Topic: Simple Machines Forums attacks

[DJ-X]

Robots are stupid - do not forget about it!
You can make a fake page to login and registration.

Code: [Select]

/index.php?action=login3
/index.php?action=login4
/index.php?action=login5

/index.php?action=register3
/index.php?action=register4
/index.php?action=register5


<!--  Robots are here fill the login form  -->
Pass on such links.
<a href="http://dj-x.info/index.php?action=register" style="display: none;">Register</a>
At me robots open yourhoneypot.php on the  pages for an input and registration.
After that MOD httpBL robots any more doesn't admits.
Robots any more don't want to select passwords.

[Ricky000]

can the bots restore the database 20 days ago?? because it happened to my forum...

[Illori]

this is not the place to ask for support. please open a separate topic in the correct board if you require help on this issue.

[CoreISP]

can the bots restore the database 20 days ago?? because it happened to my forum...

No. Contact your host to ask why that happened or, as Illori suggested, open a new topic.

[george54]

I tried these two simple approaches to stop unwanted spam on my site:

• robots.txt-> disallow
• disabled landing page registration.

Seems to have worked for the hour. (now over 24 hours, looking good)
Have banned bad IPs in the past, but the bad actors are always getting new IPs.

[tomicko]

Some  more words about point 1. robots.txt please or how to do this for Dummies 

I tried these two simple approaches to stop unwanted spam on my site:

• robots.txt-> disallow
• disabled landing page registration.

Seems to have worked for the hour. (now over 24 hours, looking good)
Have banned bad IPs in the past, but the bad actors are always getting new IPs.

[busterone]

You can google robots.txt to learn how to use it for any site, not just SMF.
That will not stop the type of attacks in this topic either. These type of bots pay no attention to a robots.txt file. Only well behaved search engine bots will obey it.

[agentstaobao]

Interesting choice of mods to offer up, more importantly in the order. Yes, you can force email login, but personally I'd rather stop them at the door from trying to make the fake login in the first place

[NGinuity]

Any chance you guys can certify the Login Verification mod for 2.0 Gold?

[NanoSector]

Aren't the attacks ceased? *sighs* Those damn internet terrors.

Interesting choice of mods to offer up, more importantly in the order. Yes, you can force email login, but personally I'd rather stop them at the door from trying to make the fake login in the first place

Ain't that Arantor's words?

Any chance you guys can certify the Login Verification mod for 2.0 Gold?

You tried emulating the version the mod was written in?

[NGinuity]

Aren't the attacks ceased? *sighs* Those damn internet terrors.

I've been getting hit relentlessly since Friday.

You tried emulating the version the mod was written in?

No I haven't tried anything.  Having to install mods is somewhat of a new thing to me in SMF, and it said it was only built for 2.0 RC5, so it gave me an unhappy message when I tried to grab the 2.0 install instructions.

[NanoSector]

Aren't the attacks ceased? *sighs* Those damn internet terrors.

I've been getting hit relentlessly since Friday.

You tried emulating the version the mod was written in?

No I haven't tried anything.  Having to install mods is somewhat of a new thing to me in SMF, and it said it was only built for 2.0 RC5, so it gave me an unhappy message when I tried to grab the 2.0 install instructions.

If you look at the bottom of the page, there is a link that says "Advanced". Click it.

A textbox will pop up. Type in the version of SMF the mod works on, and save. Then, happily install the mod

[NGinuity]

A textbox will pop up. Type in the version of SMF the mod works on, and save. Then, happily install the mod

Ok, so I can just type in SMF 2.0 RC5 where it currently says SMF 2.0?  Does it run a transaction test to make sure the mod will install properly, and also, how hard is it to fail it back if it doesn't?  Sorry for all the questions, but SMF has always worked fine as is and I haven't had to address this until now.

[b4pjoe]

A textbox will pop up. Type in the version of SMF the mod works on, and save. Then, happily install the mod

Ok, so I can just type in SMF 2.0 RC5 where it currently says SMF 2.0?  Does it run a transaction test to make sure the mod will install properly, and also, how hard is it to fail it back if it doesn't?  Sorry for all the questions, but SMF has always worked fine as is and I haven't had to address this until now.

Yes and yes, it will run the test.

[青山 素子]

Note that that specific modification was designed only for one certain type of attempt. If the current flood doesn't match that exact signature, it'll be useless.

[NGinuity]

Note that that specific modification was designed only for one certain type of attempt. If the current flood doesn't match that exact signature, it'll be useless.

Yeah I got ya.  I just put in some verification questions that only my users would know.

[midweb]

I was having problems with 50 to 100 new members per day joining, that were not relevent to the forum, so I set up guest approval,  but now I am having to sift through the list of sometimes 100 plus looking for bona fida people wanting to join, is there a way around this.
Mick

[Illori]

please start a separate thread in the proper support board, this place is not the correct location.

[midweb]

sorry first post, thought unwanted registrations was attacks of one kind or another, have disabled registration untill I find an answer.
Mick

[HecKel]

Why did you stop sending "newsletters"? This kind of information would be really useful for me if I was notified on time... I never noticed this topic before, and this kind of information should have been broadcasted to the whole community.

Please, restart sending newsletters again.