SMF version installed: 2.0.4
mods:
1. RSS Feed Icon 1.1
2. Stop Spammer 2.3.7
3. Bot Buster 1.1
4. DisableTemplateEval
5. Delete Spam Posts 1.5
6. SMF 2.0.3 Update 1.0
7. SMF 2.0.4 Update 1.0
8. Fix for log spam due to failed attempt of quickmod2 exploit 0.1
9. Advanced Language Menu 2.2
10. Simple .htaccess Cache Mod 1.0
Problem:
I get hundreds of new accounts created per hour. At this point StopSpammer is just loading all of them into approval list, so they can't do anything and I am just bulk deleting them, but it is extremely annoying and clearly points at some sort of vulnerability.
Anyone has any ideas?
what is your URL ?
are you using the "questions" feature in smf 2.0.x?
Stop Spammer is doing exactly what it is supposed to - it is flagging the potential/identified spammers.
If you want to actually STOP the spam registrations, then you need to add additional protections... like questions and bad behavior+httpBL
Yes I know that StopSpammer is doing its job and brilliantly.
However... I am using questions. And I have email verification as well. This has nothing to do with a normal account creation process.
Isn't bad behavior+httpBL doubling StopSpammers job a little bit?
And I'm sorry but I'd rather not share url on a public forum, when I've already given exact information about mods used. I hope you understand that TheDragon.
QuoteAnd I'm sorry but I'd rather not share url on a public forum, when I've already given exact information about mods used. I hope you understand that TheDragon.
9 times out of 10 this is the only way we can ofer help with a vast majority of problems.
Obviously we would (and have done previously) remove any links when requested to do so.
:)
The only security I have on my forum is bad behaviour plus two verification questions related to my forums subject.
How about trying this?
http://custom.simplemachines.org/mods/index.php?mod=2502
As an off-topic note, why do you have a "DisableTemplateEval" mod installed?
That's a standard feature of SMF v2. So, you really don't need that mod.
http://wiki.simplemachines.org/smf/Spam_-_my_forum_is_flooded_with_spam,_what_can_I_do
bad behavior + httpBL uses bad behavior and project honeypot to exterminate spam registrations before they complete the registration process.
Quote from: sulwen on June 28, 2013, 10:07:02 AM
However... I am using questions. And I have email verification as well. This has nothing to do with a normal account creation process.
Then your questions are not good enough.
(email verification is simple for the bots to handle)
and you have provided no evidence to support your last statement...
If stop spammer is catching them, then they are , indded going through the normal account creation process.
QuoteAnd I'm sorry but I'd rather not share url on a public forum, when I've already given exact information about mods used. I hope you understand that TheDragon.
sure = I can understand that part
but me = and the PROS here / can look at your register process and make suggestions
u can send us a PM if you want
ANYWAY
I am confused HOW you can get swamped with SPAMMERS ??
if you are REALLY blocking the registrations with email authentication/approval ????
like said above = if you ask verify question(s) = first = to stop bots
then examine the email request for approval
just my 2c
Take a look at your questions -- are they trivial? (2 + 2 = ?) Are they common knowledge? They should be something only familiar to your intended audience.
Make sure you have the number of questions displayed set to more than 0. It's common to leave it at the default and then no questions are asked. Have you tried signing up as a test?
Let me answer to all questions in order:
K@: afaik Bad Behaviour is not needed I'll explain later. As to the mod you've mentioned my forum went through many versions and this is possibly a reminder of some old one. I'll remove it, thanks for pointing it out.
Kindred: Tbh I would yet have to see a system which can answer questions in my language as it's not English and questions aren't trivial. There is only one asking for a result of an equation but the equation itself isn't trivial as the last part of it is explained in text.
TheDragon, I may not have made myself clear, nobody is spamming my forum, it's just registrations. I get emails that a new user has registered, that's the type of flood I see. StopSpammer is not allowing them to finish the registration simply because it recognizes the IP/email/username triplet as a spamming source. So not spam. That's why (this is to K@) I think bad Behaviour isn't really needed.
MrPhil: I've already written about triviality of my questions. CAPTCHA in place at medium (my users couldn't read any harder) and one security question.
Thank you for all your suggestions I'll look into it myself and if I find anything I'll let you know.
Quote from: sulwen on June 28, 2013, 12:12:49 PM
K@: afaik Bad Behaviour is not needed I'll explain later.
Quote from: Kindred on June 28, 2013, 10:26:10 AM
bad behavior + httpBL uses bad behavior and project honeypot to exterminate spam registrations before they complete the registration process.
So... if spammers are egtting through your registration process, even if they are flagged and caught by Stop Spammer, then, obviously, something more is needed.
I have Questions, Stop Forum Spam and Bad Behavior + httpBL.
I have no capthca (which is basically useless against spambots, at this time)
I get 1 or 2 spammers registered and flagged by SFS per month.
At the peak, I had bad behavior stopping 500+ hits to the registration system per day.
Like I said: "nobody is spamming my forum, it's just registrations."
Account gets opened and flagged by Spam Stopper so it's inactive and it's not posting anything.
you have AGAIN, missed my point.
With my set up, very few of the spammers even REACH the "stop Spammer" flagged account stage
(none at all make it through to the board)
You complained that you were getting hundreds of accounts flagged as spammers.
install bad behavior+ httpBL and add a honeypot to your site...
this will stop 90% of the spammers before they even get into the registration process and get flagged
(because only spammers who COMPLETED the registration process have an account to BE flagged)
Ok, I seem to have everything in order but still something is going through it.
Is it possible that due to the age of that forum (since early versions of 1.0.*) something went wrong with the code and there is a hole there?
I'm thinking I'll just install it clean and import db and then use the same setup as you're suggesting Kindred. Thanks.
Is there any information on how to do it without too much downtime, anywhere?
if you are currently on 2.0.4, then you can just delete your directories and files
/Sources
/Themes
and all files in the root, with the exception of Settings.php (and Settings_back.php)
then - using the large upgrade archive, upload a clean set of files
then - using the clean archive of your cusotm theme, re-upload a clean set of your custom theme files into the correct subdirectory of Themes
*note: you may want to go into the database and truncate the smf_log_packages table
** note2: You may want to go into the database and find (and then clean out) the integration rows of the smf_settings table
by replacing the files, you have reset all of your FILES tyo the default installation\
by doing the database things, you have removed all your MODS, making it a "clean" install for you to start with new mods.
http://wiki.simplemachines.org/smf/How_to_upload_a_fresh_set_of_files
by uploading a fresh installed.list file in the packages folder it will make it look like all the packages are uninstalled.
Illori... not quite.
to do it properly, you need to truncate the log_packages table - and you have to remove the hooks
that is one way, but i have tested my way and it does mark the packages as uninstalled given they dont have hooks you can reinstall with no problems.
No problem deleting files and truncating table.
Thank you ever so much for help! I'll be back soon with results.
Quote from: Kindred on June 28, 2013, 09:22:41 AM
are you using the "questions" feature in smf 2.0.x?
Stop Spammer is doing exactly what it is supposed to - it is flagging the potential/identified spammers.
If you want to actually STOP the spam registrations, then you need to add additional protections... like questions and bad behavior+httpBL
This is the best suggestion. I'd advise you to switch the questions every month, OR as soon as you begin to notice spam. Once my questions are switched, I'm spam-free for at least two months.
Quote from: Liam_michael on June 28, 2013, 03:19:53 PM
I'd advise you to switch the questions every month, OR as soon as you begin to notice spam. Once my questions are switched, I'm spam-free for at least two months.
Good idea. Thanks.
Forum reinstalled and no emails so far.
I think that when someone is migrating from v.1 to v.2 they should be asked to completely reinstall the forum. Might be a bit overzealous I know, but it seems to have helped me.
Once again thank for all your valuable suggestions.