• Welcome to Simple Machines Community Forum. Please login or sign up.
December 01, 2021, 08:50:36 AM

News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord


Simple Machines Forums attacks

Started by Norv, February 19, 2011, 04:33:48 PM

Previous topic - Next topic

Masterd

I think that a mod is causing that rather than a theme.

GravuTrad

Like has excellently discovered TE, we are not alone on this hit:

http://www.phpbb.com/community/viewtopic.php?t=1947925

And thanks arantor for your patch.
On a toujours besoin d'un plus petit que soi! (Petit!Petit!)


Think about Search function before posting.
Pensez à la fonction Recherche avant de poster.

robbie93

Woke up today and have 60 pages of errors in my logs mostly with these errors

Guest
91.201.67.4 
Today at 09:15:23 AM
http://robbie93andhotchildxox.net/index.php?action=login2
This forum requires verification.

I have Arantors mod and verification on login - both havent stopped the attack because although they are not getting through the verification at login they are still attacking the site at an alarming rate and causing an error log as long as your arm.

Arantor

No-one said that either mod would *stop* the attack - they still keep coming. The difference is, my mod stopped them getting too close, Norv's mod provides a different layer of protection - but it's not making the attack go away, it just neutralises its potency.

Though I think it's a bit much that it's sending errors to the log when there's no need for it.
No good deed goes unpunished
All helpful urges should be circumvented

robbie93

Yeah I know theres nothing to stop the attack as such, when I installed your mod it seemed to work for an hour or so with no errors in the logs but then the next morning it started again, but with different errors showing "user" verification errors that show it was still the bots attacking, IDK how you guys are gonna fix it but they seem very persistant and have been trying every day for nearly three months now and they seem to be getting worse looking at the amount of errors in the logs, 60 errors today alone has been the most yet.

Arantor

I was getting hundreds of errors per hour before.

I guess I have to say it again: we can't magically fix this. We can't stop bots hitting forums, it's not actually possible. They will keep coming. All we can do is prevent them doing anything when they get to the forum - and so far they haven't achieved anything on my site...
No good deed goes unpunished
All helpful urges should be circumvented

青山 素子

Quote from: robbie93 on February 23, 2011, 11:22:56 AM
Yeah I know theres nothing to stop the attack as such, when I installed your mod it seemed to work for an hour or so with no errors in the logs but then the next morning it started again, but with different errors showing "user" verification errors that show it was still the bots attacking, IDK how you guys are gonna fix it but they seem very persistant and have been trying every day for nearly three months now and they seem to be getting worse looking at the amount of errors in the logs, 60 errors today alone has been the most yet.

There is no way to "fix" it short of arresting every botnet master and every client who pays them for services. That, or disconnecting your website from the Internet. Maybe even cleaning and properly securing every zombie under their control (nearly all running Windows) The first solution isn't really practical, nor is the second. The third wouldn't work too well either.

Your errors show that the fixes are at least working. They can't get past the "verification" part of the login form to which they are blindly posting (by posting, I mean the HTTP POST method).

Arantor's mod was developed to stop a very specific feature of the attack. It will not try to detect and stop all attempts, nor should it. Doing so would see many valid users blocked.

If you want the error message to go away, contact the author of that modification and ask that they update to stop spewing notices into the error log, or at least help you to turn off that portion for your site.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


StarWars Fan

For Me, Arantor's mod stopped it completely on my forum... It's been a happy 4 days - Thanks again Arantor... :)

RustyBarnacle

Sorry, just thought it was odd.  I haven't added any new mods since Arantor's and it didn't cause that error right away so I thought with the params thing they were trying something new.  I don't think its his mod either actually so I'll look for updates on some of the other mods I have.

robbie93

I have taken off the verification mod and left just Arantors - lets see if the errors decrease.

Masterd

If you still have Arantor's mods then you should really install Arantor Captcha. That's the best captcha system that I ever saw.

SomaliDoc

Hey Guys,

Logindetector is the best mod so far.
I am no longer see the bot attempts to log in to the site but 2 another problems come up

1- Real members can't log in to the forum except for the next try. (They have to put their passwords twice to log in)
2- Another different log error showed up: bots trying to use the Quickmod2 funtion?!!!!

Any one knows what these problems are & how to solve it?

This is high priority folks.

Thanks

Kindred

this thread is not for support.   Please ask support questions in the support board.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.<br /><br />"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

live627

Quote from: Masterd on February 23, 2011, 01:21:39 PM
If you still have Arantor's mods then you should really install Arantor Captcha. That's the best captcha system that I ever saw.
But here's the catch - that mod is not being distributed anywhere by anybody.

Masterd

Quote from: live627 on February 23, 2011, 02:45:57 PM
But here's the catch - that mod is not being distributed anywhere by anybody.

Yes, but he can use it if he has it on his HDD like me.

live627

But I suspect he hasn't it -- thus explaining why it's not available, y'know?

Dzonny

I have about 10 pages per day of wrong passwords for now, but it is standard number for past few months, so i guess theres no need to worry yet.
From where all the bots suddenly came? :/

NanoSector

Quote from: Dzonny on February 24, 2011, 11:55:33 AM
I have about 10 pages per day of wrong passwords for now, but it is standard number for past few months, so i guess theres no need to worry yet.
From where all the bots suddenly came? :/
From here could be one thing, I guess.

They find our site links, follow them and start trying.
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

Illori

i would not agree, my site for example is not posted anywhere on this forum, they can easily find it on google though along with many others.

NanoSector

Quote from: Illori on February 24, 2011, 12:32:16 PM
i would not agree, my site for example is not posted anywhere on this forum, they can easily find it on google though along with many others.
Quotecould be one thing, I guess
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

Advertisement: