Advertisement:

Author Topic: Being logged out by bots trying to log in  (Read 143527 times)

Offline robbie93

  • Sr. Member
  • ****
  • Posts: 733
    • R&H
Re: Being logged out by bots trying to log in
« Reply #220 on: February 16, 2011, 02:04:46 PM »
@robbie93,

With your portal and all, you may not wish to do so.  But then you need to make your usernames different from your display names (either by telling your users to change them or to use something like the email login MOD).

But I would like to have the OPTION as there is no benefit in our case to displaying names.

As you noted, hiding the names will not stop THIS ATTACK.  But you can be sure someone will use the script and try again.  Wouldn't you like to stop THE NEXT ATTACK.  Because it's going to come.  You've been under attack for over a month you say.  You think they're just going to take their ball and go home?  This type of attack will come again.  It's sophisticated enough that it can't be stopped by IP, it doesn't blast you so you can halt it that way.  It runs so slow that you can't be sure it's not a regular user without checking the IP against where you know the user lives.

It seems the only way to reduce (I didn't say stop) is by cloaking your site (hide membernames) and/or making sure what names are displayed are not valid for logging in. 

We take additional precautions, limiting what boards are visible, and limiting guests to seeing only the first post (which may help explain why the target list used against our site is so small; there wasn't a lot to harvest).  We blocked the Info Center as we felt there was no valid reason for guests to see that information.  We figure if they want to see more they will register (and we review them before accepting them).

Sorry if I come off as a Johnny One-Note, but it seems to be a repeated need to point out some of the features of this attack and that what works for one site will not work for another (hence my saying that maybe robbie93 doesn't see a need to hide names, but we most assuredly do want to hide them).

Cal

Hi Cal, I don't really like bulking the site with mods, we only have about 5 ATM and that to me is more than enough, as for hiding names, if we did that then the site would look rather dull because we do use a portal and we also like names to be shown on the info center and I think members like to see there names also, so taking them away would be giving in to these bots, we only have about 12 active members on the site so what we did was send a newsletter to everyone, but to the active ones we also sent Pm's and went through the process of changing there display name to something different than there username because they was complaining that they kept getting logged off half way through playing a game, and that seemed to work as they haven't complained since. I think limiting boards and making them hidden and making your members names hidden is really giving into these bots and taking something away from your site - I look at this like this - your not gonna stop bots attacking any site - no matter what software you use - and in this case they have been attacking us since early Jan or before and I don't think they have been successful as yet - but it is annoying as they fill up your logs every day.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,982
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #221 on: February 16, 2011, 02:13:04 PM »
You do realise that the mod I wrote only hides the names from guests, not to members, right? Hardly giving into anyone.

I should note, I've just started a much (much) more thorough logging of this spate of bots and already have a few ideas on how to block them until they get smarter again.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline robbie93

  • Sr. Member
  • ****
  • Posts: 733
    • R&H
Re: Being logged out by bots trying to log in
« Reply #222 on: February 16, 2011, 02:26:38 PM »
You do realise that the mod I wrote only hides the names from guests, not to members, right? Hardly giving into anyone.

I should note, I've just started a much (much) more thorough logging of this spate of bots and already have a few ideas on how to block them until they get smarter again.

Yep I realise this, but hiding names to guests makes the site less appealing, also, as you just stated these bots will continue to out smart whatever you try to do to fix them so why bother? just use different pw's and make username different from display. I dont see this site hiding names from guests on info center isnt this site getting hit? and what have you guys done on this site to stop them?

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,982
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #223 on: February 16, 2011, 02:30:49 PM »
Quote
so why bother?

Why bother running a forum, then? The fact remains they will attack. As site owners we have a responsibility to minimise the risk to our users.

Quote
I dont see this site hiding names from guests on info center isnt this site getting hit? and what have you guys done on this site to stop them?

How do you know this site isn't being hit? There's no guarantee of that at all! (In my case I am immune here because I have a different login name to display name :P)
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 18,737
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • LexArma on GitHub
    • aleksi-kilpinen on LinkedIn
    • There's No Place Like 127.0.0.1
Re: Being logged out by bots trying to log in
« Reply #224 on: February 16, 2011, 02:30:58 PM »
For smf this is a new situation, that we are just getting to know - no reason to panic, since they are slow and "mostly harmless", but reasonable steps to discourage such attempts are a good idea. For example I just adviced my users to make sure they are using strong passwords, and that their contact info is up to date, and that using different login and screen names is a good idea. On top of this, I have been blocking IPs trying to log in to more than one account, and have installed HttpBL that seems to stop many of them.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.
  Fooling around with an i7 990X @ 3,47Ghz / 12Gb / Win 10 x64 / 3840x2160


How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline robbie93

  • Sr. Member
  • ****
  • Posts: 733
    • R&H
Re: Being logged out by bots trying to log in
« Reply #225 on: February 16, 2011, 02:41:14 PM »
@ Arantor

How do you know this site isn't being hit? There's no guarantee of that at all! (In my case I am immune here because I have a different login name to display name :P)

Theres your fix then, if making your login name different to your display name makes you immune from attack why do we need a mod to hide names and boards and so on?    8) and I didnt ask if this site was being hit I asked what you guys was doing about it if it was or is  ::) .

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,609
  • Gender: Male
    • Kindred-999 on GitHub
Re: Being logged out by bots trying to log in
« Reply #226 on: February 16, 2011, 02:53:14 PM »
so, tell you users to all change their display name. Done... no need to bother the devs at all...


Oh, wait... this won't stop the existing harvest...  (but then again, neither will releasing a new version of SMF that forces a difference between login and display)

And personally, I would lose track if I had a different display from login.   I have used Kindred since the early 90s.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline b4pjoe

  • Jr. Member
  • **
  • Posts: 395
  • Gender: Male
    • B4print.com
Re: Being logged out by bots trying to log in
« Reply #227 on: February 16, 2011, 03:23:09 PM »
If one doesn't want to use a different display name from their log in name or email address the next best option is force your users to use secure passwords but your error log is still going to fill up.

Offline Elysia

  • Semi-Newbie
  • *
  • Posts: 52
Re: Being logged out by bots trying to log in
« Reply #228 on: February 16, 2011, 03:33:04 PM »
My forum error logs are cleared regular too otherwise the database gets bulky. I'll leave it for a few days and filter out the rogue logins to a new file, but as we've applied the htaccess file with 1,359 IPs blocked we are seeing very few rogue signin attempts now - today there's been 3 or 4, whereas earlier this week we were drowning in them.

I'll go check the server logs and see if there's anything useful in them though as they will still be there.

Offline Danny S.

  • Semi-Newbie
  • *
  • Posts: 95
Re: Being logged out by bots trying to log in
« Reply #229 on: February 16, 2011, 03:51:02 PM »
Hey guys,

I wanted to give an update on my situation to hopefully shed some light on a few things I've read.

First, let's start with the history of my issues. About a week ago, I got a PM from a regular member that said he has to keep logging into the forum everytime he visits. My first thought (without knowing this was an issue) was to have to user clear his cookies in his browser and try again. Issue still persisted. Eventually, I found my way here and realized it was a widespread issue.

I took everyone's advice and upgraded the site from RC3 to RC5 and now the login issues have ceased. Of course the login attempts are still continuing.

This is where my situation gets weird. Some of the usernames it is using are some of my top posters. Well, you would think this would be expected because there's more of a chance for the bot to find the username (more posts = more instances).

BUT, some of the names it's using are of members who have NEVER posted. They signed up months ago, but have never actually made a post. Where could they have gotten the name from? If it's not on any post, the only other place would be the memberlist , correct? But I though only members could see that...


Another thing, I've noticed in the last two months that my "members awaiting activation" has skyrocketed. Typically, I would see maybe 1 or 2 a month on the list. The last two months, there is a total of 78. Could this be related? I only have ~320 members on my site... surely this can't just be from getting more visits...


Any of this happening to someone else?

Offline Cal O'Shaw

  • Full Member
  • ***
  • Posts: 444
  • SMF 1.1.14 & 2.0 Sites
Re: Being logged out by bots trying to log in
« Reply #230 on: February 16, 2011, 03:58:36 PM »
@Danny,

Info Center -> Forum Stats -> "Latest Member:" XXX

That's one of the reasons we hid the Info Center.

Cal

Offline Danny S.

  • Semi-Newbie
  • *
  • Posts: 95
Re: Being logged out by bots trying to log in
« Reply #231 on: February 16, 2011, 04:00:50 PM »
That could definitely be causing it, but some of these users signed up months ago and the field was quickly overwritten with a new member (within a couple days).

Does is still store the "new user" info even after a new member signs up? If not, wouldn't this mean that they captured the usernames as far back as last July?

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,609
  • Gender: Male
    • Kindred-999 on GitHub
Re: Being logged out by bots trying to log in
« Reply #232 on: February 16, 2011, 04:03:04 PM »
memberlist.....
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Danny S.

  • Semi-Newbie
  • *
  • Posts: 95
Re: Being logged out by bots trying to log in
« Reply #233 on: February 16, 2011, 04:04:47 PM »
Quote from: Kindred
memberlist.....

But isn't the memberlist only visible to members? By memberlist I'm referring to index.php?action=mlist.

Offline Cal O'Shaw

  • Full Member
  • ***
  • Posts: 444
  • SMF 1.1.14 & 2.0 Sites
Re: Being logged out by bots trying to log in
« Reply #234 on: February 16, 2011, 04:06:29 PM »
You have to change the permission for guests.  I believe it is on by default (we switched it off years ago, so I could be quite wrong on default setting).

Cal

Offline Danny S.

  • Semi-Newbie
  • *
  • Posts: 95
Re: Being logged out by bots trying to log in
« Reply #235 on: February 16, 2011, 04:11:05 PM »
You have to change the permission for guests.  I believe it is on by default (we switched it off years ago, so I could be quite wrong on default setting).

Cal


I'm not trying to say that you're wrong, but just for troubleshooting purposes, mine is turned off for guests, so I don't think this is where they are finding the information. Unless, that is, they've created a username and now have access to them all.



Also, do you guys think that my recent spike in "members awaiting activation" could be related? Do you think it's trying to create accounts (I have my site setup on email activation).

Has anyone else noticed a spike on their sites?

Offline Norv

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 18,313
  • Blue Wolf
Re: Being logged out by bots trying to log in
« Reply #236 on: February 16, 2011, 04:17:39 PM »
There were sites (a while ago, not only these days) that receive quite a number of spammers registering. They only put a spam link in their profile, and never come back again. (in these cases)
Perhaps you can check their IPs too, against online databases like project HoneyPot, to see if they're IPs of known spammers.

There are mods on the customize site you can install to check these, i.e. httpBL, stop forum spam.
To-do lists are for deferral. The more things you write down the later they're done… until you have 100s of lists of things you don't do.
File a security report | Developers' Blog | Bug Tracker

Also known as Norv on D* | Norv N. on G+ | Norv on Github

Offline laetabi

  • Full Member
  • ***
  • Posts: 428
  • Gender: Male
Re: Being logged out by bots trying to log in
« Reply #237 on: February 16, 2011, 04:44:05 PM »
memberlist.....

Don't think so unless they register to get to it.

My site has never enabled guest access to the memberlist and the majority of targeted userIDs were prominent posters/long term members. 
What type of washing machine is September?

An autumnatic. :)

Offline Elysia

  • Semi-Newbie
  • *
  • Posts: 52
Re: Being logged out by bots trying to log in
« Reply #238 on: February 16, 2011, 05:26:46 PM »
Our Memberlist is not and never has been visible to Guests or Regular members, only to Global Mods and Admins. Profiles are visible to Regular Members though.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,982
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #239 on: February 16, 2011, 05:35:10 PM »
They're not getting member names from the memberlist, they seem to be getting them from posts and threads visible to guests.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.