Tidal wave of spambots attacks SMF 1.1.x - How to protect your forum

[nzmacro]

Driven me nuts as well. I've also turned on activated only by admin for the meantime.

Although this is probably not the right way, but its worked for me. I've banned from the server IP's  192.000.00.00 - 199.000.00.00 That seems to have stopped them altogether. Maybe its just a me thing, but its worked so far. Then again, we are a localised forum for Australasia, so nothing in between those interests us.

All the best and only for what works for us so far. That will probably change.

Danny. 

[Edi3]

I run two forums.

One is still version SMF 1.1.4 while other is SMF 1.1.6.

I also have spam problem in last few days on both of them, but noticed that it is much harder for bots to post on 1.1.6  version than at 1.1.4. as lot of attempt fail.

I noticed same username trying on both forums, but only succeed on 1.1.4 to eventually post while not successful at 1.1.6

[dvk01]

recaptcha only works on registration & not on guest postings

I need to allow guest postings on several of my forums, can recapture mod be amended to include the guest posting options  please

using 1.1.7

[Eddy Matthews]

I was having the same problem with lots of spam accounts - I use SMF 1.1.7. Admin approval was set, so although they could register, they couldn't do anything else...  Visual verification was set to medium, and that had no effect - I increased that to high and it helped a little, but still didn't stop them.

This morning I added the Anti-bot registration puzzles, and so far (just over 2 hours) no more spam registrations!

My sincere thanks to everyone that has taken the time to try and defeat these idiots!

Regards
Eddy

[Golfoscarbravo]

WOW, I started this topic and have been really impressed with the speed of which it has been answered. I have been banning them but have now added the top two options to registration. Can I add the third as well ? Or will they all conflict?

Now just got to see if it works !

Thanks everyone

[Edi3]

After setting the image verification to high and adding an age limit, the attack has ceased on all my forums so far. Crossing my fingers.

I did the same on both of my forums and noticed since then , the attacks has completely ceased so far..

[Crasy]

Driven me nuts as well. I've also turned on activated only by admin for the meantime.

Although this is probably not the right way, but its worked for me. I've banned from the server IP's  192.000.00.00 - 199.000.00.00 That seems to have stopped them altogether. Maybe its just a me thing, but its worked so far. Then again, we are a localised forum for Australasia, so nothing in between those interests us.

All the best and only for what works for us so far. That will probably change.

Danny.

I have had a friend report to me that most of the IP's she was seeing were sitting in the 192.x.x.x range. She was willing to ban the IP in a masssive generalized ban on her forums...just because he forums are small.

But I wouldn't recommend leaving such a generalized ban on your forums. Try out the methods shown here to stop bots from registering instead...rather than just banning.

[Bill.Ramby]

SMF 1.1.7 / TP 0.9.8 the human Mod is working to keep the spambots out. My logs are full of failed registrations.

[humbleworld]

Three of my SMF sites were attacked yesterday and today. I have disabled all registration forms. I thought it was just me that got the problem. Thanks for the post. At least I know what to do now.

[Costa]

Deprecated

Do you authorized me to translate your first post?
That's very usefull information for people who don't understand english.

Farewell
- Costa

[Deprecated]

I believe we are focusing mainly on the solutions presented in the OP. I think for most cases it would take too much work to verify members manually, unless you have but a very small forum.

[Final60]

Just wanted to add that I got the attacks at the same time on a 1.1.6 forum and a 1.1.7 forum. Have since added the "Are you human" mod. I personally have experienced nill new bot account creations.

[rogueplanet]

well, i'm impressed, after getting spammed all yesterday, i added the Are-you-human mod and it seems to have stopped them in its tracks

[cschelin]

SMF 1.1.6 (upgrading Saturday).

Installed the "Are You Human" mod.
Increased the complexity of the captcha
Switched to Admin Approval

I started doing the "staging area" modifications but realized that it would force all new users to post in the staging area so I'm thinking about it before finishing that up.

I do note that I've had 8 blocks since I made the changes yesterday morning so it seems to be helping.

Carl

[JohnS]

I can confirm that putting up the Captcha level to the highest seems to stop them , I am using 1.1.6. I was getting about 10 an hour in two boards, all seeming to originate in Netherlands or Saudi Arabia. Currently getting none, but am on approved membership just to be safe. When approving request confirmation just in case.
Even before I tackled this, some got in, but seem only to be putting content in the sign up profile, I have had no spam entries.
Will look at some of the other options but on first glance seemed too complicated for my head

[catfished]

After setting the image verification to high and adding an age limit, the attack has ceased on all my forums so far. Crossing my fingers.

I'm glad our advice is working for you Catfished. Again I'm sorry for the misunderstanding in your other topic, and I hope we have made it up to you.

No problem Deprecated, I now understand what was meant by "solved" in this case.

All my forums have been spam free since I implemented the above two fixes yesterday.

I do realize this is not the end but at least we won this round.

[青山 素子]

I found a big list of forum spammers, but it is a comma-separated IP list.
I don't know if it is of much use here as it's meant for another type of forum, and not sure if it can be imported into SMF ban system.

As was said above, unless this is a directed attack from certain IPs, an IP block is pointless. Spammers have a lot of practice in getting around blocks by finding new proxies or creating them (there are a few tens of million Windows machines compromised that can be used). At best, it's worthless. At worst, you're blocking innocent people/visitors who happened to get assigned the "spammer" IP because they use the same ISP.

[vertese]

Thank you very much for all you do.
It is most helpful, we appreciate the work you do for us.
Vertese

[Deprecated]

I'm glad we fixed you up Catfish. If you have any new problems just come on back and we'll find another way to fix you up.

I really hate two things: hackers and spammers. I'll go out of my way to thwart them, write some code if necessary. They may be clever, but we're clever too, and anything they throw at us we can throw right back in their faces. It's just that we have to understand what is happening before we know how to retaliate.

That topic yesterday, that was just trying to get the true picture of what was actually happening. Today the problem is solved, as summarized in the OP. Now all we have to do is (1) point people to this topic if they are being attacked by spammers, and (2) be ready for the next time the spammers improve their scripts. They will, and then we'll go through this all over again.

The important thing is that everybody should remain calm next time there is a spam attack. Report it at SMF and between the Support Team, developers and mod package authors, we'll find a way to terminate the spammers in their tracks.

[ErinMac]

After setting the image verification to high and adding an age limit, the attack has ceased on all my forums so far. Crossing my fingers.

This has worked on my 1.1.7 site as well - I'm sure it's short lived as it's just a minor tweak to their bot scripts - but it keeps me from having to install mods right off the bat.  If something changes, I'll be installing reCAPTCHA.

By the way, my error logs do show them coming back today - and the IP bans that I had put in before seeing this thread have been triggered multiple times.