Advertisement:

Author Topic: Is our forum under attack?  (Read 624 times)

Offline Odessite

  • Newbie
  • *
  • Posts: 6
Is our forum under attack?
« on: August 25, 2019, 10:16:06 AM »
APOLOGIES SHOULD THIS REQUEST BE IN THE WRONG TOPIC
A small number of us are Admin and Mods for a version 2.0.1 SMF forum. The previous owner sold the forum and website. The new owner, after posting a single introductory entry on the forum some 5 months ago, has not logged on since then. We believe he is focusing on the website and has left the forum to us. Unfortunately, we are simply users and without any technical expertise at all.
A couple of months ago, a large number of spammers were able to join. We have cleaned up the forum and introduced a number of bans, some specific and some global, based on IPs and email addresses. All is now calm except for the following:

We are seeing thousands of user error messages:
Sorry Guest, you are banned from using this forum! This ban is not set to expire.
These stem from banned IP addresses, both specific and global that we managed to set-up. These are mainly from Huawei, other Chinese and Russian IPs.
For example:   159.138.128.203  Huawei Hong Kong Clouds and many others in the 159.138.128.NNN series.

It reached the point where we had to prune these yesterday as the log has in excess of 500,000 entries. Already, since the pruning, we have in excess of 70,000 new entries.

Should we simply ignore these or is there something we can do to avoid this?
Thank you.

Offline Irisado

  • Una Luz Brillante en la Oscuridad
  • Doc Coordinator
  • SMF Super Hero
  • *
  • Posts: 10,237
  • Soñando debajo del arco iris
Re: Is our forum under attack?
« Reply #1 on: August 25, 2019, 10:44:49 AM »
I'll leave a member of the Support Team to help you regarding the issue of error logging, however, another way to avoid all of this is to avoid having so many bans in the first place.  If you have a problem with spammers, the trick is to prevent them from being able to register in the first place, so that you don't actually need to ban them.  This page will help you in that respect: https://wiki.simplemachines.org/smf/Spam_-_my_forum_is_flooded_with_spam,_what_can_I_do
Soñando con una playa donde brilla el sol, un arco iris ilumina el cielo, y el mar espejea iridescentemente

Offline Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 18,628
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • LexArma on GitHub
    • aleksi-kilpinen on LinkedIn
    • There's No Place Like 127.0.0.1
Re: Is our forum under attack?
« Reply #2 on: August 25, 2019, 11:18:15 AM »
Okay, first things first - you really should update the forum.
Secondly, In general, banning by IP is a bad idea to begin with. Banning by ranges even worse. If you really need to ban multiple IP addresses, you do not want to do it in SMF, but on the server level then.

Bots will crawl, and banning a crawler in SMF, you are basically asking them to leave a log of their each visit for you to see.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.
  Fooling around with an i7 990X @ 3,47Ghz / 12Gb / Win 10 x64 / 3840x2160


How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline Looking

  • SMF Hero
  • ******
  • Posts: 2,371
  • SMF Customization
    • jeanborde on Facebook
    • SMF Custom Themes & Custom Coding
Re: Is our forum under attack?
« Reply #3 on: August 25, 2019, 11:50:49 AM »
 I see those IPs all the time. May be just Baidu and Yandex. I just ignore them so long as they do not overdo to the point of slowing my server.

Offline Odessite

  • Newbie
  • *
  • Posts: 6
Re: Is our forum under attack?
« Reply #4 on: August 25, 2019, 12:07:48 PM »
Thank you. Appreciated.

Should we start unblocking all those blanket IP addresses?

Agree, the registration process should be tightened up. We also agree the forum could do with being updated. We tried to get the previous owner to organise both the registration and updating processes but without success even though, at the time, he had technical assistance.

Offline Looking

  • SMF Hero
  • ******
  • Posts: 2,371
  • SMF Customization
    • jeanborde on Facebook
    • SMF Custom Themes & Custom Coding
Re: Is our forum under attack?
« Reply #5 on: August 25, 2019, 12:11:49 PM »
Should we start unblocking all those blanket IP addresses?
I wouldn't, especially if you are not expecting traffic from those countries. The updates to your software are more critical as mentioned before.

Offline Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 18,628
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • LexArma on GitHub
    • aleksi-kilpinen on LinkedIn
    • There's No Place Like 127.0.0.1
Re: Is our forum under attack?
« Reply #6 on: August 25, 2019, 12:27:59 PM »
Should we start unblocking all those blanket IP addresses?
In my opinion, it is usually best to try everything else before resorting to using large amounts of IP bans.
So, unless you are convinced these IP addresses are purely malicious - I would remove the bans.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.
  Fooling around with an i7 990X @ 3,47Ghz / 12Gb / Win 10 x64 / 3840x2160


How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline Odessite

  • Newbie
  • *
  • Posts: 6
Re: Is our forum under attack?
« Reply #7 on: August 25, 2019, 12:30:22 PM »
Thank you both.

Thanks. We'll try and contact this new owner by asking around. Someone may know him personally within the community. The forum definitely requires an update.

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 51,286
Re: Is our forum under attack?
« Reply #8 on: August 25, 2019, 01:59:39 PM »
maybe time to move the forum to another host where someone trusted in the community can manage it  once you find out how to contact the owner.

Offline lurkalot

  • Support Specialist
  • SMF Hero
  • *
  • Posts: 1,447
  • Gender: Male
  • Tinyportal Support
    • guitaristguild on Facebook
    • Tinyportal on GitHub
    • @GuitaristGuild on Twitter
    • Guitarist Guild
Re: Is our forum under attack?
« Reply #9 on: August 25, 2019, 02:14:38 PM »
Disable the registrations for a hour or so, they'll soon stop and go somewhere else.  ;)  While waiting for them to come back you can work on a plan of action.

Offline delta5

  • Jr. Member
  • **
  • Posts: 296
    • @@kd8hmo on Twitter
    • FedUpWithLiberals.com
Re: Is our forum under attack?
« Reply #10 on: August 25, 2019, 07:03:21 PM »
I'm not an expert, but I have two forums of my own. You should update to 2.0.15. Then set up the captcha questions. IMO, you should also go to stopforumspam.com and download their spammer ip scanner plugin and install it. Then go into the admin settings for it and check all three boxes for it. That should block almost all known spammers from registering.

Offline Odessite

  • Newbie
  • *
  • Posts: 6
Re: Is our forum under attack?
« Reply #11 on: August 26, 2019, 03:03:12 AM »
Disable the registrations for a hour or so, they'll soon stop and go somewhere else.  ;)  While waiting for them to come back you can work on a plan of action.

Good idea. Will try this!

I cannot see a LIKE button, so thanks.

Offline Odessite

  • Newbie
  • *
  • Posts: 6
Re: Is our forum under attack?
« Reply #12 on: August 26, 2019, 03:11:49 AM »
I'm not an expert, but I have two forums of my own. You should update to 2.0.15. Then set up the captcha questions. IMO, you should also go to stopforumspam.com and download their spammer ip scanner plugin and install it. Then go into the admin settings for it and check all three boxes for it. That should block almost all known spammers from registering.

We are on 2.0.15.

Thanks. I will liaise with the other Mods and Admin volunteers and request they read this topic thread.

As mentioned above, our priority must be to connect somehow with the forum owner so that we can move forward. Of course, the depends upon whether the guy wishes to continue. We have nearly 4,000 users, the majority of whom haven't returned for more than a year, sometimes more. With only about 24 regulars, it may be a question of time before the forum folds.




Offline Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 18,628
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • LexArma on GitHub
    • aleksi-kilpinen on LinkedIn
    • There's No Place Like 127.0.0.1
Re: Is our forum under attack?
« Reply #13 on: August 26, 2019, 04:24:18 AM »
If you are on 2.0.15 then you are up to date, and can disregard my earlier note on updating :)
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.
  Fooling around with an i7 990X @ 3,47Ghz / 12Gb / Win 10 x64 / 3840x2160


How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline Odessite

  • Newbie
  • *
  • Posts: 6
Re: Is our forum under attack?
« Reply #14 on: August 26, 2019, 06:30:05 AM »
If you are on 2.0.15 then you are up to date, and can disregard my earlier note on updating :)

Thanks, appreciated. We're now awaiting a response from the previous forum owner as to whether he can provide a contact address for the current owner.

Since pruning the error messages on the 24th, we have since then accumulated another :

Apply filter of type:   All errors (93284) | General (293) | User (92991)


Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 51,286
Re: Is our forum under attack?
« Reply #15 on: August 26, 2019, 07:20:22 AM »
without knowing what the errors are, we cannot assist you further in possibly fixing them.

if they are all related to the bans, then just delete them.