Tidal wave of spambots attacks SMF 1.1.x - How to protect your forum

rokuez · November 13, 2008, 08:51:15 PM

thanks for this thread . having botnets auto register over at my eiiiforum.com [nofollow]

http://www.stopforumspam.com/forum/t344-There-Spammer-Forum-List-Somewhere [nofollow] <--- SMF coders need to make this plugin

didn't read thru entire thread, but i hope someone writes this plugin ^^^^ see link!

Deprecated · November 13, 2008, 09:01:20 PM

I've been thinking about it. I've tried to interest other parties. We have some young, budding mod authors that this would be perfect for.

Burke ♞ Knight · November 13, 2008, 09:12:17 PM

Don't look at me...

I can't even open that link, let alone have any idea what's involved in making this mod.

forumite · November 13, 2008, 09:55:42 PM

Here's the correct link, but I have no idea what to do with it

debbiet · November 13, 2008, 10:35:03 PM

Great work!!

I was on 1.1.5 and started to get a flood of spam registrations the other day. I upgraded to 1.1.7 and no change, then I found this forum post. Awesome info, and it's comforting to know the coders here care so much about it!

Anyway, I tried various changes, but the only that worked so far was changing captcha to high - no further spam registrations so far during the past hour. I know it's probably a temporary fix, so I want to implement something better. So it's either an upgrade to version 2 beta, or install reCaptcha.

I have a question about the mods though. I have no problem w/ editing code, but I just wanted to understand. There is no actual install, right? I have to manually change the code, as stated in the instructions, right?

Sorry for the silly instructions, but I basically run an unmodded install, so it's new to me.

and one last question. The next time I upgrade the forum, the modded code would probably be overwritten, right? So I would need to edit the code all over again?

Just trying to get things straight before I make a decision on which way to go this weekend. It might be easier to update to version 2.

surlyman · November 13, 2008, 10:44:25 PM

I increased the complexity of the captcha, set the minimum age to 18, and installed the "anti-robot registration puzzles" mod. Confirmed that they were all working.

Got another spammer today after applying the above fixes. Could be coincidence as it's a totally different IP and this one was the standard pharmaceutical pitch we get from time to time whereas the recent spam attacks was mostly porn links. Then again, maybe not.

I'll try adding the "Are you human" mod and see if that does anything.

catfished · November 13, 2008, 11:19:17 PM

Quote from: surlyman on November 13, 2008, 10:44:25 PM

Got another spammer today after applying the above fixes. Could be coincidence as it's a totally different IP and this one was the standard pharmaceutical pitch we get from time to time whereas the recent spam attacks was mostly porn links. Then again, maybe not.

I'll try adding the "Are you human" mod and see if that does anything.

I'm convinced that these instances of one or two spammers getting in are simply manually registered by humans (well, not quite human:-) and have nothing to do with the large spambot attack we're dealing with.JMHO

ArrayInteractive · November 13, 2008, 11:38:32 PM

Quote from: debbiet on November 13, 2008, 10:35:03 PM
I have no problem w/ editing code, but I just wanted to understand. There is no actual install, right? I have to manually change the code, as stated in the instructions, right?

If you haven't done any hacking to your original forum code, then mods should install quite easily using the packages panel in the admin. I can't believe how easily the auto mod installs work!

Last night I updated to 1.1.5, then 1.1.6, then to 1.1.7 and all my older mods I had installed still work fine. Not sure if that would be case upgrading to version 2 though.

---

One day since I inplemented some antispam measures, and I've already got six pages of error log entries, spammer guests who are banned. Guess I must have entered a few key IPs into the ban list.

busterone · November 14, 2008, 12:39:40 AM

I only had one spammer when all of this started, and he was a human. He posted a few posts on subject before the spam post. -Gone now

I have seen a drastic increase in the old /index.php?action=quickmod2;topic=155.0
exploit attempt in the last 2 days- a little over 30 in 2 days. previously, I was getting just a couple a week. They seem to be coming from everywhere. I can't help but wonder if they are related in some way.

TempusFugit · November 14, 2008, 02:32:19 AM

One thing I've noticed is that all spam accounts have hidden email.

ephralon · November 14, 2008, 02:57:26 AM

This thread is full of great solutions to prevent bot registrations, but registered bots are not my problem.

My 1.1.7 is overrun by guest spam posts in poll threads. Yesterday I disabled guest postings and yet they again posted almost a dozen messages full of junk links. And always in polls. Now I locked all polls, but I can't leave it like that forever.

All the anti spam mods that prevent guests from posting links do not work with 1.1.7, and when I try to manually update nospambyguests or antispam the package manager tells me the files are corrupted.
I think about adding nospambyguests to post.php manually, but I'd hate to resolve to a cheap hack like this.

Guests may only use the seach and view attachments and polls, I took away all other rights.
What can I do to make them stop posting in polls?

Martje · November 14, 2008, 06:11:15 AM

thanks for all the info, very usefull and helping to have a fast solution. this reminded me that I should have renewed my chartermembership

[edit] done, that was easy with paypal[/edit]

IngeJones · November 14, 2008, 08:56:39 AM

I have in the last few days been hit with spammers, and I never was before.
I immediately switched registration to approval, which has killed the spam, but not the signups.

I have changed the registration agreement to ask applicants to email me with just enough detail that I know they know what the forum is about - and I quite like this idea permanently as I am sick of people (even humans) cluttering up the user database when they never even intended to post.

Unfortunately my average user doesn't have the aptitude to email me (I have spotted people I actually know in the unactivated registrations list - but they didn't follow the advice to email me!). Having looked at the mini-quiz option for weeding out bots, I realise my average user would not be able to pass that test. The increased difficulty visual image thingy is beyond what my eyes could manage and I know some of my typical users are as bad as me in that way.

So, what I really want (and I have had this on some forums I have registered at myself) is a form to be presented to the applicant for them to freely enter some text saying why they would like to join. And then I will continue to use the Approval system. It's not a busy forum, so I am happy to go on approving registrations indefinitely.

Deprecated · November 14, 2008, 09:16:33 AM

I've taken over Karl's mods for the Are You Human? and Anti-Bot Registration Puzzles. I'm going to look into providing an addition to one of them, to add 2-3 questions that you pick yourself, along with answers you pick yourself. This is the same feature that SMF 2 has. I think just this small addition will result in everybody having just slightly different patterns from the robots' point of view, enough so that it should prove very difficult for them. I will announce it in this topic if I manage to add the functionality, probably to are You Human?.

debbiet · November 14, 2008, 09:32:13 AM

Quote from: ArrayInteractive on November 13, 2008, 11:38:32 PM

If you haven't done any hacking to your original forum code, then mods should install quite easily using the packages panel in the admin. I can't believe how easily the auto mod installs work!

Last night I updated to 1.1.5, then 1.1.6, then to 1.1.7 and all my older mods I had installed still work fine. Not sure if that would be case upgrading to version 2 though.

Thank you! I had a bit of permissions trouble w/ the packages, but after a helpdesk ticket to my host, I resolved it, and the package worked just perfectly. Thanks!!!

I added the reCAPTCHA mod, and so far so good!

thanks to all that help out here at SMF, I am very grateful!

ModelBoatMayhem · November 14, 2008, 09:33:30 AM

PLEASE make usable on ALL basic themes (Babylon)!

denzil69 · November 14, 2008, 09:39:23 AM

easiest way to find a spam member:

i place new username into google and look at how many forums they have been joining recently.
once i get past 10 different forums and they have never posted in any of them, its easy to spot.

ive increased membership security to approval for the time being.
one thing i did immeadiately was to remove the option to view genuine member email addresses.
i figured that even if they did manage to register, they couldnt be viewed so they would get in but get nothing.

thanks for the heads up

Burke ♞ Knight · November 14, 2008, 09:44:23 AM

Quote from: denzil69 on November 14, 2008, 09:39:23 AM
easiest way to find a spam member:

i place new username into google and look at how many forums they have been joining recently.
once i get past 10 different forums and they have never posted in any of them, its easy to spot.

Only problem with that, some bots are programmed to make up new names for each registration.
This means, this tactic is good for most, but not all spambots.
However, I commend you for the good thinking.

johnnymax · November 14, 2008, 10:12:13 AM

"Are you Human" worked so far!

forumite · November 14, 2008, 10:35:37 AM

I must be losing it. I recall seeing a post by someone suggesting several additions to a .htaccess file, but I can no longer find it. Might have been removed due to a camouflaged 4-letter word.

Anyone have a copy of the suggestions and know if they work?

News:

Tidal wave of spambots attacks SMF 1.1.x - How to protect your forum

ephralon