Tidal wave of spambots attacks SMF 1.1.x - How to protect your forum

[Burke ♞ Knight]

I care, or I would not have asked.
There are reasons I ask for info of this group on people's logs.
I personally prevented this group from taking down 2 support forums for Free Web Hosts.
FreeWeb7.net and Byet.net
Both are VB forums. After the attempts at attacking the forums, with HUMANS not just bots, they then proceeded to attack the servers that hosted the forums, with DDoS attacks.

[Looking]

If you can, the best thing to do is code in your own unique questions in the register form that only a human could answer. To me the others can still be answered by a bot.

[asonnenshine]

Thanks for the info.

I was running SMF 1.1.2 and started to get spam couple days ago.  I thought I had already fixed that problem by installing CAPTCHA about 6 months prior. In my forum, only registered members can post, so it seems this spam was from registered users? What?

This morning I updated to SMF 1.1.7 and was still getting spam! I thought maybe it was just my website, but then I did a search and found this post...thanks again, I'll try upgrading to 2.0.

[Burke ♞ Knight]

Like I said, if it is IST, then not all are bots. They love using real people to simulate bots.

[Paul Cull]

the internetserviceteam domain was used by the bot to post to my forum, using the user name levitraonline. ip address of  89.149.253.223 and an email address at @searchengineshome.org

[Burke ♞ Knight]

Thanks Paul. That confirms me that they are indeed behind this forum war.
My sources say that InternetServiceTeam likes to play with forums for some twisted reason.

However, they wont stop there. Their primary function is to DDoS servers and hack sites/forums.

[Deprecated]

If you can, the best thing to do is code in your own unique questions in the register form that only a human could answer. To me the others can still be answered by a bot.

That is why 2.0 is so good. Every forum operator can pick different questions.

[wmcintosh]

What I am doing http://www.wmcintosh.com/forum/index.php?action=register (may reword error message later).

At least till 2 is out of beta, and no RC's, and yes I am stubborn.

[Burke ♞ Knight]

What I am doing http://www.wmcintosh.com/forum/index.php?action=register (may reword error message later).

At least till 2 is out of beta, and no RC's, and yes I am stubborn.

That's good idea... Post your email address there for the spam bots and all to see.
You may want to change that. Maybe write it out like:

name [at] address.ext

People will know how to make it work.

[wmcintosh]

@BurkeKnight, I always post it like that, in over a year, never had spam, yet, actually I have another way to do it, before said spam bots make a liar out of me.

[Burke ♞ Knight]

@BurkeKnight, I always post it like that, in over a year, never had spam, yet, actually I have another way to do it, before said spam bots make a liar out of me.

I can only say one thing about that... ROFL!!!!

[StanJ]

I see the fixes for the English forums, anything for the Spanish?  I have a spanish forum, but do not speak that..

Thanks

Stan

[palofdru]

@BurkeKnight, I always post it like that, in over a year, never had spam, yet, actually I have another way to do it, before said spam bots make a liar out of me.

I can only say one thing about that... ROFL!!!!

^ of course, he probably *welcomes* those helpful emails offering 'penis enlargement' and thus wouldnt call it spam.....

[ArrayInteractive]

Hey Folks,

Another victim of the spamming here... I'm running 1.1.4.

I knew I was making a good choice when I went with SMF. I get nailed with this spam problem, come here expecting to be the only one. But much to my surprise you guys are all over it and offering lots of solutions! Big thanks everyone!

I've increased my Captcha complexity, forced the minimum age, and installed the are you Human mod. I hope that's enough to do the trick. Automated install of the reCaptcha mode failed testing in the Register.template.php file, and I don't really have time to muck about with it manually. Hopefully those other changes do the trick...

Has anyone tried the javascript hacks to the reg form that were mentioned back a page or two? Sounds like that would do the trick as well...

Thanks again!

So much for my idealistic world of no spammers, where I could actually increase my postings by allowing guests to make posts...

[Deprecated]

@BurkeKnight, I always post it like that, in over a year, never had spam, yet, actually I have another way to do it, before said spam bots make a liar out of me.

I can only say one thing about that... ROFL!!!!

I agree with Burke. You should post username (at) domain (dot) extension

If you get spammed don't mind Burke or me for warning you.

[Deprecated]

I see the fixes for the English forums, anything for the Spanish?  I have a spanish forum, but do not speak that..

Thanks

Stan

Stan,

La solución en Español está igual que en Inglés.

[wmcintosh]

Changed my register page.

@palofdru, why would you say that, never received those.

[palofdru]

y'all may take some small satisfaction.......

http://www.washingtonpost.com/wp-dyn/content/article/2008/11/12/AR2008111202662.html


I think this shows the importance of REPORTING these attacks and complaining to high heaven, both directly to the host (which was actually the evil partner and would probably ignore you) AND ALSO TO THEIR UPSTREAM PROVIDER AND/OR FBI!

They can claim fair harbor provisions blah blah blah blah...but once they have enough notification from enough people THEY HAVE TO ACT (this is not a legal issue) all the big ISP, Co-locators and even little webhosters have Tos (terms of service) that allow them to drop customers like a hot potato if they (customers) get too hot.

All you are really doing by complaining loudly, is forcing them to enforce their own TOS

yay another one bites the DOS! *


* get the pun? since many of these spammers engage in DOS (Denial of Service attacks and now THEY have been "Denied Service"! -also wordplay because "DOS" sounds like DUST,as in 'bytes the dust'..... oh never mind.....

[mprayii]

I run a few forums and was getting spam on 1.1.6. So I upgraded to 1.1.7 and was still getting spam accounts.

Next:

I installed the "Are you Human" mod and thought that worked, but not a day later I had a spam account created on one of my sites - dripshids - from netherlands.

I guess I will try an additional mod.

Can anyone recommend reCaptcha or the Anti-bot puzzles? My comunities consist of older people - and those that may not know how to add and subtract, haha. So I am trying to keep this as dumb as possible.

Thanks.

[bbulldog]

reCaptcha is good, installed it a couple of days ago and no more spam accounts.

many thanks here to all, as always a great job.