Patreon.

Kindred

as an admin, you could always change your LOGIN name so that it does not match your DISPLAY name
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

EL34

Quoteas an admin, you could always change your LOGIN name so that it does not match your DISPLAY name

Sounds like a good idea

I have also instructed my mods to make sure their passwords are secure and their secret question cannot be guessed easily

Thanks for the tips all
Forum History -> EZBoard -> YABB -> SMF 1.1.19 -> SMF 2.0.19

Jade Elizabeth

Quote from: Kindred on November 24, 2015, 08:09:50 AM
as an admin, you could always change your LOGIN name so that it does not match your DISPLAY name


Great minds think alike lol
Quote from: Jade Elizabeth on November 24, 2015, 07:55:45 AM
You might also like this one, but be sure to post a little notice about the change...Alternatively, you can change your username (not your display name) and he won't be able to guess and log in with it :). That's the least disruptive option.
http://custom.simplemachines.org/mods/index.php?mod=1665

Good luck!
Once proud Documentation Writer and Help Squad Leader | Check out my new adult coloring career: Color With Jade/Patreon.

Kindred

lol... I didn't even see that part.   That's what I get for reading on my phone
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Jade Elizabeth

Ha ha one too many of these creeps have messed with me, and I'm paranoid as hell so I get pretty creative when it comes to covering my behind ;).

This step should really have already been done, you never know when someone's going to turn into one of these people or if you already have one in your midst! I ask all my moderators to pick new usernames to keep their accounts safe and change it for them (even if it's just an email they don't share)....it's just safer that way.
Once proud Documentation Writer and Help Squad Leader | Check out my new adult coloring career: Color With Jade/Patreon.

EL34

I changed my user name and got 3 of my mods to do it also
I have one more mod to do it and we are set
Forum History -> EZBoard -> YABB -> SMF 1.1.19 -> SMF 2.0.19

Jade Elizabeth

Excellent! Now he's been thwarted for sure. Just keep your forum up to date and you should be fine! Make sure any other software you have on your server is up to date too. If you have an out of date wordpress for example it can be used to get into everything that's in the same space....so keep everything up to date :D.
Once proud Documentation Writer and Help Squad Leader | Check out my new adult coloring career: Color With Jade/Patreon.

EL34

Yes, will do

I don't have wordpress or anything like that on my server

I have my own windows 2008 R2 Cloud server that I admin myself via Remote desktop connection

Basically a few php apps like SMF and a few perl apps
Forum History -> EZBoard -> YABB -> SMF 1.1.19 -> SMF 2.0.19

Advertisement: