Tidal wave of spambots attacks SMF 1.1.x - How to protect your forum

Clara Listensprechen · July 06, 2009, 12:08:56 PM

Quote from: noelchiew on May 26, 2009, 01:59:06 PM
Alright, we have dealt with bots and now we have human spammers sigh...

Thanks for your advice

It's been my experience that they initially start out as human registrants, but thereafter automate their attacks.

In reviewing Forum Error messages, after making changes to board access per forum section, I've noticed error messages indicating that there are repeated attacks on forum sections that I've since closed access to, and they keep trying to access the same forum section repeatedly, long after closure.

Supermobilegame · July 19, 2009, 12:03:48 PM

I think its more powerfull if we combine 2 image verification (reCAPTCHA for SMF + Anti Bot: Captcha Clock).
With this we can stop bot from registering in our forum.

babjusi · July 19, 2009, 12:09:02 PM

Quote from: Supermobilegame on July 19, 2009, 12:03:48 PM
I think its more powerfull if we combine 2 image verification (reCAPTCHA for SMF + Anti Bot: Captcha Clock).
With this we can stop bot from registering in our forum.

the thing is that that won''t stop the human spammers though.

Clara Listensprechen · July 19, 2009, 02:57:54 PM

Quote from: babjusi on July 19, 2009, 12:09:02 PM
Quote from: Supermobilegame on July 19, 2009, 12:03:48 PM
I think its more powerfull if we combine 2 image verification (reCAPTCHA for SMF + Anti Bot: Captcha Clock).
With this we can stop bot from registering in our forum.

the thing is that that won''t stop the human spammers though.

True, at least in my case. I've seen it happen that actual humans use actual search engines to come up with a list of boards with apparent vulnerabilities, then register in person. It's after that, that they automate attacks.

gregh · August 11, 2009, 05:44:49 PM

I've just about given up trying to stop all spammers, but this mod at least negates any links/images they post....

http://www.simplemachines.org/community/index.php?topic=323605.0

cheers,

greg

Yigal · August 11, 2009, 07:05:10 PM

Glad you could find a way out of Spammers

Daveyo · September 20, 2009, 07:15:22 PM

Well attention members:

I also have been getting hit with smut and spam senders, but I set up a trap for them.

First of all all admins must change from Automatic registry to manual approval. You must check every IP so given. Keep any IP from Ukranine, Latvia region out especially.

Ok here is the next thing: Then protect your entire forum by denying any guest from entering a post to your main forum.

Here is the trap one.

Set up a guest forum only. Here guests can make posts.

What happens is when either a human spammer comes to your site or a spam bot wants to dump the trash to your site, they go to the guest side and pow here is where they dump it.

Easy for you. Now when it comes in, do the ban IP both ways from the SMF and also your panel.

Here is the point. If you close out your guests from making posts what happens is these spammers and smut senders will then make the attempts to register to your forum and once in they set up the damage machine to destroy your site and this can get really messy indeed.

When these people register you have no way of knowing who is a spammer or smut sender, so don't close out your site to guests.

Keep the guests open for these spammers and smut senders. They also tend to do this in certain hours and you pretty much know when they do send them.

The real people will register and always check the IP and e-mails. Double check everything before approving such. If you so much as see one red dot on the IP check list, deny that registrants entry.

Now you might come across somebody from Ukraine or Latvia that wants to register. DENY THEM with absolutely no question in your mind. DENY THEM. The vast majority of the spams and smuts come from this region and area location.

After such is approved, then make sure you install the are you human and do the captcha effects minimum of 10 times. This way you will know if they are for real or some smut senders, as you can tell from the post.

The other tip make sure the user names are limited in length. Max to 6- 8 letters. Spammers and smut senders tend to have big user names.

Last of all to all admins >

MONITOR your site at least 4 times a day. Spend time on your site and variate it especially. This also discourages spammers and smut senders of figuring out when your in or out. Admins you can also hide yourself and do it in cloak form too.

Admins then keep an eye on the guest spot. As soon as you see someone about to post to the guest side, let them do it. When they are done posting then take a look and when you see the spam and smut, jot down everything , the name, the IP and do a search of location on IP. Then do the removal of the post, then ban on SMF and then ban from your panel. Then make a private ban list data and record all the info and your done.

What happens is these spammer and smut senders are happy they made a post. Unknown to them it was already removed and they are banned on their next appearance.

I have not seen any of them try to get back since.

Anyway it is just an idea of a way to set up a trap for the spammers and smut senders which basically keeps them out of your main site itself and you have it protected by allowing them to post on the guest side. Unknown to them that is your recycle bin!!!!! hehehehehehe.

Daveyo

Arantor · September 20, 2009, 07:22:45 PM

I would argue that those tips are a little bit much for most forums; particularly on busy forums.

There are also several anti-spam mods that are quite effective.

Akyhne · September 20, 2009, 08:55:15 PM

I have my own personal sequrity mod installed in my largest forum. I never saw the shadow of a spammer there, as they can't even get to the registration page XD. And all it really takes to get there, is a single click with the mouse.

That's the benefit of having your own personal spam protection

TheDragon · September 24, 2009, 10:16:24 AM

Quote from: Akyhne on September 20, 2009, 08:55:15 PM
I have my own personal sequrity mod installed in my largest forum. I never saw the shadow of a spammer there, as they can't even get to the registration page XD. And all it really takes to get there, is a single click with the mouse.

That's the benefit of having your own personal spam protection

so , , , you gonna share your coding?

or at least idea? perhaps edit the link from the register page to an interim page?

Akyhne · September 24, 2009, 10:46:35 AM

It's already here as a package somewhere in the "Coding Discussion" board. You can see and test it here: http://smf17-danish.e-debatten.dk/

EDIT: http://www.simplemachines.org/community/index.php?topic=280188.0

It will *not* work with the next release of SMF 2.

ModelBoatMayhem · July 26, 2010, 08:53:06 AM

After the last month I've had hundreds of spammer account attempted to be created from *.info email addresses, anybody else having the same thing?

IngeJones · July 26, 2010, 09:33:37 AM

Quote from: ModelBoatMayhem on July 26, 2010, 08:53:06 AM
After the last month I've had hundreds of spammer account attempted to be created from *.info email addresses, anybody else having the same thing?

It's really annoying because I have a genuine .info domain and email address, and I am increasingly finding myself unable to register at places with it, as they probably have me spamlisted.

kaamaru · July 27, 2010, 03:35:49 PM

I have lots of spammers who just put ads in their sigs and occasionally dvd converter spam.

busterone · July 27, 2010, 05:06:21 PM

Quote from: Calumks on July 27, 2010, 03:35:49 PM
I have lots of spammers who just put ads in their sigs and occasionally dvd converter spam.

Easiest way to stop that is to not allow new users the ability to edit additional profile settings, which will prevent them from having a sig. Most of these type spammers will register, add a sig, post 2 or 3 times in a topic appearing to be on topic, then leave to never return. By preventing them from having a sig, they login and stay about 5 minutes, then leave for good.
I have mine set for under 10 posts- no ability to edit profile, but you can set it up any way you prefer.

rd · July 27, 2010, 05:46:46 PM

I don't know if already mentioned but Custom Questions and reCAPTCHA helps a lot. Disallowing sigs can also help stop spam in your forum.

Midnitelove · July 29, 2010, 04:54:38 PM

Quote from: Royalduke on July 27, 2010, 05:46:46 PM
I don't know if already mentioned but Custom Questions and reCAPTCHA helps a lot. Disallowing sigs can also help stop spam in your forum.

How do I set this up? Also how do I set a min. post count before allowing siggys?

青山素子 · July 29, 2010, 05:21:21 PM

Quote from: Midnitelove on July 29, 2010, 04:54:38 PM
Quote from: Royalduke on July 27, 2010, 05:46:46 PM
I don't know if already mentioned but Custom Questions and reCAPTCHA helps a lot. Disallowing sigs can also help stop spam in your forum.

How do I set this up? Also how do I set a min. post count before allowing siggys?

For custom questions, it's a modification for the 1.1 series and built-in for 2.0 (look under anti-spam).

On signature permissions, it's not that granular. You will have to disable the entire "profile" section. First, enable permissions for postcount-based groups. Now, create a new postcount-based group with whatever name you want. Set the minimum postcount to the level at which you want users to have the ability to edit/create a signature. Edit the Newbie (0 posts) group and deny permission to edit the forum profile.

I think that will do it, but i haven't done such a thing in a long time and don't have a test board handy right now to check against.

ModelBoatMayhem · June 11, 2011, 09:56:01 PM

Seems to have started again this weekend , so far 50 this weekend.

XJDenton · June 12, 2011, 08:47:31 AM

Same problem. Had about 80 registrations from bots in the last couple of days. Running 1.1.13.

News:

Tidal wave of spambots attacks SMF 1.1.x - How to protect your forum

babjusi