Advertisement:
GCWebhosting

Author Topic: Simple Machines Forums attacks  (Read 1912751 times)

Offline Masterd

  • SMF Hero
  • ******
  • Posts: 3,919
  • Gender: Male
Re: Simple Machines Forums attacks
« Reply #60 on: February 23, 2011, 06:45:15 AM »
I think that a mod is causing that rather than a theme.

Offline GravuTrad

  • Senior Translator
  • SMF Hero
  • *
  • Posts: 8,633
  • Gender: Male
  • One of the french SMF translators
Re: Simple Machines Forums attacks
« Reply #61 on: February 23, 2011, 10:13:01 AM »
Like has excellently discovered TE, we are not alone on this hit:

http://www.phpbb.com/community/viewtopic.php?t=1947925

And thanks arantor for your patch.
On a toujours besoin d'un plus petit que soi! (Petit!Petit!)


Think about Search function before posting.
Pensez à la fonction Recherche avant de poster.

Offline robbie93

  • Sr. Member
  • ****
  • Posts: 733
    • R&H
Re: Simple Machines Forums attacks
« Reply #62 on: February 23, 2011, 11:08:46 AM »
Woke up today and have 60 pages of errors in my logs mostly with these errors

Guest
91.201.67.4 
Today at 09:15:23 AM
http://robbie93andhotchildxox.net/index.php?action=login2
This forum requires verification.

I have Arantors mod and verification on login - both havent stopped the attack because although they are not getting through the verification at login they are still attacking the site at an alarming rate and causing an error log as long as your arm.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,196
    • StoryBB/StoryBB on GitHub
Re: Simple Machines Forums attacks
« Reply #63 on: February 23, 2011, 11:12:27 AM »
No-one said that either mod would *stop* the attack - they still keep coming. The difference is, my mod stopped them getting too close, Norv's mod provides a different layer of protection - but it's not making the attack go away, it just neutralises its potency.

Though I think it's a bit much that it's sending errors to the log when there's no need for it.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline robbie93

  • Sr. Member
  • ****
  • Posts: 733
    • R&H
Re: Simple Machines Forums attacks
« Reply #64 on: February 23, 2011, 11:22:56 AM »
Yeah I know theres nothing to stop the attack as such, when I installed your mod it seemed to work for an hour or so with no errors in the logs but then the next morning it started again, but with different errors showing "user" verification errors that show it was still the bots attacking, IDK how you guys are gonna fix it but they seem very persistant and have been trying every day for nearly three months now and they seem to be getting worse looking at the amount of errors in the logs, 60 errors today alone has been the most yet.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,196
    • StoryBB/StoryBB on GitHub
Re: Simple Machines Forums attacks
« Reply #65 on: February 23, 2011, 11:54:59 AM »
I was getting hundreds of errors per hour before.

I guess I have to say it again: we can't magically fix this. We can't stop bots hitting forums, it's not actually possible. They will keep coming. All we can do is prevent them doing anything when they get to the forum - and so far they haven't achieved anything on my site...
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,067
  • 戦場ヶ原、蕩れ!
    • srvrguy on GitHub
    • @motokochan on Twitter
    • Nekomusume Moe
Re: Simple Machines Forums attacks
« Reply #66 on: February 23, 2011, 12:09:07 PM »
Yeah I know theres nothing to stop the attack as such, when I installed your mod it seemed to work for an hour or so with no errors in the logs but then the next morning it started again, but with different errors showing "user" verification errors that show it was still the bots attacking, IDK how you guys are gonna fix it but they seem very persistant and have been trying every day for nearly three months now and they seem to be getting worse looking at the amount of errors in the logs, 60 errors today alone has been the most yet.

There is no way to "fix" it short of arresting every botnet master and every client who pays them for services. That, or disconnecting your website from the Internet. Maybe even cleaning and properly securing every zombie under their control (nearly all running Windows) The first solution isn't really practical, nor is the second. The third wouldn't work too well either.

Your errors show that the fixes are at least working. They can't get past the "verification" part of the login form to which they are blindly posting (by posting, I mean the HTTP POST method).

Arantor's mod was developed to stop a very specific feature of the attack. It will not try to detect and stop all attempts, nor should it. Doing so would see many valid users blocked.

If you want the error message to go away, contact the author of that modification and ask that they update to stop spewing notices into the error log, or at least help you to turn off that portion for your site.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Offline StarWars Fan

  • Jr. Member
  • **
  • Posts: 157
  • Gender: Male
Re: Simple Machines Forums attacks
« Reply #67 on: February 23, 2011, 12:27:02 PM »
For Me, Arantor's mod stopped it completely on my forum... It's been a happy 4 days - Thanks again Arantor... :)

Offline RustyBarnacle

  • Sr. Member
  • ****
  • Posts: 722
    • Saving Tallingroth
Re: Simple Machines Forums attacks
« Reply #68 on: February 23, 2011, 12:35:34 PM »
Sorry, just thought it was odd.  I haven't added any new mods since Arantor's and it didn't cause that error right away so I thought with the params thing they were trying something new.  I don't think its his mod either actually so I'll look for updates on some of the other mods I have.

Offline robbie93

  • Sr. Member
  • ****
  • Posts: 733
    • R&H
Re: Simple Machines Forums attacks
« Reply #69 on: February 23, 2011, 01:17:02 PM »
I have taken off the verification mod and left just Arantors - lets see if the errors decrease.

Offline Masterd

  • SMF Hero
  • ******
  • Posts: 3,919
  • Gender: Male
Re: Simple Machines Forums attacks
« Reply #70 on: February 23, 2011, 01:21:39 PM »
If you still have Arantor's mods then you should really install Arantor Captcha. That's the best captcha system that I ever saw.

Offline SomaliDoc

  • Semi-Newbie
  • *
  • Posts: 53
Re: Simple Machines Forums attacks
« Reply #71 on: February 23, 2011, 01:35:41 PM »
Hey Guys,

Logindetector is the best mod so far.
I am no longer see the bot attempts to log in to the site but 2 another problems come up

1- Real members can't log in to the forum except for the next try. (They have to put their passwords twice to log in)
2- Another different log error showed up: bots trying to use the Quickmod2 funtion?!!!!

Any one knows what these problems are & how to solve it?

This is high priority folks.

Thanks

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,316
  • Gender: Male
    • Kindred-999 on GitHub
Re: Simple Machines Forums attacks
« Reply #72 on: February 23, 2011, 01:51:14 PM »
this thread is not for support.   Please ask support questions in the support board.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline live627

  • Development Contributor
  • SMF Hero
  • *
  • Posts: 5,620
  • Gender: Male
    • live627 on Facebook
    • live627 on GitHub
    • live627 on LinkedIn
    • @live627 on Twitter
    • livemods
Re: Simple Machines Forums attacks
« Reply #73 on: February 23, 2011, 02:45:57 PM »
If you still have Arantor's mods then you should really install Arantor Captcha. That's the best captcha system that I ever saw.
But here's the catch - that mod is not being distributed anywhere by anybody.
Try not to become a man of success, but rather try to become a man of value.
- Albert Einstein

Offline Masterd

  • SMF Hero
  • ******
  • Posts: 3,919
  • Gender: Male
Re: Simple Machines Forums attacks
« Reply #74 on: February 23, 2011, 04:23:48 PM »
But here's the catch - that mod is not being distributed anywhere by anybody.


Yes, but he can use it if he has it on his HDD like me.

Offline live627

  • Development Contributor
  • SMF Hero
  • *
  • Posts: 5,620
  • Gender: Male
    • live627 on Facebook
    • live627 on GitHub
    • live627 on LinkedIn
    • @live627 on Twitter
    • livemods
Re: Simple Machines Forums attacks
« Reply #75 on: February 23, 2011, 07:13:13 PM »
But I suspect he hasn't it -- thus explaining why it's not available, y'know?
Try not to become a man of success, but rather try to become a man of value.
- Albert Einstein

Offline Dzonny

  • Localizer
  • SMF Super Hero
  • *
  • Posts: 11,917
  • Gender: Male
  • No sleep...
    • dzontra.nikola on Facebook
    • Dzonny on GitHub
    • dzontranikola on LinkedIn
    • @opusteniforum on Twitter
    • Samo opusteno
Re: Simple Machines Forums attacks
« Reply #76 on: February 24, 2011, 11:55:33 AM »
I have about 10 pages per day of wrong passwords for now, but it is standard number for past few months, so i guess theres no need to worry yet.
From where all the bots suddenly came? :/

Offline NanoSector

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 10,499
  • Gender: Male
  • VC321xb47@aperture:~#
    • Yoshi2889 on GitHub
Re: Simple Machines Forums attacks
« Reply #77 on: February 24, 2011, 12:29:12 PM »
I have about 10 pages per day of wrong passwords for now, but it is standard number for past few months, so i guess theres no need to worry yet.
From where all the bots suddenly came? :/
From here could be one thing, I guess.

They find our site links, follow them and start trying.
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 50,968
Re: Simple Machines Forums attacks
« Reply #78 on: February 24, 2011, 12:32:16 PM »
i would not agree, my site for example is not posted anywhere on this forum, they can easily find it on google though along with many others.

Offline NanoSector

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 10,499
  • Gender: Male
  • VC321xb47@aperture:~#
    • Yoshi2889 on GitHub
Re: Simple Machines Forums attacks
« Reply #79 on: February 24, 2011, 12:45:09 PM »
i would not agree, my site for example is not posted anywhere on this forum, they can easily find it on google though along with many others.
Quote
could be one thing, I guess
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."