[NOTICE] How to secure your site against recent attacks

[JBlaze]

I have noticed that since the Stop Spammer mod cross checks all info about each regsitration, when the stopforumspam.com site is slow, so are registrations.

Some sacrifice in speed is needed for proper security.

[dl75]

Hey- Thanks so much for your help!! I don't mind AT ALL that registration takes a little while. Good enough for me.

[greystonesguide]

I have tried to set up recaptcha on my site and am getting the following :

Code Select Expand

Installing this package will perform the following actions:  Type Action Description
1. Execute Modification ./Sources/ManageRegistration.php Test failed
2. Execute Modification ./Sources/Register.php Test failed
3. Execute Modification ./Themes/default/Register.template.php Test failed
4. Execute Modification ./Themes/default/languages/Modifications.english.php Test successful
5. Execute Modification ./Themes/default/languages/Modifications.english-utf8.php Skipping file
6. Execute Modification ./Themes/default/languages/Modifications.english_british.php Skipping file
7. Execute Modification ./Themes/default/languages/Modifications.english_british-utf8.php Skipping file
8. Extract File ./Sources/recaptchalib.php 

Dont know what to do now???

[Dzonny]

u can post your questions about that mod here:
http://www.simplemachines.org/community/index.php?topic=213535.0

Think that u should manually install that mod...

[_Ziggy_]

4) Install Anti-Spam measures
This is important, as it will save your forum in the long run.

Install the Stop Spammer mod.

• This mod will prevent spam signups as it cross-checks all registrations with the Spam Blacklist.
• Any registrations that check positive will be sent to the Admin approval bin.

Install the reCAPTCHA for SMF mod.

• This mod provides better captcha verification.
• It will stop MOST spam and hackers from registering.

Regards, JBlaze

I would like to try registrating on a forum where both mods are installed.
Who has both mods installed (link)?

[Aleksi "Lex" Kilpinen]

I see no obvious problem with using them both. One provides a captcha, and one only references the spammer database after the actual registration form...

[Leemy]

No, its marked as solved now...
And i belive this is going to be really solved soon..

I marked it as solved

Any update on a patch? In testing, timeline? I know release dates arent given timelines but please let us know for a patch.

Shouldnt this be in the Admin News section of the Administration Panel in everyone's SMF? Right now there's news about RC1; I think administrators would rather know about a live exploit.

[greystonesguide]

got the reCAPTCHA sorted at last - started from scratch again and it worked

Would the advice be to insert both mods ?

[JBlaze]

Yes, use both mods.

[greystonesguide]

Cheers

[FragaCampos]

Hello there.
My forum was hacked last week and my 3.000 plus attachments were made unavailable.
My team thought it was due to some kind of mod we installed, but after a week trying to understand this i found it was an attack  to the forum...
I have none of the mentioned members that upload the avatar to the server and hack the files, but there's no doubt that's what happened.
We've been uploading all the attachments again to the server, but i noticed that when i send an avatar to the server via profile, it won't show. This gives me almost 100% confidence that the forum was hacked.
Thanks for the info, i'm going to install the two mods and make the changes in admin panel.


Nevertheless, I have been reading lots of SMF admins complaining about this, and i think it would be good to put this info somewhere more visible to try and guide them.

[Yahmez]

4) Install Anti-Spam measures
This is important, as it will save your forum in the long run.

Install the Stop Spammer mod.

• This mod will prevent spam signups as it cross-checks all registrations with the Spam Blacklist.
• Any registrations that check positive will be sent to the Admin approval bin.

Install the reCAPTCHA for SMF mod.

• This mod provides better captcha verification.
• It will stop MOST spam and hackers from registering.

Regards, JBlaze

I would like to try registrating on a forum where both mods are installed.
Who has both mods installed (link)?

I have both mods installed... Go ahead and register if you want... (you arent a spammer right?) 

[Broken Arrow]

Jblaze, I have one question and I may be on the wrong thread. But what version of the Stop Spam should I add?


StopSpammer_v1_0.zip (8KB) [731] 

StopSpammer_v2_1.zip (14KB) [198] 

StopSpammer_v2_2.zip (14KB) [1642]



I am using smf v 1.1.8 and I already have the other mod  you suggested installed

I tried the third one (_v2_2) but it messed up like images were supposed to be there but weren't. I assume I used the wrong version


any ideas?

[JBlaze]

If you installed on a custom theme, you must move the images included with the mod to your custom theme's /images directory

[Broken Arrow]

Oh ok, thanks

[Broken Arrow]

that worked

but it doesn't show krisbarteo  as a spammer.

is that what it is supposed to do? It has the More Info image by it like everyone else's name does

[JBlaze]

It will only show names that are trying to register as well as names in your memberlist that are suspicious.

[Broken Arrow]

Ok, thanks

I have banned the three names mentioned within this site and have done all you said to do. So I should be good to go now.

I'll be on the look out for the patch

thanks for all the work you have done to help us

[JBlaze]

Ok, thanks

I have banned the three names mentioned within this site and have done all you said to do. So I should be good to go now.

I'll be on the look out for the patch

thanks for all the work you have done to help us

No problem

All in a days work.

[Yahmez]

4) Install Anti-Spam measures
This is important, as it will save your forum in the long run.

Install the Stop Spammer mod.

• This mod will prevent spam signups as it cross-checks all registrations with the Spam Blacklist.
• Any registrations that check positive will be sent to the Admin approval bin.

Install the reCAPTCHA for SMF mod.

• This mod provides better captcha verification.
• It will stop MOST spam and hackers from registering.

Regards, JBlaze

I would like to try registrating on a forum where both mods are installed.
Who has both mods installed (link)?

I have both mods installed... Go ahead and register if you want... (you arent a spammer right?) 

Funny how after I posted this I had a bunch of spammers try to register... Hmmmmmm