I woke up to about 10 spam messages from various a$$holes as well (I had never had one to that point).   I was using 1.1.5.  I quickly came here, upgraded to 1.1.7, and had another spammer within 15 minutes.   I have changed my forum so admins must approve each new member, which is a pain.  I hope there is a fix for this!

I was getting one every half-hour. Then I installed "Are you human?". Nothing for the last 4 hours. Early days but I'm very encouraged. 

I upgrade to 1.1.7 and now get flooded with spammers.   Have had 7 or so in the last 12 hours.  All Spam bots.  Never had one with 1.1.6.  Something is surely up with this....

The Are you Human mod is still holding strong after 8 hours  would recommend that anyone still being spammed install it.
http://custom.simplemachines.org/mods/index.php?mod=999

Adding the crowd of boards experiencing huge increase of spam.

I started using SMF 1.1.5 back in April, 2008. I had one spam posting until yesterday. I had "automatic approval of registration without confirmation".

I installed 1.1.7 on Nov 7th, and the attacks didn't start until yesterday ... about 20 in 10 hours. Thus I have my doubts it is related to 1.1.7 (but worth looking into?)

I have this picture of a crowd of barely literate peasants in Sri Lanka making 20¢ an hour defeating captcha manually and replying to confirmation emails.

I changed from auto-approval with no confirmation to requiring end-user confirmation of the email sent to them. They are still getting in to post one ad (ED, cheap software, porn, etc.) before I notice it and delete it.

Many of them seem to be coming from 194.165.42.##.

It would be handy to have an easier mechanism to "Delete Member and All Their Topics-Posts". It is a multi-step process now, and SMF seems to require re-login as Admin every few hours.

Quote from: l_d_allan on November 11, 2008, 12:55:19 PMMany of them seem to be coming from 194.165.42.##.

Saudi Arabia.

The Are You Human mod seems to be helping a little.

Most of mine are coming from Hungary though.

Carl

I've marked this topic as solved. There is nothing in 1.1.7 that would make it easier to spam. It is possible however that people have found your sites by searching google using searches that contain 1.1.7.

It is very hard to make a forum script that is safe from bots, as generally computers can be made to read the same things as people. There are also many 'bots' which are actual people typing in the captcha code.

The best thing to do is use one of the many available anti-spam mods we have. As the pre-programmed scripts are often only designed for default configurations of SMF, this can be very successful.

Alternatively, if you only have a small site, try using admin approval.

no, its nothing to do with 1.1.7 my 1.1.5 is getting hit as well and from reading other peoples posts its the same messages too

Mine all came from the Ukraine and Saudi.

As a note, currently we have no reason to believe that this is version-targeted or caused by 1.1.7.

The changes to 1.1.7 were almost exclusively to the attachments system and package manager, which doesn't lend the chance of opening up a hole in another completely unrelated part of the system code-wise.

However, there has been a noticeable pickup in spam in the last few days, seemingly affecting nearly all forums -- though some are better protected than others.  I personally suspect that there is a new spam campaign going on currently. I can only reccommend beefing up your registration security as best you can.  H above makes some good suggestions.

In addition to those, i'd reccommend a few myself

1.) Ban suspicious email addresses.  If you suddenly have a bunch of *.ru email addresses registering, then this would tend to indicate more than just the friendly russian visit.
2.) Look for information getting logged.  Look for similar IP addresses, username patterns -- anything that you can use to prevent or restrict them.  On most webservers, nearly EVERY page load is logged.
3.) consider restricting posting permissions until members have one or two posts in an approved staging area or welcome board.  If you can make use of post approval in 2.0, then even better for this purpose.

I'll post other ideas as i come up with them.  But at this time, we have no reason to believe that it is directly related to the 1.1.7 release.

If I might toot my own horn, there is reCAPTCHA for SMF, which will work on the 1.1 series (it should install on 1.1.7 without problems, but I haven't confirmed and updated the page). It replaces the built-in SMF image verification with a stronger CAPTCHA system. This should help as well.

Quote from: zigzag on November 11, 2008, 01:27:52 PM
Mine all came from the Ukraine and Saudi.

Same here, IP's of the bots mostly based in those two countries. And I can also confirm it has nothing to do with 1.1.7. - it just seems as if the spam bots started a mass attack about 20 hours ago.

I've had more bots than ever which were able to beat the captcha (about 30 the last 20 hours), and about 50% of those even passed the email conformation. I'm using captcha (+ email confirmation) since it's included in SMF, and until yesterday only one single spambot was able to get through and offer penis enlargement and viagra to the users on my SMF.

I have the same theory as Met. I believe that within the last few or several days that spammer activity has picked up drastically, and that it is totally coincidental with anything related to SMF.

to help cut out a few spammers, try this:

admin>registration>set reserved names

then copy this and add to it as needed:


hope this will help 

Yeah, I was getting spammed a ton with 1.1.5, updated to 1.1.7, and it didn't stop. I increased the Captcha to a higher level.

I'm downloading "Are You Human" and will try that.

That 194.* IP looks familiar. I've deleted a dozen accounts today.

There should be an easier way to delete multiple users+posts.

The single delete page lets me delete user and post.
The multi-delete page lets me delete user only. I'd have to search for posts.

Quote from: H on November 11, 2008, 01:06:06 PM
I've marked this topic as solved.

Unbelievable!!!!!!!!!!!!!!!!!!!

I have a couple of MyBB forums and they're several versions behind the latest stable one yet they are getting zero (0) spambot sign ups while all my SMF ones are getting hammered by this new major spambot attack. This is considered "problem solved"? Unbelievable!!!  Goodbye SMF, hello MyBB!!

I found another solution.

Add the minimum age checkbox to registration page
(admin-->registration-->settings:
Age below which to apply registration restrictions ).
After I did that, no new spammers.

(hope they don't read this forum  )

Quote from: catfished link=topic=273648.msg1793605#msg1793605This is considered "problem solved"? Unbelievable!!!  Goodbye SMF, hello MyBB!!

No, it is not solved at all.
I suppose H (smf) is not happy with all this negative publicity.
Please don't forget that they do it without asking money for the software. 

Marking the topic solved keeps it from popping up on the support topics list. I guess the OP unmarked it.