SMF 2.0.19 has been released! Please update. Read more.
Started by ACAMS, January 11, 2011, 11:11:02 PM
Quote from: Elysia on February 11, 2011, 10:22:34 PMOne of the forums I look after has been hit bigtime by this problem, but I've found a solution which seems to work. The IP addresses being used by the bots are all connected with the torservers network.So, I created a list of the IPs (all 1,334 of them!) which need to be blocked and added that to my .htaccess file in the webspace and the login attempts have stopped dead. I'm attaching the list here so that anyone can try it. It's saved as a plain text file so you can download it and copy / paste the contents to your existing .htaccess file if you have one. If you haven't got one then simply upload this text file to your webspace, and rename it from htaccess.txt to .htaccess and then go check your error logs. You should find the login failures have stopped.
Quote from: xrunner on February 13, 2011, 09:26:01 PMI have a forum I help out with being hit hard by this junk. The bots make accounts with spam ads in the signatures, but they don't make any posts for the members to see the ads. This part I don't understand. Why go to the trouble of making an account with an ad and not posting it for people to see? The membernames are of the form two words and some numbers -riceticky06jillskinny12I also have hundreds of errors in the log for password incorrect errors.
Quote from: sheryltoo on February 13, 2011, 09:07:02 PMThis problem started in my forum yesterday so I upgraded to RC4 and added the security patch but it didn't help.Also, I don't know if this is related but not one member has signed in or posted on my site since I did the upgrade. I keep seeing lots of guest viewing the site but no one signing in.That's kind of unusal for my site so I don't know if my members are having problems because of the bots or the upgrade.
Quote from: busterone on February 13, 2011, 09:33:38 PMThe two usernames you listed are probably just spammers not connected to the log in attack that has been going on. The spammers put their ads in profiles with the hope that if profiles are viewable by guests, they will be viewable and indexed by search engines. Most forum admins do not allow guest viewing of profiles, so it becomes a wasted effort by the spammers. Who ever said that spammers are smart though.
Quote from: nvcnvn on February 13, 2011, 10:08:35 PMCan we just show a Verification Questions on login page!?
QuoteIf you have a text editor that handles regular expressions, set the find string to "^" and the replace to "Deny from ".
Quote from: PLAYBOY on February 13, 2011, 11:23:44 PMQuoteIf you have a text editor that handles regular expressions, set the find string to "^" and the replace to "Deny from ".but there is no ^ string. Its just single ips on each line.
Quote from: joec88 on February 13, 2011, 01:26:47 AMI still think there are better targets to hit than forums.