Tidal wave of spambots attacks SMF 1.1.x - How to protect your forum

Deprecated · November 11, 2008, 10:16:11 PM

Quote from: Motoko-chan on November 11, 2008, 10:07:27 PM
As a note, reCAPTCHA for SMF works very well on the 2.0 betas, and in fact is much cleaner in code (because of the structure changes).

I haven't addressed SMF 2.0 yet because as far as I know the spammerz haven't hit 2.0 yet, but if they do, MC's reCAPTCHA mod looks like the ultimate weapon against them. The other two mods rely on obscurity, but the reCAPTCHA relies on strong technology to replace SMF's CAPTCHA with a more robust CAPTCHA.

Make no mistake, if the spambots start hitting my 2.0 forums I'm heading for the reCAPTCHA download first. I don't believe in playing games with antagonists. Pull a knife on me and I'll shoot you through the heart. I believe MC's mod is good enough to be the equivalent.

Just for the record, MC's mod brought reCAPTCHA's technology to SMF. Visit their website: http://recaptcha.net/

青山素子 · November 11, 2008, 10:20:58 PM

Quote from: Deprecated on November 11, 2008, 10:16:11 PM
I haven't addressed SMF 2.0 yet because as far as I know the spammerz haven't hit 2.0 yet, but if they do, MC's reCAPTCHA mod looks like the ultimate weapon against them. The other two mods rely on obscurity, but the reCAPTCHA relies on strong technology to replace SMF's CAPTCHA with a more robust CAPTCHA.

Don't forget that 2.0 now adds registration questions. These should work just as well (and no mod install needed!).

saratogaWX · November 11, 2008, 10:25:47 PM

I found the reCAPTCHA replacement for the built-in CAPTCHA works .. already got a thwarted registration attempt (from Saudi Arabia). SMF 1.1.6 and SMF 1.1.7 . Thanks for the excellent information and advice.

Deprecated · November 11, 2008, 10:26:12 PM

Quote from: Motoko-chan on November 11, 2008, 10:20:58 PMDon't forget that 2.0 now adds registration questions. These should work just as well (and no mod install needed!).

Yes I noted the registration questions in my OP, and I'm already using them in my guest posting areas for my 2.0 forums.

What year is it? (2008)

Are you a bot? (no)

You could add as many questions as you like here, and the custom questions I'm sure really mess up the spambots!

Another great reason to upgrade to SMF 2.0.

Actually I'm considering a mod package to bring those questions to 1.1.x if the spambots can't be handled by the methods outlined in the OP.

Muldoon · November 11, 2008, 11:29:24 PM

Do you just recommended completely deleting these accounts, rather than any type of banning then? I've banned 13 accounts so far this evening...

青山素子 · November 11, 2008, 11:30:09 PM

Banning won't help too much against botnets. Just delete and take the measures in the first post.

catfished · November 11, 2008, 11:30:55 PM

After setting the image verification to high and adding an age limit, the attack has ceased on all my forums so far. Crossing my fingers.

Muldoon · November 11, 2008, 11:32:22 PM

Thanks Motoko-chan. I'll delete them all and look at installing these mods. I have never used them before... Will there be issues with TinyPortal then?

Thank you,
Muldoon

ascaland · November 11, 2008, 11:34:05 PM

If it's the MODs for registering, then definately not.

Muldoon · November 11, 2008, 11:35:13 PM

Thanks!

Deprecated · November 11, 2008, 11:36:31 PM

Quote from: catfished on November 11, 2008, 11:30:55 PM
After setting the image verification to high and adding an age limit, the attack has ceased on all my forums so far. Crossing my fingers.

I'm glad our advice is working for you Catfished.

Again I'm sorry for the misunderstanding in your other topic, and I hope we have made it up to you.

Trust me on this, we will support this problem until spammers cannot bother you. Our forum software won't work for anybody if we can't keep spambots out. It won't even work for my sites, so I have an iron in the fire too!

If nobody else, we mod authors will marshal our forces and kill the spambots. We have our heartland to protect!

Deprecated · November 11, 2008, 11:39:07 PM

Quote from: Muldoon on November 11, 2008, 11:32:22 PM
Thanks Motoko-chan. I'll delete them all and look at installing these mods. I have never used them before... Will there be issues with TinyPortal then?

Please report what worked for you and your TP installation. We need user reports of what works particularly in situations I couldn't test due to my not running any TP or any 1.1.7 production forums.

If you have a combo that works with TP we'd like to hear it.

Muldoon · November 11, 2008, 11:51:18 PM

I'm rather new to registration mods, or any mod for that matter. I'm still running SMF 1.1.6 and TP 0.9.8

So I will report back when I successfully install these mods...

and I take it you recommend maintenance mode for these mod installs...?

Muldoon · November 11, 2008, 11:57:51 PM

I'm seeing a lot of unactivated accounts with the last part of the hostname:

keymachine.de

some of the email addresses are .ru others are gmail...

I did delete all who posted this spam, but what to do about other accounts that maybe are spammers but never activated...

Deprecated · November 12, 2008, 12:07:15 AM

Muldoon, please tell us which of those accounts were from after you installed at least one of the mods in the OP, or tell us what other measures that you tried and found that they failed.

The important thing in this topic is that you should try at least one method outlined in the OP, and then report back whether it succeeded or failed.

And as to your other question: Well... if all else fails, just delete anybody you aren't sure about, and hope if they are real people they will try again.

Or email them and ask them about their registration. How many bots reply to questions via email? (Maybe a few, but this should help you.)

Muldoon · November 12, 2008, 12:21:55 AM

Just came across this. Hope this helps:

http://www.stopforumspam.com/

I'm using this to locate them in my members list

Deprecated · November 12, 2008, 12:25:15 AM

Interesting site for manual look-ups. Unfortunately for all but the smallest forums that is impractical. However, they have an API (applications interface: computer compatible) so it might be possible for some mod author to create an SMF mod package to use the service.

metallica48423 · November 12, 2008, 01:02:20 AM

I'd also like to point out that theres also, seemingly, been other coordinated attacks today. For a short while today World of Warcraft's servers were almost completely inundated with traffic from a DoS attack. A number of people in the hosting industry today informed me of DoS attacks going on against their datacenters. For a short while we were also seeing odd requests on this forum happening.

The best advice I can give administrators is to keep an eye on things. Don't be afraid to ask questions though if you need help getting things cleaned up.

Thanks for everyone's patience

Muldoon · November 12, 2008, 02:17:12 AM

Well I turned on manual approval by me. Sure enough, I verified info on the above site that I had just posted and both were bad accounts. Well one was on the site, and another's last two digits in the IP were one number off, so deleted as well...

vagrant · November 12, 2008, 02:46:03 AM

I found a big list of forum spammers, but it is a comma-separated IP list.
I don't know if it is of much use here as it's meant for another type of forum, and not sure if it can be imported into SMF ban system.

With the right "search and replace" on the comma's it could be used in an htaccess file i suppose.

News:

Tidal wave of spambots attacks SMF 1.1.x - How to protect your forum