Advertisement:

Author Topic: Being logged out by bots trying to log in  (Read 143759 times)

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,982
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #120 on: February 15, 2011, 10:42:36 AM »
Quote
Hey, I can't see your forum's usernames... dang... now I have to rethink my bot-tactics! LOL

I was sitting here writing it while having this conversation ;) That's what prompted the 'thinking it's easy' comment, since I'd already discovered it was a pain.

Quote
@ Arantor - Will your mod work with RC2 if I emulate RC4 ?

You can tell it to emulate RC3, RC4, RC5, RC6! or 2.0. Whether it'll work is another story, but the odds are reasonably good.

Quote
Is it only downloadable from your site?

Yes. I won't be uploading it here, not that it currently meets criteria (it doesn't - I wrote it for arantor.org first, then decided to share)



Oh, and heh, you can even see that it started out as just a Tor blocker if you look in install.xml...
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline szinski

  • Jr. Member
  • **
  • Posts: 114
  • Gender: Male
  • Programmer by day, photographer by night.
    • Pizza Making
Re: Being logged out by bots trying to log in
« Reply #121 on: February 15, 2011, 10:42:46 AM »
In other news, I'm feeling very generous: http://arantor.org/index.php?topic=262.msg4580#msg4580

Now your error log will have a zillion entries like "Invalid login from HIDDEN" LOL

Offline Astra_200

  • Jr. Member
  • **
  • Posts: 113
  • Gender: Male
Re: Being logged out by bots trying to log in
« Reply #122 on: February 15, 2011, 10:45:48 AM »
Quote
Is it only downloadable from your site?

Yes. I won't be uploading it here, not that it currently meets criteria (it doesn't - I wrote it for arantor.org first, then decided to share)

I can see you getting a few more forum members pretty fast ;D

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,982
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #123 on: February 15, 2011, 10:46:44 AM »
Quote
Now your error log will have a zillion entries like "Invalid login from HIDDEN" LOL

Nope. Username not existing doesn't log an error.

Note that it won't suddenly make it stop - the bots still have some usernames in their records, but it might hopefully slow it down over the next few days or so.

Quote
I can see you getting a few more forum members pretty fast

Heh, well, they'll see the other things I got going on that keep spam down like that funky custom CAPTCHA :D
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Astra_200

  • Jr. Member
  • **
  • Posts: 113
  • Gender: Male
Re: Being logged out by bots trying to log in
« Reply #124 on: February 15, 2011, 11:06:24 AM »
Thanks for the Anti-Abuse mod Arantor, installed like a dream :)

Very kind of you to share with the smf community.

PS - Yes that is a very smart captcha you have 8).

Offline Rik©

  • Full Member
  • ***
  • Posts: 605
  • Gender: Male
    • SimpleTweaks
Re: Being logged out by bots trying to log in
« Reply #125 on: February 15, 2011, 11:07:18 AM »
In other news, I'm feeling very generous: http://arantor.org/index.php?topic=262.msg4580#msg4580

Thank you for sharing!
Wanted to check it out but i can't download......
Forgot my pw, got the mail with the reset link, clicked it and..... nothing, just index.php  ???

-Rik©

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,982
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #126 on: February 15, 2011, 11:08:54 AM »
Quote
Forgot my pw, got the mail with the reset link, clicked it and..... nothing, just index.php

Odd, outbound email should work alright (I changed my account username earlier today, and promptly forgot my password after I changed them both at the same time... and it worked then)
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Rik©

  • Full Member
  • ***
  • Posts: 605
  • Gender: Male
    • SimpleTweaks
Re: Being logged out by bots trying to log in
« Reply #127 on: February 15, 2011, 11:26:23 AM »
Quote
Forgot my pw, got the mail with the reset link, clicked it and..... nothing, just index.php

Odd, outbound email should work alright (I changed my account username earlier today, and promptly forgot my password after I changed them both at the same time... and it worked then)
Tried it again (this time copied the link) and it works, can choose a new pw now.
Must be gmail, when i just click the link it takes me to index.php...

Again, thanks for sharing, you're the best  :P

-Rik©

Offline Astra_200

  • Jr. Member
  • **
  • Posts: 113
  • Gender: Male
Re: Being logged out by bots trying to log in
« Reply #128 on: February 15, 2011, 11:26:30 AM »
If its any help, my Arantorhome registration mail came out just fine.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,982
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #129 on: February 15, 2011, 11:27:32 AM »
Quote
Must be gmail, when i just click the link it takes me to index.php...

That's been reported for GMail+IE, no other combination that I'm aware of.

Quote
Again, thanks for sharing, you're the best

*blush*
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Tanks

  • Full Member
  • ***
  • Posts: 583
  • Gender: Male
  • Danish Dude
Re: Being logged out by bots trying to log in
« Reply #130 on: February 15, 2011, 11:28:08 AM »
Thanks Arantor :) It works on my heavy modded RC2 forum.

Only glitches is the portal blocks that shows recent topics, and the related topics mod, but I don't think the bots looks at those places.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,982
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #131 on: February 15, 2011, 11:29:30 AM »
Well, they'd have to be modified manually, I couldn't take into account all the possible variations like that. (If only there were a single common function that should be used to get member details... oh wait, there is one, just half of SMF doesn't use it!)
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Tanks

  • Full Member
  • ***
  • Posts: 583
  • Gender: Male
  • Danish Dude
Re: Being logged out by bots trying to log in
« Reply #132 on: February 15, 2011, 11:35:38 AM »
Doesn't matter, I can just turn of the blocks for guests, and put something else there.

And regarding the related topics it almost only shows my name as I am the topic starter of 99% of all topics. And my display name is of course not the same as my login name.

Also i added HIDDEN to reserved name list :) came up with that one myself :D

So all in all I feel so much more protected against these stupid attacks now, and i want to THANK YOU for that. Big Time.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,982
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #133 on: February 15, 2011, 11:39:01 AM »
If your display name is different to your username, you're actually safe yourself from attack anyway (I am on my own site, for example)
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Astra_200

  • Jr. Member
  • **
  • Posts: 113
  • Gender: Male
Re: Being logged out by bots trying to log in
« Reply #134 on: February 15, 2011, 11:48:53 AM »
Names are still visable in Simple Portal and the Avea Media gallery too, but anything to help stop this attack is a good thing.

I've not had one error since I've installed Arantors mod whereas before they were coming in once every couple of minutes.

Well done that man!!

Offline fiver

  • Jr. Member
  • **
  • Posts: 319
Re: Being logged out by bots trying to log in
« Reply #135 on: February 15, 2011, 12:40:49 PM »
Hi Arantor,


Many thanks for antiabuse mod.


For those interested, there are 2 more areas with usernames exposed
1. Latest Member: xxxxx
2. /index.php?action=sitemap;sa=topics (sitemap mod)


Proxy Blocker kept them off since installed a few hours back but 1 member did complain being blocked out. So I unstalled PB, installed antiabuse and in the last 30 mins they came back with usernames and password incorrect again.


Update: They didnt come back in the last 30 min.

« Last Edit: February 15, 2011, 12:53:02 PM by fiver »

Offline laetabi

  • Full Member
  • ***
  • Posts: 428
  • Gender: Male
Re: Being logged out by bots trying to log in
« Reply #136 on: February 15, 2011, 12:45:30 PM »
Congrats Arantor. Good work.

Will be interesting to see if the bot has stored the existing usernames or is harvesting them on the fly. From the activity I saw I suspect the latter which will make this mod pretty secure for those unwilling to force email log-in.

It occurs to me that all the authors have to do is register manually and log-in to see usernames. Can they automate that?

Earlier someone asked why SMF forums were under attack. Given this some thought over the last month or so since this hit my forum as I too couldn't understand why an attempt to guess a password was every 8 minutes. Led me to two conclusions:

1) A spoiler attack on SMF forums by forcing log-outs - every eight minutes on the same user for a period then try someone else.

2) A deliberately persistent but slow attack on multiple forums to obtain passwords without alerting too many people too quickly.

I don't buy the latter as it would make more sense to randomize the usernames on each log-in to avoid alerting admins or users that multiple attempts were taking place. But it is a risk and one I couldn't discount.

I haven't checked but are other forums (non-SMF) suffering similar attacks?   
Ultimately I guess the answer will be 'because they can'. As for other motivation, who knows. Warped minds.
What type of washing machine is September?

An autumnatic. :)

Offline Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 18,757
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • LexArma on GitHub
    • aleksi-kilpinen on LinkedIn
    • There's No Place Like 127.0.0.1
Re: Being logged out by bots trying to log in
« Reply #137 on: February 15, 2011, 12:59:20 PM »
I've monitored this activity on my forum, and it seems one IP will do one login attempt, to two different accounts, about 10 minutes apart and then go away for a couple of hours before coming back to do the same again. In between these visits, other IPs do the same, with similar intervals to different accounts. All together it adds up to tens, even hundreds of attempts a day - but it's really really hard totell apart legit attempts from the bots, other than the fact that it seems a notable portion of the bot IPs belong to TOR networks.

Most probably their only goal is to collect login+pw pairs, to be used elsewhere for more sinister purposes and targeted attacks.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.
  Fooling around with an i7 990X @ 3,47Ghz / 12Gb / Win 10 x64 / 3840x2160


How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,982
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #138 on: February 15, 2011, 01:06:36 PM »
Re the above post, yes the latest member is exposed, as are stats. I won't be adding any more though (and certainly not support for any mods)
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline szinski

  • Jr. Member
  • **
  • Posts: 114
  • Gender: Male
  • Programmer by day, photographer by night.
    • Pizza Making
Re: Being logged out by bots trying to log in
« Reply #139 on: February 15, 2011, 01:08:46 PM »
Most probably their only goal is to collect login+pw pairs, to be used elsewhere for more sinister purposes and targeted attacks.

I thought about that scenario myself... if the bot were able to guess a password, then a human could login as that person and access their profile. From the profile, they could glean the person's e-mail address. Now armed with an e-mail address and password, they might try accessing PayPal (etc.) with that email/password pair since a lot of people use the same password everywhere.

IDK, but it's a well orchestrated attack... I'm even seeing this activity on a couple of my tiny non-publicized "private" forums.