Advertisement:

Author Topic: Being logged out by bots trying to log in  (Read 143535 times)

Offline b4pjoe

  • Jr. Member
  • **
  • Posts: 395
  • Gender: Male
    • B4print.com
Re: Being logged out by bots trying to log in
« Reply #20 on: January 16, 2011, 06:30:18 PM »
I just installed the httpBL modification recently on two of the boards I manage. It seems to work very well. You might want to try it out.

* 青山 素子 is an active contributor to Project Honeypot with 6 HoneyPots and 5 MX records donated.

I've installed this and it is detecting some spam bots...but not the ones trying to log in with members user names.

Offline bluecar1

  • Newbie
  • *
  • Posts: 3
Re: Being logged out by bots trying to log in
« Reply #21 on: January 17, 2011, 10:31:04 AM »
acams,

could you clarify which ip's are the main causes of the logging out issues?

is it all in your HTACCESS list or just some?

thanks

BC1

Most of the ones in the bottom half of my list, I got the top half from Dermot
 
 
Here is my list now
acams,

keep an eye out for

62.24.222.132
62.24.222.131

it appears the TT bots are now using these addresses,

can you let me know if you see tham and if they cause the logging out issues thanks

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,612
  • Gender: Male
    • Kindred-999 on GitHub
Re: Being logged out by bots trying to log in
« Reply #22 on: January 17, 2011, 11:33:04 AM »
since installing the bad behavior, stop forum spammers and honeypot mods, I have cut my spammers to zero in the last 2 days. The mods have caught 50 of them at registration so far... and none of the newly registered users in that time has posted any spam, so it is looking successful.

And I have not had any logout problems either...
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline b4pjoe

  • Jr. Member
  • **
  • Posts: 395
  • Gender: Male
    • B4print.com
Re: Being logged out by bots trying to log in
« Reply #23 on: January 18, 2011, 03:11:46 PM »
since installing the bad behavior, stop forum spammers and honeypot mods, I have cut my spammers to zero in the last 2 days. The mods have caught 50 of them at registration so far... and none of the newly registered users in that time has posted any spam, so it is looking successful.

And I have not had any logout problems either...

Success! After installing all three it seems to have stopped the spammers dead in their tracks! Thanks for all of the help.

Offline bork

  • Semi-Newbie
  • *
  • Posts: 84
Re: Being logged out by bots trying to log in
« Reply #24 on: February 09, 2011, 08:03:38 AM »
I've installed the 3 mods as suggested (Mod http:BL, Stop Forum Spam and Bad Behaviour) and the three together are blocking a huge amount of malicious activity.

However, I'm still getting a lot of users being logged out.

Looking at the user log, a lot of the IPs involved are present on the Stop Forum Spam database, but the SFP mod only blocks them if they try to register, not if they try to login.

Can anyone suggest any other way to block these IPs or even a mod that makes banning them from the user log faster?

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,612
  • Gender: Male
    • Kindred-999 on GitHub
Re: Being logged out by bots trying to log in
« Reply #25 on: February 09, 2011, 10:36:57 AM »
unfortunately, the only way I've been able to handle those is by manually scanning the logs once a day and adding the obvious account attempts to the spammer-ban trigger.   after about a week and 30 or so new IPs added to the ban, the hack-attempts have petered out.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline bork

  • Semi-Newbie
  • *
  • Posts: 84
Re: Being logged out by bots trying to log in
« Reply #26 on: February 09, 2011, 10:54:35 AM »
adding the obvious account attempts to the spammer-ban trigger.
Do you mean adding them manually as bans using the forum admin "add new ban" page? Is there any easy way of adding them in bulk as it's very time-consuming adding them one at a time.

I'm currently getting my virtual host provider to firewall them.

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,612
  • Gender: Male
    • Kindred-999 on GitHub
Re: Being logged out by bots trying to log in
« Reply #27 on: February 09, 2011, 11:22:27 AM »
well, I add them all as new triggers to one ban group (I open two windows - one with the error log and one with the Ban trigger)

Unfortunately, I have not found a good way to do it in bulk... 
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 18,737
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • LexArma on GitHub
    • aleksi-kilpinen on LinkedIn
    • There's No Place Like 127.0.0.1
Re: Being logged out by bots trying to log in
« Reply #28 on: February 09, 2011, 11:37:38 AM »
If it's IP addresses only that you are blocking, would probably be easier to block them on server level, before they ever get to SMF, so saving some resources and making it easier to block them multiple at a time.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.
  Fooling around with an i7 990X @ 3,47Ghz / 12Gb / Win 10 x64 / 3840x2160


How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline laetabi

  • Full Member
  • ***
  • Posts: 428
  • Gender: Male
Re: Being logged out by bots trying to log in
« Reply #29 on: February 09, 2011, 12:14:22 PM »
The most effective mod for this particular attack is called something like 'force email log-in'.

By requiring users to use their (usually) hidden email address instead of their forum userId the spambot can't trigger a log-out.

Keep using the spambot / antispam software too as it just makes sense.
What type of washing machine is September?

An autumnatic. :)

Offline bork

  • Semi-Newbie
  • *
  • Posts: 84
Re: Being logged out by bots trying to log in
« Reply #30 on: February 09, 2011, 03:14:23 PM »

Thanks, that mod does look excellent - it's just whether I can force the change on my users! I guess after a few days they'd be used to it and if it stops them getting logged out in the middle of posting then they'll probably be converted.

It's been interesting installing the Bad Behaviour/Mod http:BL/Stop Forum Spam mod combo - I've been shocked at the sheer amount of malicious activity on the forums - overnight nearly 1000 IPs were blocked by these mods;  over a whole year the amount will be massive.

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,612
  • Gender: Male
    • Kindred-999 on GitHub
Re: Being logged out by bots trying to log in
« Reply #31 on: February 09, 2011, 03:23:31 PM »
well, the numbers will level out and die-down, as your logs get up to date with the Spammers and they start hitting a wall.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Roph

  • Jr. Member
  • **
  • Posts: 377
  • Gender: Male
Re: Being logged out by bots trying to log in
« Reply #32 on: February 09, 2011, 04:52:18 PM »
Hopefully in 2.0 final we could have an option to require a captcha for logins.

Offline busterone

  • SMF Hero
  • ******
  • Posts: 2,150
  • Gender: Male
  • Devil Dog
    • The Demon's Den
Re: Being logged out by bots trying to log in
« Reply #33 on: February 09, 2011, 05:07:22 PM »
Bots have already broken captcha and reCaptcha. It is virtually worthless against the spammers these days.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,982
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #34 on: February 10, 2011, 06:00:03 AM »
Hopefully in 2.0 final we could have an option to require a captcha for logins.

Doubt it, 2.0 has been feature locked for years.

In any case, I think this behaviour's been altered slightly in SVN, not 100% sure on that though, so don't quote me on it.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Norv

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 18,313
  • Blue Wolf
Re: Being logged out by bots trying to log in
« Reply #35 on: February 11, 2011, 10:17:40 PM »
The behavior related to users being logged out has been investigated in SMF and solved, and the fix is currently available in the SMF 1.1.13 patch and the 2.0 RC4 security patch, as well as in RC5.
Thank you very much for the reports!
To-do lists are for deferral. The more things you write down the later they're done… until you have 100s of lists of things you don't do.
File a security report | Developers' Blog | Bug Tracker

Also known as Norv on D* | Norv N. on G+ | Norv on Github

Offline Elysia

  • Semi-Newbie
  • *
  • Posts: 52
Re: Being logged out by bots trying to log in
« Reply #36 on: February 11, 2011, 10:22:34 PM »
One of the forums I look after has been hit bigtime by this problem, but I've found a solution which seems to work. The IP addresses being used by the bots are all connected with the torservers network.

So, I created a list of the IPs (all 1,334 of them!) which need to be blocked and added that to my .htaccess file in the webspace and the login attempts have stopped dead. I'm attaching the list here so that anyone can try it. It's saved as a plain text file so you can download it and copy / paste the contents to your existing .htaccess file if you have one. If you haven't got one then simply upload this text file to your webspace, and rename it from htaccess.txt to .htaccess and then go check your error logs. You should find the login failures have stopped.

Offline b4pjoe

  • Jr. Member
  • **
  • Posts: 395
  • Gender: Male
    • B4print.com
Re: Being logged out by bots trying to log in
« Reply #37 on: February 11, 2011, 11:19:45 PM »
Thanks for the info Norv and Elysia. I will be adding that info to my .htaccess file right now.

Offline djkimmel

  • Semi-Newbie
  • *
  • Posts: 68
    • GreatLakesBass.com
Re: Being logged out by bots trying to log in
« Reply #38 on: February 12, 2011, 01:49:36 AM »
I had about 30 IP addresses used that weren't on that list. But since I downloaded that list, 5 more attempts came in with IP addresses on the above list and only 1 not on it. So I added it since I had seen one was listed as a tor server earlier. httpBL is blocking a few more of them now too than it was earlier today so it has slowed down for me.

Not sure what 1.1.13 patch did? It had no impact on the number of login attempts anyway.

Offline Norv

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 18,313
  • Blue Wolf
Re: Being logged out by bots trying to log in
« Reply #39 on: February 12, 2011, 02:45:35 AM »
Mods like those listed here might help with preventing or alleviating the attempts made by particular IPs, as these mods typically use online databases of spammers IPs. I should note there is a certain possibility that those databases are not always accurate, since they contain IPs accumulated by anonymous reports (and those reports could be wrong).

The 1.1.13 patch fixed a problem mentioned here: logged in users could find themselves logged out due to the attempts on their account.

That said, we're keeping an eye on these issues and any information provided can be useful and is very appreciated.
To-do lists are for deferral. The more things you write down the later they're done… until you have 100s of lists of things you don't do.
File a security report | Developers' Blog | Bug Tracker

Also known as Norv on D* | Norv N. on G+ | Norv on Github