Hackers and or Spammers...

[soul.guardian]

Hello,
I am having a lot of problems with spammers and now I believe one of them hacked into the permissions and sent a porn newsletter to all my users. I use Akismet and Recaptcha and nada... can't kill the spam....

I really need help! Any ideas?

Right now my forum is in Maintenance mode, but I am not even sure if that will stop the dude sending porn using my list... this is a bummer!
Anyone?

SMF 1.1.11
Packages:
1. SMF 1.0.16 / 1.1.8 Update 1.0     
2. Akismet Spam Blocking    1.1.1
3. SMF 1.0.18 / 1.1.10 / 2.0 RC1-2 Update 1.1 
4. Auto Embed Video/Audio Clips 4.0.2
5. Global Headers Footers 1.4.1
6. SMF 1.0.19 / 1.1.11 Update 1.0
7. Akismet Spam Blocking    1.2 Beta 2
8. SMF 1.0.17 / 1.1.9 / 2.0 RC1 Update 1.0 
9. Akismet Spam Blocking    1.1.1   
10. reCAPTCHA for SMF    0.9.5.3 

[Skhilled]

Find the IP of that user and block them on the server instead of on the forum.

You should also give your hosting his/her info so they can help track him on the server and block him if he has other IP addresses.

[soul.guardian]

Hi Thanks, I am not sure how to block them on the server.... any tuts on that?

I will tell my ISP....

I wish there was a package I could install that would nuke these peops...

[busterone]

You most likely have that option in your host control panel. If not, use .htaccess
Here is one tut. There are dozens out there.  http://blamcast.net/articles/block-bots-hotlinking-ban-ip-htaccess

Also check in your SMF admin controls to limit the number of PMs that can be sent by a single user at one time.
You also may want to change the permissions for new users, preventing them from sending PMs or posting attachments under a set number of posts. It will not eliminate them, but will slow them down drastically. If they register and immediately discover that they can't spam, they will leave.

[kat]

Best Spam control I know of is to make new registrations "By approval".

[Abg]

Hi,


Here  are some tips that really helped me cut down on the number of spammers :

1. Like Kat said make registrations by approval.

2. enable email notification :So  when a new member joins, you can check their I.P.,email etc.  , some people have an email address like 
     viagara...  , meds ...something  etc  .  ban those, they are spammers . I have banned a lot of people even before they could post
     their spam .
.
3. disable attachments :  I will not allow attachments any longer for new users etc. they are an easy way for them to upload alot
   of porn in no time .

4.  Install something free like Statcounter .
     I have them and you can have an invisible counter enabled, that will tell you the country/city
    and  I.P. address  a person comes from.Bust most importantly you can check excatly which page they visited, how long they were
     there etc.

That  makes it easier to identify the spam culprits.

Once you have the I.P. addrress  log into your CPanel and ban them completely from access to any of your sites .

These stepes have helped me a lot . Good luck

[soul.guardian]

My ISP said smf is a spam magnet, try phbb or vbulletin! That doesn't help me.
I have disabled attachments, made registration by approval... but to do the following, would be teadeous because spammers have 10000s of IP's

You most likely have that option in your host control panel. If not, use .htaccess
Here is one tut. There are dozens out there.  http://blamcast.net/articles/block-bots-hotlinking-ban-ip-htaccess [nofollow]

I Had really hoped that Akismet would stop these, for approval, but it doesn't work like it works on WP. Does anyone else know of a plugin that nukes unwanted guests/robots before they start. If there is a DB with the names of all these critters, then surely there is a plugin that accesses that DB and prenukes these dudes before I need to get involved... this should be automated, no?

[busterone]

The search of the modifications works wonders. 
There is- I have used it with great results.
http://custom.simplemachines.org/mods/index.php?mod=1547
There is no absolute spam prevention, but using this along with high captcha settings has worked for me.
There are at least a dozen or more other anti-spam options available here if this one doesn't suit you.
http://custom.simplemachines.org/mods/index.php?action=search;basic_search=spam

Your host is wrong. All forum software have a potential for being spambait. The administrator must be diligent to stop them.

[tumbleweed]

nice database for spammers:
http://www.stopforumspam.com/

and it hooks  into this mod:
http://custom.simplemachines.org/mods/index.php?mod=1547

I use that DB at server level to stop alot of spammers.

Frank

[soul.guardian]

Thank you tumbleweed & busterone - that was the plugin I needed.

Does anyone know how it was possible for someone to send porn to my newsletter list?

[rich357]

After reading these replies, I wonder if you people really know how to use what is already built into SMF.

IP's.  Posted beside the member name along with email. Click the IP. A tracking window opens showing the five basic IP network controllers like ARIN and RIPE. Along with messages such as "Sorry guest, you are banned".

Banning: A very simple procedure. RTFM. Bans can be by IP, email, host, and other methods.

Stats? Sheesh. Your host should have that information readily available. SMF also includes some basic stats.

Want to stop spammers? Try the project honey pot. There is a mod for that and it is easy to install. The mod will tell you instantly if the IP is a known spammer or not.

As for .htaccess, that's fine if you don't want the spammer on the entire site.
Then that file won't work on a windows server.

[busterone]

Believe me, I am sure tumbleweed knows more about what is inside of SMF than what you are implying. I know it very well myself as well.
The OP was not asking how to simply ban someone, but to prevent the spammers from getting in. I have had only 3 spammers get in in the last 2 years, so I guess I know a little bit about what I am doing. 

[rich357]

Well I treid out a php script that uses an array and the header() function. Only problem is, the script created some internal errors in my SMF board.

Someone who knows php, and smf, could easily write a simple mod using that same method. I would like to see a version that uses an external file for the array and uses wildcards. Or match using project honey pot.

Since my spammer liked to post porn and pills, I sent him to xhamster.com [nofollow]. Tested it out using my own IP and it worked just fine.
If they can't get in to register, that's the best part.

[Rah]

There's right now 4 "Guests" on our forum that I banned for Spamming and hacking but they seem to be squatting on our forum.
I discovered that they were exploiting the TP Shoutbox with entries like this, 3000+ of them:

guest [213.239.213.109]
Today at 22:34:38
[***forums.buddytv*com/members/belldomingo*html]buy xanax without prescription]

guest [78.46.102.197]
Today at 18:09:36
[***avatars.imvu*com/Guest_MikulenkaBernstein44]codeine]

So I deactivated the TP Shoutbox. But lo & behold, they were still accessing the TP shoutbox even after they were banned.
I unstalled TP totally from our Forum, and now the spamming has stopped, but not the spammers.
Here are my latest Error messages logs, pages upon pages upon pages:

Track IP 213.239.213.109
Error message: Sorry Guest, you are banned from using this forum!
Request: ?action=tpmod&id=shout

IP address: 64.124.203.75
Display name: Guest
Error Message: Only administrators can make database backups!
Date: 06-04-2010 Today at 22:03:50
request: ?data=on&action=dumpdb&sesc=38141107a664fab4e1ca12a5479391f9

For us, uninstalling TP v0.98, banning these cretins, and requesting Admin Approval on registration, helped!
I have to though, delete pages upon pages of error messages every 3 hours

How can one stop a Robot from squatting on one's forum, after it was banned, but keeps on making requests as I'v displayed above?

[busterone]

Ban the ip through your host's control panel or manually do it in .htaccess.

[Rah]

Ban the ip through your host's control panel or manually do it in .htaccess.

Thanks, busterone, I'll check the possibilities regarding banning the IPs through my host's control panel. Never thought of the possibility. Regarding .htaccess, that's "greek" to me.....lol!

[Rah]

Ban the ip through your host's control panel or manually do it in .htaccess.

Thanks again busterone.

There's Enabling IP Blocking at my Host's Control Panel, and
I banned a bunch of spammers & hackers from there too today.
It also created a .htaccess file automatically:

Order Allow,Deny
Allow from all
Deny from 213.239.213.109
Deny from 88.198.43.228
Deny from 67.215.237.98
Deny from 78.46.102.197
Deny from 89.149.202.152
Deny from 88.112.215.166
Deny from 78.46.93.230
Deny from 188.92.74.12
Deny from 91.212.226.12
Deny from 64.124.203.75
Deny from 64.124.203.76
Deny from 66.249.71.219
Deny from 194.44.166.173
Deny from 208.50.101.152
Most of these IPs are already registered at: http://www.stopforumspam.com/search.php?q=194.44.166.173 [nofollow]

The power struggle contunes!?!?!?

[DollBaby]

I take issue with SMF being a spam magnet.  I work several forums, half being other forms,..vB is by far the worst of the bunch.  Simply approve new registrations, if ther are too many, get help from trusted individuals. I will say that IMO that SNF is the easiest to deal with the hackers nd spammers.