Tidal wave of spambots attacks SMF 1.1.x - How to protect your forum

[societyofrobots]

A great article I just found on CAPTCHA. It also lists other forms of CAPTCHA software that should be incorporated into SMF:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=Security&articleId=9126378&taxonomyId=17&pageNumber=1

As long as we all use the same defense (ie reCAPTCHA), we all fall at the same time

[smonk]

we had 10 or 12 of these guys registering every day.  they got hung up in the email activation process, but it was still a pain in the backside to clean up every day.

we installed Anti-Spam Verification Questions for SMF 1.1.7 on Friday, and it stopped them dead in their tracks.

[eddyT1961]

I put alot of hours into my forum only to have it invaded by these inconsiderate so and so's.
Is there a way to organize a nation-wide lynch mob against these nasty spam-bot programmers...
...Oh c'mon, just a little mob?

I'm a big strong guy...never been accused of hurting anyone that didn't deserve it... So I was thinking maybe I could just introduce myself and pretend to want to shake their hand. Then I could crush the bones in their little programming fingers, and then run back to my car before they could call the police. What do you think guys?

[KirkhamsEbooks]

I was originally going to write an article on 10 uses for pedofiles and child abusers in the dojo (martial art training area) but I could make it for spammers instead

Rick

[animeboy]

I read through this and didn't see this mentioned.  It won't be applicable for everyone, but if your running a regional or even countrywide type of forum, it will help some, and it's not specific to SMF.

There's a httpd module for apache called mod_GeoIP that lets you allow/deny whole country ranges of IP's.  I've setup my 2 forums to just allow US and Cananda and that pretty effectively stopped 99.99 of the spam bots at the apache level.

If you have access at this level (I know not everyone does).
It's a simple:
yum install mod_GeoIP 
for RHEL, CentOS, Fedora.  There's a apt get for ubuntu as well...

From there it's a modification of the httpd.conf and the allow,deny blocks for the root of your server, or virtual hosts.


Mark

[MrMike]

I run about 50 forums and have spambot / regbot problems too. I ended up writing a mod and creating a site specifically to help stop bots. I mentioned this in another post, but I'll mention it here as well if you don't mind.  The site is http://BotScout.com.

There's a plugin for SMF as well as sample code to use in other forms or to develop your own mods or plugins with.

I'm undoubtably biased, but it's cut my spambot/regbot problems down to almost nothing. And the database of bots just keeps growing- it hit 95,000 unique bot signatures a couple days ago.

It's all free. Give it a try if you want.

[cruisearound.ie]

I have the 3 of these on my forum which u must cmplete before registering and havent been hit yet!

Anti-Spam Verification Questions


Anti-Bot Registration Puzzles


Are You Human? (Anti-Bot Check)

Thanks for the warning

[distoria]

does the new 1.1.8 release fix the spammers?

[Akyhne]

Nothing can fix the spammers, as some of them are human registering accounts.

[Akyhne]

If someone's interested, they can take a look at this beta mod, download it and try it out: http://www.simplemachines.org/community/index.php?topic=280188.0

Note: The images in the first post are rather old. The look has changed a lot.

[GusVeness]

Hi,
I'm new to all this so please forgive my naivety.  I contracted with an individual to build my site. After building the site and getting it running, she disappeared. I'm quite happy with her work, but am getting overwhelmed with spam posts. I've muddled through and worked out how to delete and ban the offenders, but they still get through. I updated to version 1.1.8 but to no avail. Can anyone offer some suggestions?

Thanks

[sbroadbent]

And as to your other question: Well... if all else fails, just delete anybody you aren't sure about, and hope if they are real people they will try again.

Or email them and ask them about their registration. How many bots reply to questions via email? (Maybe a few, but this should help you.)

My attempts at containing the spam has been limited to creating a member group with no posting priveleges, and manually moving new registrations to that member group, with a private message indicating if they want posting privileges to contact me.  This method did allow me to verify one legitimate user, but is time consuming.  I do have the forum send me email whenever a new user registers.

Personally I would just like to have all new users set by default to have any posts sent to a moderation queue and require approval before the post shows up.

While it would not prevent spam bots from registering, at least their spam would not show up.

I had also been banning spam bots by hostname, and IP addresses, and I did notice that several users were automatically banned with me needing to do anything more.  That unfortunately has been few.

[Akyhne]

You shouldn't even get spam bots into your forum. Raise the sequrity level, or install additional spambot verification software.

[Clara Listensprechen]

Hi,
I'm new to all this so please forgive my naivety.  I contracted with an individual to build my site. After building the site and getting it running, she disappeared. I'm quite happy with her work, but am getting overwhelmed with spam posts. I've muddled through and worked out how to delete and ban the offenders, but they still get through. I updated to version 1.1.8 but to no avail. Can anyone offer some suggestions?

Thanks

I'm fairly new to the ins and outs of Simple Machines forum software myself, but I have found a couple of simple measures to be effective (so far).  There is a mod somewhere on this board that permits you to set up a special Members category that will apply to all registrants when you select that option in the Admin center. It's a package called "Default Membergroup on Registration", and I set this up as a Restricted member group that can post only in one area and placed this area at the very bottom of the forum.  Only Restricted Members and Guests can access it.

I posted board rules down there and an Introductions section, and so far none of the spammers have shown interest in even posting spam down there. New registrations are down, but I'll have to admit that since I've started tracking them, I've noticed that if they're not total bots, their invasion attempts are at least semi-automated. 

On a totally different (non-SM board) that uses ReCaptcha, some spammers do get through.  I can confirm that they're humans; when I change Permissions By Boards periodically, I note in the Forum Error Log that this confuses the heck out of their automation, ha. Some of the error messages indicate a fairly sophisticated level of automation, but these same guys will manually attempt to engage the Help area--for troubleshooting, I guess.

I run only one board, though, and those who run...what, FIFTY boards?!?!...might find this to be still too labor-intensive.  I have also had success with IP bannings using wildcards but using WHOIS readouts on specific server ranges to ban just the servers.  Somebody originating at 194.8.X.X has been observed using different IP addresses but not outside the server's range of 194.8.0.0 - 194.8.255.255...therefore in banning the server I've banned a whole passel of retries without banning possible legit people.

[Clara Listensprechen]

And as to your other question: Well... if all else fails, just delete anybody you aren't sure about, and hope if they are real people they will try again.

Or email them and ask them about their registration. How many bots reply to questions via email? (Maybe a few, but this should help you.)

My attempts at containing the spam has been limited to creating a member group with no posting priveleges, and manually moving new registrations to that member group, with a private message indicating if they want posting privileges to contact me.  This method did allow me to verify one legitimate user, but is time consuming.  I do have the forum send me email whenever a new user registers.

Personally I would just like to have all new users set by default to have any posts sent to a moderation queue and require approval before the post shows up.

While it would not prevent spam bots from registering, at least their spam would not show up.

I had also been banning spam bots by hostname, and IP addresses, and I did notice that several users were automatically banned with me needing to do anything more.  That unfortunately has been few.

This was the suggestion that I followed when I set up the special forum area for Restricted membergroup and Guests, except that I didn't deny the ability to post and it's done automatically using the Registration mod I mentioned (not manually). 

I did things this way mainly because I wanted to later add their IP (server ranges) to the ban list having an excuse to do that.  Regular members don't have access to the area.

[angiexx1]

I have one thats applied to my forum yesturday he is sat in pending and will stay there, cant try again with his email address that way, am lucky its a small forum so can cope with that at the moment.

Am bit confused though as whois by the look of it puts address as au is that australia

while botscout has him/her or IT as china

heres some links

http://tools.whois.net/index.php?fuseaction=whois.whoisbyipresults

http://www.botscout.com/ipcheck.htm?ip=221.6.182.50

email he has used is [email protected]
Username daryy

he is the only one that has tried registering on my forum at all, had one trying to look in the forum but have the look n cant see mod guests can see catagory and boards cant read the posts etc

[Clara Listensprechen]

NOW I can use those links--as of today, my aforementioned strategy failed and got one that hacked in. Posted as if registered and display said he was both a restricted member and a regular member, AND did not appear on the registered member list.

With hackers like this, you can set up your board for Admin approval all you want to and they'll still get in.

[Akyhne]

I have one thats applied to my forum yesturday he is sat in pending and will stay there, cant try again with his email address that way, am lucky its a small forum so can cope with that at the moment.

Am bit confused though as whois by the look of it puts address as au is that australia

while botscout has him/her or IT as china

heres some links

http://tools.whois.net/index.php?fuseaction=whois.whoisbyipresults

http://www.botscout.com/ipcheck.htm?ip=221.6.182.50

email he has used is [email protected]
Username daryy

he is the only one that has tried registering on my forum at all, had one trying to look in the forum but have the look n cant see mod guests can see catagory and boards cant read the posts etc

I got daryy in yesterday. He's a bad dude. Actually the only spammer I ever got into any of my forums for a long time. He passed my avatar verification, so the guy must be human.

[JimM]

If you google daryy, you will see he has registered on lots of SMF forums and post one time.  He adds links in his signature.  You can ban him or just set your entry level membergroup as one that can't edit the profile until a certain number of post. 

There are times when you will have to deal with the occasional human spammer.

[Akyhne]

If he got past my "unknown" anti-spam mod, then he must be human or I'm a bad programmer