Advertisement:

Author Topic: Being logged out by bots trying to log in  (Read 143258 times)

Offline SergeantAsh

  • Full Member
  • ***
  • Posts: 445
Re: Being logged out by bots trying to log in
« Reply #360 on: February 22, 2011, 05:14:02 PM »
I've implemented the login_detector mod but I'm still getting password login hacks  :(
Quote
“Moderation has been called a virtue to limit the ambition of great men, and to console undistinguished people for their want of fortune and their lack of merit.”

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,672
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #361 on: February 22, 2011, 05:15:15 PM »
Different bot - the bot I wrote the mod for has slowed down, and I'm now seeing random brute force attacks on my site - for which none of the users even exist.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline SergeantAsh

  • Full Member
  • ***
  • Posts: 445
Re: Being logged out by bots trying to log in
« Reply #362 on: February 22, 2011, 05:18:19 PM »
Different bot - the bot I wrote the mod for has slowed down, and I'm now seeing random brute force attacks on my site - for which none of the users even exist.

Ahh ok - I've implemented the new Login Security mod so hopefully that'll slow down the attacks...b*stards!
Quote
“Moderation has been called a virtue to limit the ambition of great men, and to console undistinguished people for their want of fortune and their lack of merit.”

Offline searchgr

  • Sophist Member
  • *****
  • Posts: 1,247
Re: Being logged out by bots trying to log in
« Reply #363 on: February 23, 2011, 03:47:10 PM »
Code: [Select]
<install for="1.1.*, 2.0 RC3, 2.0 RC4, 2.0 RC5">
<modification type="file">install.xml</modification>
</install>

<uninstall for="1.1.*, 2.0 RC3, 2.0 RC4, 2.0 RC5">
<modification type="file" reverse="true">install.xml</modification>
</uninstall>

Login Detector
Is it compatible to 2.0 RC2? Can i add 2.0 RC2 to the above code?

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,672
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #364 on: February 23, 2011, 03:54:25 PM »
It is not supported, nor recommended for RC2. the code is only tested for RC3 and up. But if you're still using RC2, you have bigger problems to worry about than this bot.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline searchgr

  • Sophist Member
  • *****
  • Posts: 1,247
Re: Being logged out by bots trying to log in
« Reply #365 on: February 23, 2011, 04:04:14 PM »
I'm waiting for the final. I have many custom mods that i cannot update them for every RC version .....

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,507
  • Gender: Male
    • Kindred-999 on GitHub
Re: Being logged out by bots trying to log in
« Reply #366 on: February 23, 2011, 04:52:11 PM »
 and yet.... RC2 is distinctly UNSAFE with some fairly major known issues and bugs. If you have security issues with RC2, the ONLY thing we can say, at this point, is UPGRADE.


At the very least, you should be running RC3, although even that is not really a good choice.
If you upgrade to RC5, mods which install on RC3 should install on RC4, 5 and final... and mods for RC5 will almost definitely install in final with minimal, if any edits.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Storman™

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 2,027
Re: Being logged out by bots trying to log in
« Reply #367 on: February 24, 2011, 02:51:06 PM »
Quote
I'm waiting for the final. I have many custom mods that i cannot update them for every RC version .....

I was like you, but there comes a time when you have to bite the bullet, take the pain, and upgrade  ;)
Any Backup method is bettter than no Backup method....

Offline Danny S.

  • Semi-Newbie
  • *
  • Posts: 95
Re: Being logged out by bots trying to log in
« Reply #368 on: February 24, 2011, 03:17:33 PM »
I use to have about 12 mods installed when I ran RC2, but when I upgraded, I realized alot of them were frivolous and rarely used.

After upgrading to RC3, I only had 7 left.

Now after the recent update to RC5, I only have 4 that are used on a regular basis (and I could probably do without 2 of them).


Moral of the story: upgrading is a good time to check to see if the mod is even being put to good use...

Offline stog

  • Semi-Newbie
  • *
  • Posts: 84
Re: Being logged out by bots trying to log in
« Reply #369 on: February 24, 2011, 05:04:21 PM »
thx everyone -- 1.1.13 heavily modded forums with TP, many forums were troubled. applied Arantor's code and installed suggested mods (httpBL,Bad behaviour, forum firewall and -notified membership to improve their passwords and keep them unique to differring sites etc -- all much better...cheers all

Offline The QE2 Story Forum

  • Charter Member
  • Jr. Member
  • *
  • Posts: 151
    • The QE2 Story
Re: Being logged out by bots trying to log in
« Reply #370 on: March 04, 2011, 10:01:12 AM »
Just to say thank you very much indeed.  My forum was being hammered with failed logins, and now there are only real ones.  Absolutely brilliant.  I think you are right and that this could should be built into the next versions of SMF.

I couldn't get the package to install though (1.1.13) - in fact it got stuck and put thousands of entries in my error log! - so I added the code manually, and all was well.


Offline nutn2lewz

  • Semi-Newbie
  • *
  • Posts: 22
Re: Being logged out by bots trying to log in
« Reply #371 on: March 05, 2011, 06:06:10 PM »
I installed Arantor's mod on 1.1.12 without installing any other mods and it really helped. It's a simple method to deny access without having to add hundreds of ip's to my htaccess file. Thank you! The bots still make their attempts, and the errors still appear in my error log, but at least I know that the bots are not gaining access to my forum and making guessing attempts at passwords.

On a side note, the bot activity has really slowed down in the past two or three days. I expect round two any day now ...

nutN2Lewz

Offline xrunner

  • Sophist Member
  • *****
  • Posts: 1,019
  • Gender: Male
  • Karma +584/-1
Re: Being logged out by bots trying to log in
« Reply #372 on: March 06, 2011, 09:01:09 PM »
I uninstalled the Mod just to see what would happen and the attacks have ceased (for the time being).

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,672
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #373 on: March 06, 2011, 09:03:09 PM »
They appear to have slowed done/stopped against forums that saw them coming, but oddly I know a few forums that didn't bother - and are still being hit.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Vincent Volmer

  • Jr. Member
  • **
  • Posts: 214
  • Gender: Male
  • SMF2.0.15
    • digiscrapdigitaalscrappen on Facebook
    • @Digiscrap_NL on Twitter
    • Digiscrap Digitaal scrappen
Re: Being logged out by bots trying to log in
« Reply #374 on: March 07, 2011, 03:36:22 AM »
Both mods are totally different in what they do and how they load.  Neither will cause a crash if you follow instructions.  Nevertheless, if you want support and/ or come up with more info I can chew on, by all means please come to the support boards, ask away and I will gladly try to solve your problems.


I edited my previous message. FF and BB are not the reason of the problems I had 2 weeks ago because yesterday I had the same issue without FF and BB. A very high Disk I/O (7200 blocks) and about 700 ~ 800 processes.  See attachment.

It could be a sort of attack but I can't find anything in the log. For my webhost is was also not possible to see what or who is causing this traffic.

And yes.... I'm running RC3  :-[ but will update asap. I need to do a lot of translations.... :( Could this be related to RC3?

Thanks for any help on this...

Digiscrap.nl
Vincent

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,672
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #375 on: March 07, 2011, 03:38:19 AM »
And when did the optimize tables scheduled task run, out of interest?
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Vincent Volmer

  • Jr. Member
  • **
  • Posts: 214
  • Gender: Male
  • SMF2.0.15
    • digiscrapdigitaalscrappen on Facebook
    • @Digiscrap_NL on Twitter
    • Digiscrap Digitaal scrappen
Re: Being logged out by bots trying to log in
« Reply #376 on: March 07, 2011, 03:49:17 AM »
It runs every week (7 day's interval) starting at 1:00 AM.

I did this manually now without any problem...

If this is what you mean  ;)

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,672
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #377 on: March 07, 2011, 03:51:18 AM »
Well, that particular task is one that will create a LOT of I/O which is why I asked about when it was last run...
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Vincent Volmer

  • Jr. Member
  • **
  • Posts: 214
  • Gender: Male
  • SMF2.0.15
    • digiscrapdigitaalscrappen on Facebook
    • @Digiscrap_NL on Twitter
    • Digiscrap Digitaal scrappen
Re: Being logged out by bots trying to log in
« Reply #378 on: March 07, 2011, 04:07:13 AM »
Ah, okay. I checked the VPS and there's only a small peak around 1:00 but not alarming.

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,728
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Being logged out by bots trying to log in
« Reply #379 on: March 07, 2011, 07:25:57 PM »
My guess is a bot or several are hitting you hard and fast.  Checking the latest visitor log in cpanel at that time range should confirm it is a bot.  If so FF with just DOS protection, 1 hr ban and cache will stop it in a few weeks.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.