Advertisement:

Author Topic: Being logged out by bots trying to log in  (Read 143413 times)

Offline Rik©

  • Full Member
  • ***
  • Posts: 605
  • Gender: Male
    • SimpleTweaks
Re: Being logged out by bots trying to log in
« Reply #80 on: February 14, 2011, 04:17:57 AM »
* Rik© wonders if Arantor knows a quick fix for the 'always-unread bug' in the Hide Post Authors From Guests mod  :P

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,879
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #81 on: February 14, 2011, 04:22:53 AM »
* Rik© wonders if Arantor knows a quick fix for the 'always-unread bug' in the Hide Post Authors From Guests mod  :P

Nope, sorry. Haven't looked at it for a very long time.


Going back to the topic (:P) yes, that raises some interesting thoughts. Firstly, the convenience factor of username vs 'security' of email address, secondly it does actually make a case for removing the copyright since from what I can tell, the sites being attacked were found in Google based on searching for the footer. The sites of mine that haven't been attacked have a slightly modified wording in the footer (though, before anyone jumps on me, please note that it's done in accordance with the licence as the team have enforced it thus far: it only modifies the version number)
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline RVD

  • Semi-Newbie
  • *
  • Posts: 58
Re: Being logged out by bots trying to log in
« Reply #82 on: February 14, 2011, 10:56:51 AM »
* Rik© wonders if Arantor knows a quick fix for the 'always-unread bug' in the Hide Post Authors From Guests mod  :P

Nope, sorry. Haven't looked at it for a very long time.


Going back to the topic (:P) yes, that raises some interesting thoughts. Firstly, the convenience factor of username vs 'security' of email address, secondly it does actually make a case for removing the copyright since from what I can tell, the sites being attacked were found in Google based on searching for the footer. The sites of mine that haven't been attacked have a slightly modified wording in the footer (though, before anyone jumps on me, please note that it's done in accordance with the licence as the team have enforced it thus far: it only modifies the version number)

Could you share your footer mod?

Thank you.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,879
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #83 on: February 14, 2011, 11:05:47 AM »
No, I can't.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.


Offline live627

  • Development Contributor
  • SMF Hero
  • *
  • Posts: 5,620
  • Gender: Male
    • live627 on Facebook
    • live627 on GitHub
    • live627 on LinkedIn
    • @live627 on Twitter
    • livemods
Re: Being logged out by bots trying to log in
« Reply #85 on: February 14, 2011, 04:14:19 PM »
hadesflames has one for ya
Try not to become a man of success, but rather try to become a man of value.
- Albert Einstein

Offline krick

  • Jr. Member
  • **
  • Posts: 173
    • tank + paladin = tankadin
Re: Being logged out by bots trying to log in
« Reply #86 on: February 14, 2011, 10:15:19 PM »
Here's some more IP addresses to add to the .htaccess ban list.  Incidentally, does anyone happen to know if it makes any difference performance-wise if the "deny from" entries are at the beginning or the end of your .htaccess file?

66.90.101.7
66.230.230.230
77.109.139.87
82.64.83.83
83.142.228.14
87.118.104.203
91.121.152.114
94.75.253.73
95.143.193.145
109.123.119.163
137.56.163.46
137.56.163.64
145.97.195.40
173.13.165.123
173.164.128.121
173.193.221.28
192.251.226.205
192.251.226.206
208.66.135.190
208.110.65.123

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,073
  • 戦場ヶ原、蕩れ!
    • srvrguy on GitHub
    • @motokochan on Twitter
    • Nekomusume Moe
Re: Being logged out by bots trying to log in
« Reply #87 on: February 14, 2011, 11:55:03 PM »
It shouldn't make a difference. Adding directly to the Apache config and disabling htaccess would have more improvement on performance.

If you have root access, adding the IPs as an iptables (or pf for BSD) deny would be the best choice.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Offline _Ziggy_

  • Jr. Member
  • **
  • Posts: 300
    • Bluesforum.com
Re: Being logged out by bots trying to log in
« Reply #88 on: February 15, 2011, 04:28:11 AM »
I posted previously in this topic having been an early target of the bot in question.

Denying IP addresses and installing anti-spam mods like httpBL are all good things to do but a simple secure fix for this attack is to hide all email addresses by default and force members to log-in using their email address.

Part of the vulnerability of forums to this type of attack is that one part of the log-in info is public domain (eg. Usernames can be seen all over the forum and can be harvested easily).

By logging in using email address the bots have to find out and hit an active email address to log-out a user.

There is a simple mod for this 'force email log-in' and this will stop all error log entries and make your forum much more secure to any future variants these script kiddies develop.

http://custom.simplemachines.org/mods/index.php?mod=1665


I agree.
The email login should be standard for SMF.
Bluesforum.com   2.0                     Bluesforum.nl   2.0
Rockabilly-forum.com   2.0              Bluesharp.nl   2.0
Bungalowpark-forum.nl   2.0        Eee pad forum   2.01
Cristiano Ronaldo   2.02              Lockout Tagout   2.02


Looking to buy existing forums, send pm.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,879
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #89 on: February 15, 2011, 05:00:19 AM »
There is a simpler way to deal with it whilst keeping the convenience of a short login name: just use a different display name to username. I don't remember the last time I had to actually use a full email address anywhere.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline _Ziggy_

  • Jr. Member
  • **
  • Posts: 300
    • Bluesforum.com
Re: Being logged out by bots trying to log in
« Reply #90 on: February 15, 2011, 05:17:31 AM »
Yes, but how do you force members to choose a different display name to username?
Bluesforum.com   2.0                     Bluesforum.nl   2.0
Rockabilly-forum.com   2.0              Bluesharp.nl   2.0
Bungalowpark-forum.nl   2.0        Eee pad forum   2.01
Cristiano Ronaldo   2.02              Lockout Tagout   2.02


Looking to buy existing forums, send pm.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,879
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #91 on: February 15, 2011, 05:22:35 AM »
Prompt them to do so, then reset their name after a period of time if they haven't complied.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline fiver

  • Jr. Member
  • **
  • Posts: 319
Re: Being logged out by bots trying to log in
« Reply #92 on: February 15, 2011, 06:21:56 AM »
I'm receiving the same attack on a few forums. Now trying Proxy Blocker mod since someone mentioned that the bots are going through tor - lets hope it works.


Will feedback here after an hour or 2 with the result.


Note: Stand by to modify your index.php. If you get blocked by this mod, you need to hide one of the lines of the installed code that blocked you out of your forum.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,879
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #93 on: February 15, 2011, 07:15:15 AM »
Note that using that mod will also very likely screw up any mobile users trying to get to your site.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Digharatta

  • Newbie
  • *
  • Posts: 9
Re: Being logged out by bots trying to log in
« Reply #94 on: February 15, 2011, 08:04:48 AM »
Hello,

Since only few accounts were attacked, I specified the IP addresses for each of these accounts, with the help of Login Security mod, and it helped:

http://custom.simplemachines.org/mods/index.php?mod=2181

P.S. Let me also recommend Forum Firewall mod http://custom.simplemachines.org/mods/index.php?mod=2815 - it's incredible how often the forum gets attacked in small ways.

Offline Elysia

  • Semi-Newbie
  • *
  • Posts: 52
Re: Being logged out by bots trying to log in
« Reply #95 on: February 15, 2011, 09:35:26 AM »
I've updated the htaccess file with a raft of new IPs trying the logins against our large forum. The htaccess list has reduced the attempts to a trickle now rather than the flood of a fe days ago. But looking at the IPs I've added it looks like whatever is happening is spreading through more and more servers...  only one of the latest batch seems to be a tor servers connection.

Something else I've picked up is that the attempts are using usernames not displayed names, so whatever is doing this is able to read the usernames somewhere - and given that the Memberlist is not, and has never been, readable by guests, and the only other place these usernames are stored is in the database, how is this access being effected?

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,879
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #96 on: February 15, 2011, 09:36:05 AM »
Are profiles accessible to guests?
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline szinski

  • Jr. Member
  • **
  • Posts: 114
  • Gender: Male
  • Programmer by day, photographer by night.
    • Pizza Making
Re: Being logged out by bots trying to log in
« Reply #97 on: February 15, 2011, 09:40:34 AM »
A simple solution would be to create a mod that obfuscates (or simply hides) display names when a guest views the forum. Like the way eBay does it... instead of displaying "EagleMan" it'd display "E***n".

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,879
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #98 on: February 15, 2011, 09:41:35 AM »
You think it's simple to do that? If only it were, because it really isn't. You have to pretty much modify every file where usernames are loaded from the database.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline szinski

  • Jr. Member
  • **
  • Posts: 114
  • Gender: Male
  • Programmer by day, photographer by night.
    • Pizza Making
Re: Being logged out by bots trying to log in
« Reply #99 on: February 15, 2011, 09:43:17 AM »
I meant "simple" as in easily thwarting the bots... not "simple" in design/coding. Sorry.