Advertisement:

Author Topic: Being logged out by bots trying to log in  (Read 143605 times)

Offline Vincent Volmer

  • Jr. Member
  • **
  • Posts: 214
  • Gender: Male
  • SMF2.0.15
    • digiscrapdigitaalscrappen on Facebook
    • @Digiscrap_NL on Twitter
    • Digiscrap Digitaal scrappen
Re: Being logged out by bots trying to log in
« Reply #340 on: February 19, 2011, 04:15:36 PM »
Thanks Arantor!

kat

  • Guest
Re: Being logged out by bots trying to log in
« Reply #341 on: February 19, 2011, 04:42:43 PM »
Just had a thought...

My v1.1.13 forum's not having any hassles, with this.

Been trying to figure out why...

Could it be because I have this?

http://english-72682862726.spampoison.com

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,982
    • StoryBB/StoryBB on GitHub
Re: Being logged out by bots trying to log in
« Reply #342 on: February 19, 2011, 04:43:33 PM »
It's possible but it doesn't fit the MO of the current bots we've seen thus far.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

kat

  • Guest
Re: Being logged out by bots trying to log in
« Reply #343 on: February 19, 2011, 04:46:20 PM »
Only one error, in my logs:

8: Undefined variable: modSettings
File: /home/tlakoco/public_html/Themes/BlueMarble/index.template.php
Line: 511

Dunnowhat that's about and I don't give a poodle, coz everything works OK, so... ;)

Offline owg

  • Semi-Newbie
  • *
  • Posts: 29
Re: Being logged out by bots trying to log in
« Reply #344 on: February 19, 2011, 05:34:00 PM »
Over 24 hours now, and not a single failed login attempt - this a first for me in at least a week or more.  :)

Offline Norv

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 18,313
  • Blue Wolf
Re: Being logged out by bots trying to log in
« Reply #345 on: February 19, 2011, 05:41:05 PM »
Please see also
Simple Machines Forums attacks

ETA: owg, can you please tell how did you protect your forum? :)
« Last Edit: February 19, 2011, 05:46:12 PM by Norv »
To-do lists are for deferral. The more things you write down the later they're done… until you have 100s of lists of things you don't do.
File a security report | Developers' Blog | Bug Tracker

Also known as Norv on D* | Norv N. on G+ | Norv on Github

Offline catfished

  • Sr. Member
  • ****
  • Posts: 877
  • Gender: Male
  • pǝsnɟuoɔ ןןıʇs puɐ ʇɹıp uɐɥʇ ɹǝpןo
    • CatfishED.com
Re: Being logged out by bots trying to log in
« Reply #346 on: February 19, 2011, 06:15:03 PM »
Thanks a bunch Arantor, I just installed it so we'll see. I was getting hit every 2 to 5 minutes so I'll know soon and will report here either way.

You use and like this forum software? Then show your appreciation and support by becoming a Charter Member.



CatfishEd.com

Offline owg

  • Semi-Newbie
  • *
  • Posts: 29
Re: Being logged out by bots trying to log in
« Reply #347 on: February 19, 2011, 06:17:58 PM »
ETA: owg, can you please tell how did you protect your forum? :)
Very little actually, and it is probably just a coincidence, but here it is:

The login bot attacks started about a week or so ago.  At the time, I had http:BL and Stop Forum Spam installed.  About 4 days ago I installed CrawlProtect and Forum Firewall - I also had the list of the Tor IP addresses that someone posted in .htaccess.  None of these measures halted the login bot.  The pattern seemed to be more hits at night, and periodically during the day.  Coincident with the attacks, I was being crawled by the GoogleBot in the address range 66.249.71.* in a way that I never have before.  Typically Google visits my site during the day with only a single crawler IP, but now it was sometimes 20-25 simultaneous connections continuously during the day.

Because I thought it was possible that someone was spoofing Google, I went into Webmaster controls and reduced the number of times GoogleBots should visit, but there was no change in activity.  Finally in desperation, I added that particular IP range (66.249.71.*) to .htaccess and the I watched as the failed login attempts dropped off one by one.  This was yesterday morning, and not a peep since.  I had even removed all of the Tor IP addresses that I had in .htaccess, which now contains only a single IP range: 66.249.71.*. 

What is interesting is that Forum Firewall visitor logs reported a hack attempt by 66.249.85.3 within moments of my adding the 66.249.71.* range to .htaccess.

I don't know anything about security, and all of this is probably just a huge coincidence (the login bot probably just went away), but I'm just happy that my forum activity is back to normal.

Offline krick

  • Jr. Member
  • **
  • Posts: 173
    • tank + paladin = tankadin
Re: Being logged out by bots trying to log in
« Reply #348 on: February 19, 2011, 07:04:25 PM »
The only errors I've gotten since I installed Arantor's patch are a few of these, which are odd because that board most certainly exists.  It's always board 5 too for some reason.

Guest    Today at 04:46:02 PM
67.195.112.226      29c60c63ff1003e691be5a5c4328aaa8
http://www.tankadin.com/forum/index.php?board=5
The board you specified doesn't exist

Offline catfished

  • Sr. Member
  • ****
  • Posts: 877
  • Gender: Male
  • pǝsnɟuoɔ ןןıʇs puɐ ʇɹıp uɐɥʇ ɹǝpןo
    • CatfishED.com
Re: Being logged out by bots trying to log in
« Reply #349 on: February 19, 2011, 07:25:05 PM »
Thanks a bunch Arantor, I just installed it so we'll see. I was getting hit every 2 to 5 minutes so I'll know soon and will report here either way.

Well, it's been over an hour now and no login password errors so apparently the mod is working fine.

 Thanks again Arantor, I realize this is not a permanent fix against these bots but it's sure nice to get rid of them for awhile. ;D
You use and like this forum software? Then show your appreciation and support by becoming a Charter Member.



CatfishEd.com

Offline trebul

  • Full Member
  • ***
  • Posts: 412
    • Pet Growth - Pet Forum
Re: Being logged out by bots trying to log in
« Reply #350 on: February 19, 2011, 11:22:19 PM »
I haven't taken any actions yet i.e. installing additional mods. Today there was no bot activity to report. It's kind of odd but nice at the same time.
      Love talking about pets?
      Visit a friendly pet forum!

      Looking for tips to running a forum?
      Trebul's community guide

         

Offline Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 18,739
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • LexArma on GitHub
    • aleksi-kilpinen on LinkedIn
    • There's No Place Like 127.0.0.1
Re: Being logged out by bots trying to log in
« Reply #351 on: February 20, 2011, 01:07:02 AM »
Disabling Tor Access and setting up a Honeypot and installing httpBL worked for very well for me, and I've also been able to keep other bots like spammers at bay with this setup very well.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.
  Fooling around with an i7 990X @ 3,47Ghz / 12Gb / Win 10 x64 / 3840x2160


How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline rillani

  • Newbie
  • *
  • Posts: 3
Re: Being logged out by bots trying to log in
« Reply #352 on: February 20, 2011, 03:08:12 AM »
I, too, have been having frequent visits from a possibly fake google address:  66.249.67.243 .  This guest only shows up as doing "Nothing, or nothing you can see..."  I have never noticed it prior to these attacks (which I only noticed a couple days ago, so take that with a grain of salt).

Update: Since banning that IP, I'm now getting error logs of it trying to view member profiles and the recent posts page.
« Last Edit: February 20, 2011, 04:03:27 AM by rillani »

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,730
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Being logged out by bots trying to log in
« Reply #353 on: February 20, 2011, 08:43:59 AM »
I, too, have been having frequent visits from a possibly fake google address:  66.249.67.243 .  This guest only shows up as doing "Nothing, or nothing you can see..."  I have never noticed it prior to these attacks (which I only noticed a couple days ago, so take that with a grain of salt).

Update: Since banning that IP, I'm now getting error logs of it trying to view member profiles and the recent posts page.

Do not block Google!  Doing so will decrease real membership.  I have been blocking fake Googles for over a year.  Here are some solutions that work:
1) The new and improved Bad Behavior mod detects fake Googles.  Selecting "Search Engine DNS", if you do not have an Ubuntu 10x server, will do a reverse DNS test on the suspected Google bot.
2) The Optimus Brave, Forum Firewall Combo can be used to detect and block fake Googles that hit faster than specified.
« Last Edit: February 20, 2011, 08:47:04 AM by butchs »
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline xrunner

  • Sophist Member
  • *****
  • Posts: 1,019
  • Gender: Male
  • Karma +584/-1
Re: Being logged out by bots trying to log in
« Reply #354 on: February 20, 2011, 08:57:52 AM »
Thanks a bunch Arantor, I just installed it so we'll see. I was getting hit every 2 to 5 minutes so I'll know soon and will report here either way.

So was I, but not a single error since yesterday since the mod was installed.

Offline owg

  • Semi-Newbie
  • *
  • Posts: 29
Re: Being logged out by bots trying to log in
« Reply #355 on: February 20, 2011, 03:29:06 PM »
Do not block Google!  Doing so will decrease real membership.  I have been blocking fake Googles for over a year.  Here are some solutions that work:
1) The new and improved Bad Behavior mod detects fake Googles.  Selecting "Search Engine DNS", if you do not have an Ubuntu 10x server, will do a reverse DNS test on the suspected Google bot.
2) The Optimus Brave, Forum Firewall Combo can be used to detect and block fake Googles that hit faster than specified.
Thanks for the tip on Bad Behavior - I've not installed that mod yet. Might give it a go this afternoon.  In the mean time, not a single bad login since I blocked that particular IP range, yet other Google bots are still doing their normal thing on my site.  Even though it is not a great idea to block Google, I'd rather do away with this subset of bad IPs until a complete solution is found rather than having my site constantly bombarded.

As of nearly a day and a half, my site is operating as it did before all this started - not a single bot login attempt..

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,730
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Being logged out by bots trying to log in
« Reply #356 on: February 20, 2011, 04:43:05 PM »
Well...  The solution I gave you is tried and tested.   O:)

They hit you because you are now on a list.  Once they start they will not stop unless you block them back.  You must fight back and force them to remove you from the list. 

I too was attacked hard last year.  They hit me so hard my bandwidth was over 8GB a month and I was almost forced to get a dedicated server.  Instead, I fought back with my brain and created these mods with a few other measures.  The end result was zero spam for a year and my traffic was reduced drastically.  Many agree, my solution works!

One could say that I am the Jared of spam.  I lost 7GB of spam in one (1) month!  I can help you loose the excess spam too...
  8)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline Vincent Volmer

  • Jr. Member
  • **
  • Posts: 214
  • Gender: Male
  • SMF2.0.15
    • digiscrapdigitaalscrappen on Facebook
    • @Digiscrap_NL on Twitter
    • Digiscrap Digitaal scrappen
Re: Being logged out by bots trying to log in
« Reply #357 on: February 21, 2011, 11:03:52 AM »
I installed :

httpBL, Honeypot, Disabling Tor Access , Forum Firewall, Bad Behavior + the fix of Arantor and it killed my VPS. The whole server crashed 2 times after reboot.

When removing Forum Firewall and Bad Behavior all is working fine.....

What could be the reason?


This is/was not the reason. I removed the FF and BB but still having the same issue yesterday.

Thanks
Vincent

« Last Edit: March 07, 2011, 03:22:14 AM by Vincent Volmer »

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,730
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Being logged out by bots trying to log in
« Reply #358 on: February 21, 2011, 09:56:16 PM »
Both mods are totally different in what they do and how they load.  Neither will cause a crash if you follow instructions.  Nevertheless, if you want support and/ or come up with more info I can chew on, by all means please come to the support boards, ask away and I will gladly try to solve your problems.
« Last Edit: February 22, 2011, 05:11:55 AM by butchs »
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline Vincent Volmer

  • Jr. Member
  • **
  • Posts: 214
  • Gender: Male
  • SMF2.0.15
    • digiscrapdigitaalscrappen on Facebook
    • @Digiscrap_NL on Twitter
    • Digiscrap Digitaal scrappen
Re: Being logged out by bots trying to log in
« Reply #359 on: February 22, 2011, 06:48:18 AM »
Okay, thanks!

I'll come over to the support boards next week.

Vincent