My forums getting massive hits from spambots - anyone else noticing same?

Started by Aoife, September 20, 2011, 01:49:12 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Aoife

September 20, 2011, 01:49:12 PM Last Edit: September 20, 2011, 02:27:55 PM by aoife
Since late yesterday, our guild forums have been inundated with what look to be spambot hits. I closed the forums briefly and hits decreased a bit. Brought the forums back online and the hits increased to such a level that I put them in maintenance mode again.

Is anyone else experiencing massive hits all of a sudden?  My other forums, not gaming-related, aren't being hit like this. Just wondering.

Clarification: the attackers aren't getting thru the line of defense that's setup - that isn't the issue. The issue is just the massive numbers of hits that are occurring, even with the forums in maintenance mode.  I'm hoping these will go away over time, the sooner the better.

Account Abandoned

#1
September 20, 2011, 06:31:31 PM
It may become a chore but you can start banning spammer IP Addresses.

Aoife

#2
September 20, 2011, 06:41:26 PM
Quote from: Shawn Gossman on September 20, 2011, 06:31:31 PM
It may become a chore but you can start banning spammer IP Addresses.

Thanks, I was doing that but it was indeed too much of a chore. I closed the forums for awhile and that didn't slow the hits down. Bans haven't slowed 'em down. I reopened our forums with access to members only - guests can't access them. The spambot hits continue and I'm hoping they'll just go away after awhile, as they've done before in these kinds of attacks. As I said before, my non-gaming forums aren't getting hit at all - which is a good thing.

[Lucien]

#3
September 22, 2011, 09:05:23 AM
Why don't you just use "Stop Spammer" mod, i use it for my forum and every single spammer is stopped for access to my forum, and my regular guests can just visit and register on my site :)

When i visit your site i am welcomed with the message that i am a spammer lol :P
I'm using SMF 2.0.2 and SimplePortal 2.3.4

Aoife

#4
September 22, 2011, 09:18:22 AM
Quote from: [Lucien] on September 22, 2011, 09:05:23 AM
Why don't you just use "Stop Spammer" mod, i use it for my forum and every single spammer is stopped for access to my forum, and my regular guests can just visit and register on my site :)

When i visit your site i am welcomed with the message that i am a spammer lol :P

Thanks for the tip - I'm using Bad Behavior atm, and had been using httpBL before that. The attackers weren't getting thru, just hitting my site massively and excessively. The attacks have stopped, as they usually do after a couple of days.

As for the message that you're a spammer, your IP address must have triggered something in our defense system somewhere along the way. My apologies for that and if you PM me your IP address, I can look into the reason it's been identified as such.

Cheers!

Aoife

[Lucien]

#5
September 22, 2011, 09:23:16 AM
I only use the Stop Spammer mod and it's doing exactly what it says :D Stopping those $%&* Spammers!

I suggest you only install this mod and see what's going to happen, i get 20 to 25 spammers a day registering to my site, but they cannot post because their account will not be activated if their IP is in the Stop Spammer database :)

Good luck!

I'm using SMF 2.0.2 and SimplePortal 2.3.4

[Lucien]

#6
September 22, 2011, 09:27:38 AM
I will show you a screenshot :)
I'm using SMF 2.0.2 and SimplePortal 2.3.4

Aoife

#7
September 22, 2011, 10:18:55 AM
Quote from: [Lucien] on September 22, 2011, 09:23:16 AM
I only use the Stop Spammer mod and it's doing exactly what it says :D Stopping those $%&* Spammers!

I suggest you only install this mod and see what's going to happen, i get 20 to 25 spammers a day registering to my site, but they cannot post because their account will not be activated if their IP is in the Stop Spammer database :)

Good luck!

I don't have problems with spammers registering - I've never allowed open registration on any of my forums and I never will. The problem was just the massive number of hits on the forums themselves, as the spambots tried to find a way in - and they couldn't.  My original post was just a wondering if anyone else was experiencing the massive number of hits all of a sudden. Only my gaming-related forums were attacked and not any of my non-gaming related forums.

Thanks for the advice!   :)

[Lucien]

#8
September 22, 2011, 10:21:34 AM
Oke i understand now :)
I'm using SMF 2.0.2 and SimplePortal 2.3.4

Augster

#9
September 22, 2011, 05:26:21 PM
My forums has also experienced a huge tidal wave of bot registrations recently that have now successfully defeated the simple e-mail registration process.  Those spammed registrations then led to flooding the forums with god-awful spam posts (seriously, what exactly do these spam subscribers actually hope to gain by spamming forums with their hideous advertisements?), to the point that the host provider was threatening to shut down my site due to consuming too many resources on their server.

I enabled Extreme CAPTCHA and tried reCAPTCHA but the bots still got through registration.

Only enabling the question verification (I require 3 questions now) did the bots finally got stopped.

WIZARD87

#10
September 22, 2011, 05:43:32 PM
Quote from: aoife on September 20, 2011, 01:49:12 PM
Since late yesterday, our guild forums have been inundated with what look to be spambot hits. I closed the forums briefly and hits decreased a bit. Brought the forums back online and the hits increased to such a level that I put them in maintenance mode again.

Is anyone else experiencing massive hits all of a sudden?  My other forums, not gaming-related, aren't being hit like this. Just wondering.

Clarification: the attackers aren't getting thru the line of defense that's setup - that isn't the issue. The issue is just the massive numbers of hits that are occurring, even with the forums in maintenance mode.  I'm hoping these will go away over time, the sooner the better.

Use the stop spammer mod and add a question only those that use your forum could know... something off the wall. Stopped all my issues cold.

sdkid

#11
September 30, 2011, 10:47:56 AM
Use .htaccess

Block China: 50% of your problem gone.

Block Russia: another 20% to 30% gone.

I know that doesn't work for all-- but many sites just do not need chinese or russian traffic as part of their success.

Excellent Info AND block lists in a variety of formats ready to copy/paste:
https://www.countryipblocks.net/country-blocks/

Oldiesmann

#12
October 01, 2011, 11:06:28 AM
The easiest way I've found to stop spam is the Anti-Spam Links mod combined with regular SMF permissions. The mod allows you to specify how many posts a user can have before they can actually post links, and I've got permissions set so that new users can't edit their profiles either (since we had people registering just to plaster spam links in their profiles as well). It hasn't stopped them from registering, but it has pretty much stopped the spam.

busterone

#13
October 01, 2011, 01:16:00 PM
Quote from: sdkid on September 30, 2011, 10:47:56 AM
Use .htaccess

Block China: 50% of your problem gone.

Block Russia: another 20% to 30% gone.

...
You may be surprised at the actual statistics that are collected by the anti-spam sites. China is not the leader in forum spam, the U.S. is.
As of this week, the top 4 spam countries are
US- 25.5%
Russia-19.3%
Germany-14.3%
Ukraine-10.2%
China is way down the list at 7.7%

Bookmama

#14
October 01, 2011, 09:11:48 PM
Why did you temporarily close the forums if the spammers weren't getting through in terms of actually posting anything?  Do the massive hits cause a performance problem or are you just concerned that your database of users will explode with all the junk ones?
Most unconventional way to learn Spanish - experts don't believe it works, but I think it's the easiest way to learn Spanish ever.

Rosetta Stone versus Pimsleur

MrPhil

#15
October 04, 2011, 10:24:23 AM
It sounds like the spammers are (unintentionally) acting as a DDoS attack by simply pounding on the door trying to get in. They would need to be blocked at the .htaccess level, or (with the cooperation of your host), even higher up the food chain.

Aoife

#16
October 04, 2011, 10:37:00 AM
Quote from: MrPhil on October 04, 2011, 10:24:23 AM
It sounds like the spammers are (unintentionally) acting as a DDoS attack by simply pounding on the door trying to get in. They would need to be blocked at the .htaccess level, or (with the cooperation of your host), even higher up the food chain.

They went away (mostly) on their own after a few days - typical behavior it seems to me. I did spend a lot of time blocking IP addresses and ranges of IP addresses at the htaccess lvl too. I have to say it was interesting to watch the 'waves' of IP addresses as the attacks came from first one country then another then another....  And I'm guessing a mix of infected/hijacked home PCs and proxy servers - a large number of the IP addresses came from ISPs such as Comcast, Qwest, Cox, Verizon, and AT&T which are ISPs I don't usually see amongst the attacks we get.

Anyway, with all the protections I had in place from all the plugins and other security measures, they could pound on the door all they wanted and none could get in. None of my forums have open registration so that wasn't much of a concern. Just the massive hits in a short amount of time. Average number of hits by spammers/hackers/attackers is about 5 per hour; the average at the peak of the attack was closer to 1000 hits per hour. Kinda freaked me out a wee bit.


Print
Go Up Pages1
User actions
Advertisement: