Hi,
So apparently, some bots have been posting on my forum. I have custom verification questions on registration which has worked quite well for several years, until recently.
Now I'm not sure if they're getting in through the registration page.
The funny thing is, even though they have posts, their post count says "0".
In my messages table, all their entries have an "id_topic" of "0".
Also, if I try to view their posts from the forum, I get this error:
Wrong value type sent to the database. Integer expected. (id_msg)
I'm confused. I have a feeling they might not be making these posts via the post form.
Any ideas? Thanks.
Does it say a line/file number?
Quote from: vbgamer45 on January 13, 2019, 11:14:14 AM
Does it say a line/file number?
Hi,
No it doesn't. That's all the error says.
I wanted to go to their profiles to delete their accounts (including all topics and posts) but their post count says "0" which isn't right, and going ahead with the delete might screw things up, I guess.
Anything related in the error log? Or if show the errors from that user?
Quote from: vbgamer45 on January 13, 2019, 11:30:41 AM
Anything related in the error log? Or if show the errors from that user?
No, nothing related in the error log.
I just ran "Find and Repair any Errors" from Forum maintenance and got these...
See screenshots. https://imgur.com/a/z3GpxSO (https://imgur.com/a/z3GpxSO)
PS: It says the upload folder is full if I try to attach images here.
First... if you have had the same questions for years, then you need to change them.
What php version are you running?
Quote from: Kindred on January 13, 2019, 12:32:41 PM
First... if you have had the same questions for years, then you need to change them.
What php version are you running?
Yes, I have switched to reCaptcha.
I am running php 7.1.26
The 'Find and Repair any Errors' tool combined all the messages into one topic so I was able to delete them and the bot accounts.
Now I am hoping that reCaptcha would prevent them from getting in again.
http://www.simplemachines.org/community/index.php?topic=531660.msg3776163#msg3776163
Quote from: GigaWatt on January 13, 2019, 01:00:41 PM
http://www.simplemachines.org/community/index.php?topic=531660.msg3776163#msg3776163
I believe my questions were somewhat better.
For example, I have an anagram of a local meal of a small tribe in my country, then I would ask for the correct name.
Another example is: I would give an ad-lib or phrase usually said by a local musician in my country and ask for their stage name.
I have about 20 of these questions, and they worked for years. It's possible that a bot found the answer to one of them and then hammered the registration page repeatedly until they got that question.
There's also a possibility that they did not get in via the registration page, but that's unlikely the case.
Do you run tapatalk?
If so, that is likely how they got in.
But yes... bits do catalog questions and answers.
If you used the same questions dr years, then it is very likely that the questions were slowly cataloged
Kindred, would the stopforumspam.com mod help block his spammers if they are coming through tapatalk?
nope.
If they are accessing via Tapatalk, untick this option in your Tapatalk settings:
"Automatic approval for user registered from Tapatalk"
Also, consider disabling this option:
"In-App Registration"
Or just get rid of tapatalk completely, which would be my suggestion
Quote from: Kindred on January 13, 2019, 02:06:47 PM
Do you run tapatalk?
If so, that is likely how they got in.
But yes... bits do catalog questions and answers.
If you used the same questions dr years, then it is very likely that the questions were slowly cataloged
No I don't use tapatalk.
Yeah, they probably found the answer to one or more of the questions.
But I still can't fathom how they could have made those posts.
Can you post a list of your installed mods?
Quote from: live627 on January 13, 2019, 06:53:41 PM
Can you post a list of your installed mods?
1. reCAPTCHA for SMF 2.0.0
2. FAQ Mod 2.0
3. Simple Audio Video Embedder 4.5
4. 404 on Missing Topics/Boards 2.1
5. Optimus 1.9.6
6. Drafts 1.1.5
7. InLine Attachments 1.2.1
8. SMF 2.0.14 Update 1.0
9. SMF 2.0.13 Update 1.0
10. SMF 2.0.12 Update 1.0
11. SMF 2.0.11 Update 1.0
12. SMF 1.1.21 / 2.0.10 Update 1.0
13. Elastic EMail for SMF 1.1
14. Auto Twitter Embed 1.0
15. SEO Sitemap 2.2.1
16. SMFPacks Alerts Pro 2.0.9
17. Smart Pagination 0.8.2
18. BBCode with style 1.5.1
19. Add Table, Td, Tr Button 1.0
20. Buddies With Me (aka Followers) 2.0
21. Contact Page 3.2
22. SMF Activity Stream PRO 1.0.14
23. SMF Arcade 2.51
24. EmailValidator 1.0
25. Flat Emoji (Twitter Emoji) 1.0
26. SMFPacks Likes Pro Mod 2.0.7
27. SMF 1.1.20 / 2.0.9 Update 1.0
28. SMF 2.0.8 Update 1.0
29. SMF 2.0.7 Update 1.0
30. Personalized BBC 1.8
31. Team Page 4.0.1
32. Edit All Message Titles 0.1.1
33. Pretty URLs 1.0RC5.2
34. SMFShop 3.3.2
35. Ad Seller Pro 2.1
36. Count unread replies 2.0 RC3 2.0
37. Downloads System 2.1a
38. SMF 1.1.19 / 2.0.6 Update 1.0
39. Birthday On Register 1.0
40. SMF 2.0.5 Update 1.0
41. PrettyCacheCleaner 0.1
42. Recent Topics On Board Index 1.03
43. SMF 2.0.4 Update 1.0
44. Wireless/RSS amount displayed 1.2.1
45. SMF 2.0.3 Update 1.0
46. Custom Action Mod 3.2
47. Related Topics 1.401
48. SMF Articles 2.0.1
49. Sitemap 2.2.0
50. GoogAd Mod v.1.4 1.3
51. PM to New Members 1.2
52. Default Avatar 2.2
53. BxK's WAP Mod 1.4-2
54. SimplePortal 2.3.4
55. Custom Copyright 1.0.2
Another bot has registered and posted a similar topic, even with reCaptcha.
Also, yet another bot has posted to my recycle board as a guest.
The permissions for my recycle board doesn't allow guests to post topic or replies.
I think one of my mods has it's legs open but I have no clue which one.
Look at your server logs
Could it be Drafts? That's the only mod in that list that can make posts. Granted, I don't recognize them all...
Quote from: Kindred on January 15, 2019, 08:11:51 AM
Look at your server logs
Quote from: live627 on January 15, 2019, 05:39:11 PM
Could it be Drafts? That's the only mod in that list that can make posts. Granted, I don't recognize them all...
I have several of these errors in my server log.
[Tue Jan 15 20:18:54.874552 2019] [ssl:error] [pid 15234] [client 45.224.29.1:40354] AH02225: Re-negotiation request failed, referer: https://domain.com/downloads/?sa=downfile&id=3
[Tue Jan 15 20:18:54.874601 2019] [ssl:error] [pid 15234] SSL Library Error: error:14080152:SSL routines:ssl3_accept:unsafe legacy renegotiation disabled
[Wed Jan 16 01:01:58.896123 2019] [php7:notice] [pid 13842] [client 40.77.188.175:9355] PHP Notice: Undefined index: session_var in /var/www/html/domain.com/public_html/Sources/PrettyUrls-Filters.php on line 139
Actually, I was nto suggesting that you look for errors...
instead -- you know the date and time that the post was posted. Look at the server logs for that date and time and see what the server logged for GET and PUT and the URL used to make the post.