Tidal wave of spambots attacks SMF 1.1.x - How to protect your forum

[forumite]

I believe all those SMF vulnerabilities have been addressed in various upgrades/patches.

[青山 素子]

I also did a quick Google search: (Keep in mind, some are old posts and are for earlier versions of SMF)
I found nothing for SMF 1.1.7 or 2.x, probably due to their new release.
The search I made was "simple machine forums security"

All taken care of with the latest releases. Anyway, what does all that have to do with the spamming?

[forumite]

...what does all that have to do with the spamming?

This one, related to 1.1.6, says:

Attackers can exploit this issue to bypass filter restrictions and display spam content on the affected site.

Just reading what it says. In any event, as you say, it's been addressed (by 1.1.7).

[dwd2000]

I believe all those SMF vulnerabilities have been addressed in various upgrades/patches.

Yes, I realize that, but it wouldn't hurt to do the same search again periodically, to see if someone reveals something else. Some idiot spammer might like to brag.

I also read that SMF 1.1.7 didn't address any security issues and some of the links were for SMF 1.1.6.

The data indicates that the spam attacks are not related to the 1.1.7 upgrade, and that makes sense because the 1.1.7 upgrade has nothing to do with keeping spammers out. (Or at least I'm told that. I haven't personally verified it by a code inspection.)

EDIT:
Different subject.
I also read somewhere else in this topic about something else that might work. (sorry if I didn't read every post)
My main site has "Custom Profile Field Mod" installed and some of the questions are "Required" I have no attacks on this site.

[青山 素子]

Attackers can exploit this issue to bypass filter restrictions and display spam content on the affected site.

Just reading what it says. In any event, as you say, it's been addressed (by 1.1.7).

It hasn't been addressed, it's not a security issue. It's not even a bug.

The core issue is that if someone wants to bypass the censored words list, they can by splitting it by bbc.

For example, say the word "extravagant" is censored. You can get it to display by doing something like: [i]extrav[/i][/i]gant[/i]

That's all that issue is about.

[dwd2000]

Attackers can exploit this issue to bypass filter restrictions and display spam content on the affected site.

Just reading what it says. In any event, as you say, it's been addressed (by 1.1.7).

It hasn't been addressed, it's not a security issue. It's not even a bug.

The core issue is that if someone wants to bypass the censored words list, they can by splitting it by bbc.

For example, say the word "extravagant" is censored. You can get it to display by doing something like: [i]extrav[/i][/i]gant[/i]

That's all that issue is about.

I am guilty of not reading everything.
At the same time, someone might learn something.

[Deprecated]

Yes, I realize that, but it wouldn't hurt to do the same search again periodically...

We do.

I am guilty of not reading everything.
At the same time, someone might learn something.

I started this topic. I have read every post. If there were any significant changes or new ideas or cancellations of any suggestions in the OP I would have edited it.

Trust me man, I spent 3-4 hours that day researching and writing the OP. I consulted with my colleagues. I took over two fatherless mods because of it. We will update the OP if anything significant occurs.

So far all we've done in this topic is refine a few things. Nothing in the OP has changed.

Oh and y'all that's thanked me, y'all's very welcome!

[dwd2000]

Yes, I realize that, but it wouldn't hurt to do the same search again periodically...

We do.

[metallica48423]

I also read that SMF 1.1.7 didn't address any security issues

Not sure of your source, but there were two important security issues patched in the 1.1.7 release.

[Burke ♞ Knight]

Deprecated,

Just to let you know...

1. Thanks for the long effort at researching.
2. Thanks for the long effort at posting, and keeping people up to date.
3. Thanks for getting to work on those 2 mods. Can't wait to see which one you get working first.

[forumite]

It hasn't been addressed, it's not a security issue. It's not even a bug.

I'll admit to being confused and, as a result, maybe adding more confusion into the mix.

In this message Metallica confirmed that 1.1.7 addressed this issue reported by Secunia. The Secunia report looked very similar to the one reported by Juniper. Both referred to SMF 1.1.6, but now I see that they read somewhat differently.

Apologies if I misunderstood what I read in any of the above. I bow to the superior knowledge and experience of others here. All I'm trying to do is learn and keep my forum healthy. SMF has been rock solid for me from day 1, and I appreciate all the support I've had from the SMF team.

Maybe someone knowledgeable should correct Juniper &/or Secunia so that folks like me don't get confused/misled.

[Deprecated]

rvvorumite, you already posted the link yourself:

Solution:
Update to version 1.0.15 or 1.1.7.

Pretty much exactly what I said in the OP although I have been ignoring 1.0.15 (not my bag).

That's Secunia. I presume the other site has been updated or will be updated.

The best things you can do are (1) keep reading SMF forums, and (2) come here if you have any problems.

All those hacked forums out there, all the spammed sites, all the ones that got compromised or flooded with spam? Most of them across the Internet are probably not reading this. Most of them are probably still broken.

Just keep reading SMF's site. We don't get paid either way (we're all volunteers here) but your site works better if you keep in touch.

Keep in touch, y'all hear?

[forumite]

After beating my head against the wall trying to install the reCAPTCHA mod, this evening I read here (in the CM area) that there's a bug report on the failure to install. I can't figure out how others say they installed it with no problem.

[Deprecated]

rvforumite, please post a support request in the modification's support topic. I'm sure MC will fix you up!

here: http://www.simplemachines.org/community/index.php?topic=213535.0

[forumite]

Just keep reading SMF's site. We don't get paid either way ... but your site works better if you keep in touch.

err... that's what I've ben doing. I've even referred admins/mods on other (spammed) non-SMF forums to this discussion. But, you can only lead a horse to water ...

we're all volunteers here

Understood, and it's very much appreciated. FWIW I and the staff on my forum are also volunteers, and most of us have been doing it for over 15 years. So we do understand what it takes to support forum members 

Y'all keep up the good work. SMF has a well-earned good following.

[dwd2000]

I also read that SMF 1.1.7 didn't address any security issues

Not sure of your source, but there were two important security issues patched in the 1.1.7 release.

http://www.simplemachines.org/community/index.php?topic=273816.msg1798854#msg1798854

NOTE:
My intention with my previous posts here was not intended to put down or degrade SMF in any way.
I know, understand, as well as appreciate all the work done here. My sole intention was to help.
If anyone misunderstands that, I am sorry.

[mashby]

I have played Whack-A-Mole (banning IPs, usernames, drinking beer). None of that made a difference. I am running 1.1.7 (and won't upgrade to 2.0 for a lot of reasons). Changing the "Complexity of visual verification image" to High stopped everything. I released all bans and continue to drink beer and am very satisfied with SMF. Rock on.

[Deprecated]

dwd2000, don't sweat it. I answer a lot of support topics where people are upset. You probably never saw me put my fist through a CRT monitor. LCD monitors are so much more fist friendly! No glass!

Hey mashby, nothin' better than getting drunk and getting out the ban hammer!

We all rock on. And the best part of it is watching the spammers trying to get in, kind of like watching bugs hit your windshield as you travel down the Interstate! Or maybe like watching flies hit your electric zapper!


Zzzzzzzzzzzztttttttttttttttt!!!!

[dwd2000]

dwd2000, don't sweat it. I answer a lot of support topics where people are upset. You probably never saw me put my fist through a CRT monitor. LCD monitors are so much more fist friendly! No glass!

Hey mashby, nothin' better than getting drunk and getting out the ban hammer!

We all rock on. And the best part of it is watching the spammers trying to get in, kind of like watching bugs hit your windshield as you travel down the Interstate! Or maybe like watching flies hit your electric zapper!


Zzzzzzzzzzzztttttttttttttttt!!!!

Thanks. I needed that, but I don't drink. 

I was originally on the forums to find an answer to another problem, when I stumbled on to this. My mind was in several places at once.
I'm also in the middle of writing a support note to my host. Yes, I'm explaining that it seems to be directed at sites that don't have a human interaction type registration. (drop down menu or similar) ...and not just SMF sites.
I have one site that has "Custom Profile Field Mod" installed, with some fields being required. That site has not been infected, although I am getting visitors trying to register. I have checked the IPs of those guests against the banned IPs on the infected site and some match.

[metallica48423]

I also read that SMF 1.1.7 didn't address any security issues

Not sure of your source, but there were two important security issues patched in the 1.1.7 release.

http://www.simplemachines.org/community/index.php?topic=273816.msg1798854#msg1798854

NOTE:
My intention with my previous posts here was not intended to put down or degrade SMF in any way.
I know, understand, as well as appreciate all the work done here. My sole intention was to help.
If anyone misunderstands that, I am sorry.

I had never felt that was your intention.  I apoligize if i came across as such -- certainly was not my intention

Simply making sure misinformation doesn't creep around.