Tidal wave of spambots attacks SMF 1.1.x - How to protect your forum

wiggy · November 17, 2008, 10:13:55 PM

I banned the user accounts that were posting the spam....now i have a few thousand error log entries where by they are trying to login again....i have added their scummy ip address's to my .htaccess file to ban them as well but it does not seem to be having any effect....
any one got any idea how i can stop it?

swtdivalove · November 17, 2008, 10:15:24 PM

You can contact your host and have them ban them?

wiggy · November 17, 2008, 10:18:01 PM

ok,
will try that thanks!

Deprecated · November 17, 2008, 10:18:59 PM

Quote from: swtdivalove on November 17, 2008, 10:15:24 PM
You can contact your host and have them ban them?

Not anything that most hosts would bother with.

Please post your .htaccess file contents. I don't see why that wouldn't work, and perhaps there is an error in your Apache syntax.

lax.slash · November 17, 2008, 10:20:53 PM

Hmm... I'm curious about something. I haven't been hit yet. But I run Tiny Portal. Has anyone running TP, or any other portal/CMS bridge for that matter been hit? With or without the SMF registration system?

fwitt · November 18, 2008, 06:37:57 AM

Quote from: lax.slash on November 17, 2008, 10:20:53 PM
Hmm... I'm curious about something. I haven't been hit yet. But I run Tiny Portal. Has anyone running TP, or any other portal/CMS bridge for that matter been hit? With or without the SMF registration system?

yes three of the four sites I admin on that have been hit run tinyportal.

dvk01 · November 18, 2008, 08:16:21 AM

Tiny portal or any mod or add on makes no difference to the likelihood of attack

the bots scan looking for SMF and try to sign up

various mods make it more difficult for them to sign up but the only almost guaranteed way is for admin approval for all registrations but that needs you to examine every registration and make an educated guess whether it is a bot or a legitimate new member and that can be extremely difficult to work out unless you have a local forum covering a very local geographical area & you are happy to automatically reject prospective members from outside that area

SlammedDime · November 18, 2008, 08:18:40 AM

I'm running Mambo bridged with SMF... they hit my contact form before registering, and leave once they submit the contact, so I just get a bunch of junk mail....

Burke ♞ Knight · November 18, 2008, 08:39:32 AM

Quote from: dvk01 on November 18, 2008, 08:16:21 AM
the bots scan looking for SMF and try to sign up

Point of order...

The bots scan for ANY type of forum.

I've been dealing with 2 VB forums under attack, and been dealing with complaints by people about the following stats on web host forums I am part of:

Forum type - Number under attack:
SMF: 20
VB: 15
phpBB: 30
ProBoards: over 50 last I checked.
Others: more than I can remember.

Therefore, I do not fully believe that the bots are scanning just for any particular type of forum, but ALL forums in general.

offrocker · November 18, 2008, 09:23:56 AM

I was the only registered member on my forum, (under construction) also just upgraded to 117, even though that may not be the problem. I deleted on spammer the other day, and now have another suspected one that hasn't posted yet. Can someone please tell me how to apply post approval, so that I get to see their posts and approve them before they are added to the board?

wiggy · November 18, 2008, 10:20:39 AM

my htaccess file

order allow,deny
deny from 66.199.231.218
deny from 202.47.224.211
deny from 66.112.177.179
deny from hxxp:fatjackhosting.com [nonactive]
allow from all

Have now banned the ip's using ip deny manager within cpanel...
Hopefully someone will pick up on the above ip's and give them some of the crap back that they like dishing out

ITA003 · November 18, 2008, 12:31:58 PM

Quote from: Deprecated on November 11, 2008, 06:26:59 PM
What can you do?

I'm thinking make a mod to check, in the register page, with www.stopforumspam.com which have a simple API to get the spam IP/Email.
Waht's do you think? Is a good idea?

I'm looking the mod in the first message, but are logical check and I think that is "simple" to develop somthing to bypass that control...

PS. Sorry for my English...

SlammedDime · November 18, 2008, 12:38:23 PM

Quote from: ITA003 on November 18, 2008, 12:31:58 PM
Quote from: Deprecated on November 11, 2008, 06:26:59 PM
What can you do?
I'm thinking make a mod to check, in the register page, with www.stopforumspam.com which have a simple API to get the spam IP/Email.
Waht's do you think? Is a good idea?

I'm looking the mod in the first message, but are logical check and I think that is "simple" to develop somthing to bypass that control...

PS. Sorry for my English...

That's not a bad idea at all. Have it check and send the user an email if they are blocked and deny their registration.

ITA003 · November 18, 2008, 12:40:28 PM

Quote from: SlammedDime on November 18, 2008, 12:38:23 PM
That's not a bad idea at all. Have it check and send the user an email if they are blocked and deny their registration.

I prefer to show a message in the registration window to contact the forum administrator... or something else

SlammedDime · November 18, 2008, 12:41:38 PM

Or options to do either or both

Deprecated · November 18, 2008, 12:41:45 PM

Quote from: ITA003 on November 18, 2008, 12:31:58 PMI'm thinking make a mod to check, in the register page, with www.stopforumspam.com which have a simple API to get the spam IP/Email.
Waht's do you think? Is a good idea?

I'm looking the mod in the first message, but are logical check and I think that is "simple" to develop somthing to bypass that control...

Sure, it's a good idea. Please write it yourself, or you can post your request in our Mod Requests board and maybe somebody will be encouraged to write the mod package.

I hope to be working on a different type of modification later today if time permits. Speaking for myself only, I'm not all that interested in using outside resources. My mod will stand on its own, inside SMF.

SlammedDime · November 18, 2008, 12:44:51 PM

It would even be possible to implement the mod on the registration page, so before they even attempt to register, check their IP, and instead of displaying the registration form, display an email form that emails themself spam... lol

Deprecated · November 18, 2008, 12:49:09 PM

Matt, I really like that!!! Instead of spamming your forum or spamming your contact page, they end up spamming themselves! Very poetic!

Just use a sender address that doesn't receive reply emails. Or, if you were the vindictive sort, a bad 'Netizen, and had somebody you dislike, use their email address!!! (Just kidding!)

fwitt · November 18, 2008, 01:21:04 PM

why not just send it as if it had come from there email, or whatever the last spam email addy was

青山素子 · November 18, 2008, 01:58:01 PM

My concern with StopForumSpam is that it's user-contributed with what looks to be little to no oversight; all that is needed is an API key. This means that honest people signing up can be blacklisted by the service all too easily.

Given what I've seen people consider as spam (much of it newsletters they signed up for and don't want anymore - easily unsubscribed), I don't have much confidence in unvetted submissions.

News:

Tidal wave of spambots attacks SMF 1.1.x - How to protect your forum