Serious Problem.. - Massive spam attack!

Started by PETR0NAS, April 06, 2013, 12:21:05 AM

Previous topic - Next topic

PETR0NAS

Alright.. I'm the co-founder of a new upcoming SA-MP server, and our forums were just constructed all by me. We were gonna release soon when 2-3 days back, I saw something.. epic.. some PRO spammers attacked our forums! Here's what I noticed -

- 3-4 people, with some wierd names, POSTED 100s of topics WITHOUT registering.
- I can't click on their name because below their name (Guest) is written.
- I can trace their IP, but I cant ban it, as they are not registered.
- My forums are filled with thousands of topics by them, and I don't know how to delete them all. If there was a function through which you could tick all topics and delete all at once, it would be great, please tell me.
- And how can I block them from coming to my forums?

- Also, even though I disabled guests browsing forums, guests are still able to browse our forums and able to check their adverts on my forum.
- You can see the forums, but I cant post link here..
- HELP

Here are some screens.




Just.. tell me what to do.. I'm broke.

ARG01

The same group has been hitting us hard at Another Admin Forum as well. All we can do is block the IP's as they come in. However, we did change our security questions and require verification for the first few posts. It's not much but it seems to have helped.
No, I will not offer free downloads to Premium DzinerStuido themes. Please stop asking.

Bob Perry of Web Presence Consulting

Quote from: PETR0NAS on April 06, 2013, 12:21:05 AM
Alright.. I'm the co-founder of a new upcoming SA-MP server, and our forums were just constructed all by me. We were gonna release soon when 2-3 days back, I saw something.. epic.. some PRO spammers attacked our forums! Here's what I noticed -

- 3-4 people, with some wierd names, POSTED 100s of topics WITHOUT registering.
- I can't click on their name because below their name (Guest) is written.
- I can trace their IP, but I cant ban it, as they are not registered.
- My forums are filled with thousands of topics by them, and I don't know how to delete them all. If there was a function through which you could tick all topics and delete all at once, it would be great, please tell me.
- And how can I block them from coming to my forums?

- Also, even though I disabled guests browsing forums, guests are still able to browse our forums and able to check their adverts on my forum.
- You can see the forums, but I cant post link here..
- HELP

Here are some screens.




Just.. tell me what to do.. I'm broke.

You are ok, just inexperienced with this type of software, you have many options to prevent these idiots from trashing your forum, my advice is that your tweak your user groups permission settings... do some scanning of the other forums here and do a little homework of your own about the power you have as an admin user of an SMF forum, it is considerable...

There is a highly effective tool for deleting topics in your Maintenance admin menu...

I can actually get you back where you are comfortable a lot faster doing it myself but that is something I get paid to do, I recommend that you do just a bit of time consuming homework on your own first, study the options available in your admin menu, and cruise through the various third party modules that are available for a multitude of various functionality purposes...

Good luck...
Best Regards,
Bob Perry



"The world is moving so fast these days that the man who says it can't be done is generally interrupted by someone doing it." Elbert Hubbard

Kindred

Deleting the existing messages:
if you change your moderation settings (in your own profile) to be Profile > Look and Layout > Show quick-moderation as [checkboxes]
now when you view the message lists in each board, you can select the entire page and then (from the dropdown at the bottom of the list) select "remove"

Deleting the spamming users:
Go to the admin > members > memberlist and use the checkboxes there the same way to remove their accounts.

Handling the spammers
http://wiki.simplemachines.org/smf/Spam_-_my_forum_is_flooded_with_spam,_what_can_I_do




Now... as for spammers posting without registering an account.
The ONLY way they could do this is if you have allowed the guests membergrooup access to make posts in the admin > members > permissions section.

Or possibly, you have added a mod which broke the standard security.

What SMF version are you running?
What mods do you have installed?
Your URL?
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Ricky.

Hmm.. clearly he has enabled guest posting. Nothing much to say here, as Kindred say, let us know more about it. With combination of right permission, few mods, SMF can be almost 100% spam free, this I know because I had faced similar situation and had done this for many forums including others too.

Storman™

For me I can't remember the last spam that "got through", it was ages ago. It just needs a couple of mods and a few decent registration questions.

Oh.... and guest posting turned off..... !  :o

Raths Rants

I disabled new user registration a while back because of this exact issue. I run a small forum for friends and family and the occasional person that might be interested in what we are doing.

I created a very manual work around that will not work for larger communities.

The mods I use for this work around:
SimplePortal <-- This works well with permissions
Custom Form Mod <--- The main component for my work around
Recount Member Posts - not needed but Custom Form Mod messes with post counts

What I did was create a custom form that is only visible to people not logged into the forum. A guest can fill this form out and it creates a post on a board setup for it. I then manually review the info and create the new user with the information provided. Once the new user is created an email (part of SMF) is sent to the user who then has to complete the registration process.

I added a custom block with SimplePortal to display a button that leads to this form. The block is only visible if the user is not logged in. They click the image that leads them to the form and complete it.


Once the form submits the post I review and approve/decline based on the information provided.

I use most of the anti-spam stuff on here. Reviewed the forum posts. Edited the user properties etc.. and they still nail me to the wall with spam registrations.

Since I tried this new approach I have gotten 2 in 6 months or more.
The DDC Network
a lot of hard work goes into easy

Kindred

Manual work arounds are not needed. There are several anti-spam mods which are listed in the FAQ. Those will basiclaly cut the spam registrations down to nothing.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Bob Perry of Web Presence Consulting

My strategy to deal with these wackos is like this...

I have created a usergroup named "lurker" which has to be manipulated a bit in order to make it the default group, the intrinsic default group is normally tricky to edit to not make it the default... then I have permissions set so that the two lowermost post based groups can't post without admin approval...

The vast majority of known spammers can't even make it to a registration page as I have the "Bad Behavior" module installed as well as the "SMF Firewall" mod, but there will be those that have figured out how to get past that too, and here is where I have a little fun messing with their minds a bit... I have the system set for users to edit their "Displayed Name" once they reach a certain number of successful posts... & also have several social site sharing buttons/icons available to members, the spammer crowd loves to put garbage in those fields for some reason...

When I see a spammer logged in I go into their account settings and change their displayed name to say things like "not too smart" or "not very bright001", & then wipe out all the fields they put their garbage links into, where the fun comes is the fact that they won't be able to edit the displayed name until they get some successful posts under their belt which will most likely never happen, they are able to go back and reset their garbage Icon fields, but here is how I view that if they do... if they've got the time and audacity to attempt circumventing my security, I have a lot more time than they do to screw with their heads, it only takes a minute to wipe out all their profile fields & they are unable to "fix" the username I've given them...

In any case, they may make it through to a register page and be able to get an account, but they are absolutely stopped dead in their tracks to be able to trash the system with spam postings & I get to play games with their mind and display their stupidity publicly...
Best Regards,
Bob Perry



"The world is moving so fast these days that the man who says it can't be done is generally interrupted by someone doing it." Elbert Hubbard

Kindred

again.... if you stop them from even registering, you don't need ot bother with that.

I repeat...  I have not had a SINGLE SPAMMER get through the registration process without being stopped or flagged (and even the flagged attempts are down to 1 or 2 a month) in over a year
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Bob Perry of Web Presence Consulting

Quote from: Kindred on April 08, 2013, 11:20:01 AM
again.... if you stop them from even registering, you don't need ot bother with that.

I repeat...  I have not had a SINGLE SPAMMER get through the registration process without being stopped or flagged (and even the flagged attempts are down to 1 or 2 a month) in over a year

Yes, we all know you are the expert, I like to have fun with my system however and manipulating modules so that they actually function as the author intended is not my idea of a good time, I am sick to death of getting mods with bugs throughout and have to customize them to function properly with all the other mods installed... my strategy is working for me so don't poo poo it if you please...
Best Regards,
Bob Perry



"The world is moving so fast these days that the man who says it can't be done is generally interrupted by someone doing it." Elbert Hubbard

Kindred

well...  people keep adding these "workarounds" and semi-complicated processes, even though none of that is required.  So, I will indeed poo-poo any manual process that people list when it can be easily done automatically - especially for aminds who don't have the time or inclination to handle all that manual stuff.

The mods listed work perfectly well without any tweaking.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Bob Perry of Web Presence Consulting

Quote from: Kindred on April 08, 2013, 11:45:49 AM
well...  people keep adding these "workarounds" and semi-complicated processes, even though none of that is required.  So, I will indeed poo-poo any manual process that people list when it can be easily done automatically - especially for aminds who don't have the time or inclination to handle all that manual stuff.

The mods listed work perfectly well without any tweaking.

What listed mods? And I doubt very seriously that they all work together adequately enough to COMPLETELY stop spammers from reaching a registration page, you'll have to prove it to me first... why do you not have your site set up somewhere in your profile for us to visit?
Best Regards,
Bob Perry



"The world is moving so fast these days that the man who says it can't be done is generally interrupted by someone doing it." Elbert Hubbard

Kindred

well, I can only say what success I have had. Which is exactly what I posted. ZERO spam.

I don't have the site listed in my profile because it is one of MANY that I admin.
If you'd like to check http://www.40konline.com is one of them...
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Bob Perry of Web Presence Consulting

Quote from: Kindred on April 08, 2013, 12:22:36 PM
well, I can only say what success I have had. Which is exactly what I posted. ZERO spam.

I don't have the site listed in my profile because it is one of MANY that I admin.
If you'd like to check http://www.40konline.com is one of them...

So, are you saying that all of your forum(s) have absolutely zero spammer accounts created? OR, is it that there are zero spam posts? or both?... I myself settle for zero spam posts thank you, & let them spin their wheels all they like creating accounts, resistance is futile as is your debate with me as you already have all the answers...
Best Regards,
Bob Perry



"The world is moving so fast these days that the man who says it can't be done is generally interrupted by someone doing it." Elbert Hubbard

Kindred

#15
I have zero spam posts.

I can not confirm if any spammer accounts are set up or not, because we don't know if they are spammers or just silent users until they do something spamlike...     However, in the last year, I have had zero spam posts made to the site and none of the silent accounts have done anything like adding spam to the profile or other non-post spammer tricks.

Oh, and the mods I use are
Stop Spammer
Bad Behavior + httpBL
and the (core feature) SMF Questions
I have CAPTCHA turned OFF.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Storman™

QuoteYes, we all know you are the expert, I like to have fun with my system however and manipulating modules so that they actually function as the author intended is not my idea of a good time......

For me Stop Spammer mod + httpBL mod

Plus a few good (two) verifications question.

I also run CrawlProtect which sits outside of SMF.

Result = zero spam.

All are standard installs with no tweaks.

Bob Perry of Web Presence Consulting

Quote from: Storman™ on April 08, 2013, 03:16:21 PM
QuoteYes, we all know you are the expert, I like to have fun with my system however and manipulating modules so that they actually function as the author intended is not my idea of a good time......

For me Stop Spammer mod + httpBL mod

Plus a few good (two) verifications question.

I also run CrawlProtect which sits outside of SMF.

Result = zero spam.

All are standard installs with no tweaks.

Yep, zero spam my way too, why did you quote me? We are suppose to be giving the original poster viable alternatives & solutions, not nit pick at one another... but I feel that newbies should be aware that not all modules, module authors, or support specialists are bullet proof experts and I refuse to be belittled by any of them... I see you have no links to your website(s) in your profile either?
Best Regards,
Bob Perry



"The world is moving so fast these days that the man who says it can't be done is generally interrupted by someone doing it." Elbert Hubbard

Raths Rants

With the standard setup that comes with SMF and enabling CAPTCHA for the first 10 posts I never got anyone actually posting on my forum. I got a ton of new user registrations.

I am going to look into this again. My manual work around was a last ditch effort because I was not successful with the other methods I had tried.
The DDC Network
a lot of hard work goes into easy

Bob Perry of Web Presence Consulting

#19
Quote from: rathsrants on April 08, 2013, 05:15:04 PM
With the standard setup that comes with SMF and enabling CAPTCHA for the first 10 posts I never got anyone actually posting on my forum. I got a ton of new user registrations.

I am going to look into this again. My manual work around was a last ditch effort because I was not successful with the other methods I had tried.

Scanning through your member list can be a eye opening experience for you concerning this, most of the spam offenders will use the most unintelligible usernames you can imagine & if you examine the details of their accounts you will notice that IP addresses are very similar to other profiles and you'll learn to see indicators of the true countries of origin by examining their host address, take what you see in the profile "Location" field with a grain of salt...

Another excellent source of information for spotting scammer/spammer nutcases is hanging out on the "Who's Online" screen, most of the spammers head immediately to the very last topic that was posted and will attempt to post, but never actually go all the way to completion depending on how your security is set up... be sure to set it up so that spider names appear on who's online screen as well, then study at length the various IP addresses listed and you will eventually be able to spot all sorts of robots and spiders that may or may not be beneficial for your site, if the first two or sometimes three sets of numbers in the address are the same as those of a seperate entry in the listing, its a robot of some type... which leads to another point you should consider, there is a very thin line of balance to manage between making it hard for hacker wannabes to post & NOT discouraging legitimate members from being able to post by making the process too complicated...

Best Regards,
Bob Perry



"The world is moving so fast these days that the man who says it can't be done is generally interrupted by someone doing it." Elbert Hubbard

Kindred

quite so...   CAPTCHA is, unfortunately, next to useless these days.
Just look at the number of spam posts that we get on this site, even though CAPTCHA is required for the first 10 posts.

Questions are a much better tool, and the mods which several of us have referenced  make it even better.
While Bperry may have come up with a manual way to deal with it, I, personally, prefer the automated mods which check the stop forum spam database and the project honeypot database and the bad behavior scripts...     that way it leverages all thew accumulated spam knowledge of sites dedicated to stopping the idiots.

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

Just to really confuse matters, I run a custom CAPTCHA (that reminds me, did SMF ever sort out the licensing of the fonts for its CAPTCHA?), questions and Bad Behaviour, empty field and timegated registration. No spam posts observed in quite a while.

I should also add, I have a few other interesting defences, like the ability to let users sign up and add a signature but hide it unless they have more than x posts (currently 10) so even signature spammers can't do anything with it.

Bob Perry of Web Presence Consulting

Quote from: Kindred on April 08, 2013, 07:11:15 PM
quite so...   CAPTCHA is, unfortunately, next to useless these days.
Just look at the number of spam posts that we get on this site, even though CAPTCHA is required for the first 10 posts.

Questions are a much better tool, and the mods which several of us have referenced  make it even better.
While Bperry may have come up with a manual way to deal with it, I, personally, prefer the automated mods which check the stop forum spam database and the project honeypot database and the bad behavior scripts...     that way it leverages all thew accumulated spam knowledge of sites dedicated to stopping the idiots.



Yada yada, I know that I keep being rather abrupt with you dude and I don't mean to do it again as it really doesn't matter that much, but you keep referencing back to things I've posted in a negative tone and I'm going to clarify something this one last time and move on to other things as this thread gives the original poster quite enough to keep him busy for a while... you refer to my strategy as "a manual method"... in my opinion, you are promoting these new folks into the mindset of the "lazy admins" crowd, where the the thought is that if everything is automated, there are no errors in the log, and there are no complaints from users well then everything is rosy with the world and the admin doesn't need to do much of anything but think of a way to monetize it all... what fun is there in that? Too boring... There is not really all that much manual tasking done in my strategy, I could just as easily let them keep their accounts as is...  but yall don't seem to grasp that the legitimate users take notice better and respond better if they can SEE YOU ENGAGE every aspect of your site, including troublemakers... besides, I'm a master mind game player (I was trained by the government & a vicious ex-wife), I kinda dig all the messing with their heads stuff, right or wrong, for me its a therapeutic type of stress reliever, especially if I am able to transform a negative situation into a positive one...
Best Regards,
Bob Perry



"The world is moving so fast these days that the man who says it can't be done is generally interrupted by someone doing it." Elbert Hubbard

Arantor

The reason Kindred's abrupt is that he feels you're giving out what he perceives - rightly or wrongly - as bad advice. Most users, like it or not, don't want to have to jump through hoops (be it to administrate or to participate) and I've found that sites that make me post in a given board before I can post anywhere else etc. just don't end up getting my contributions.

Whether that's a good thing or not is certainly a matter of perspective.

What I do know is that what is boring for you is not boring for others, and most people don't want to spend much time day-in-day-out micromanaging their forum.

Bob Perry of Web Presence Consulting

Quote from: Arantor on April 08, 2013, 08:11:02 PM
The reason Kindred's abrupt is that he feels you're giving out what he perceives - rightly or wrongly - as bad advice. Most users, like it or not, don't want to have to jump through hoops (be it to administrate or to participate) and I've found that sites that make me post in a given board before I can post anywhere else etc. just don't end up getting my contributions.

Whether that's a good thing or not is certainly a matter of perspective.

What I do know is that what is boring for you is not boring for others, and most people don't want to spend much time day-in-day-out micromanaging their forum.

Well said, well said, point taken... just wish i wasn't so defensive about it, but for some reason I can't put my finger on, the guy pushes my buttons just right...
Best Regards,
Bob Perry



"The world is moving so fast these days that the man who says it can't be done is generally interrupted by someone doing it." Elbert Hubbard

Arantor

Yeah, I can see what you mean. Kindred and I are... quite abrasive people in our own way. We call it as we see it and don't sugar-coat it. The combination comes across perhaps a little more bluntly than might be tactful at times.

Kindred

lol...  I don't hold anything against you, bperry. :P

As Arantor says, I don't waste time with platitudes, etc and I know that I can come across an "untactful" because of my bluntness.
'Course, I can take it as I deal it. :)

and yes, Arantor points out the main reason that I keep harping on mods versus "manual" :)  because, face it.... people are lazy... or, in my case, I have 10 sites to deal with and don't have time to handle everything manually on all of them.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Bob Perry of Web Presence Consulting

hmm, may be wrong but seems to me that we're changing the definition slightly or forgetting it, what is the purpose of this software? Is it not social networking, relationship building, engaging & helping others globally? And I believe the head honcho of each site should reflect that spirit openly and be the example... granted, time is short, I too have more than one site to run, but manage to keep it all under control easily MOST of the time, but trust me I understand how difficult being diplomatic is, a lot of people just have a lot harder time grasping it, I have a lot of trouble with it, but I NEVER GIVE UP trying, time restraints be damned, I can sleep when I'm dead...
Best Regards,
Bob Perry



"The world is moving so fast these days that the man who says it can't be done is generally interrupted by someone doing it." Elbert Hubbard

Kindred

I am the technical admin of several sites as well as being the head admin of several others and a staff on yet others.... The responsibility of the tech admin are different, etc etc etc...
On the other hand, I would argue that, if the admin can sit back and let the users run the site conversations, then it's even better. ;)
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

QuoteIs it not social networking, relationship building, engaging & helping others globally?

Sure it is. And making it more difficult for people to do so by creating more and more complex levels of rules impedes that.

Quotebut trust me I understand how difficult being diplomatic is, a lot of people just have a lot harder time grasping it

I can be diplomatic when I want to be. I just choose not to be here. The reality is that the people who come to this site are running a site themselves. That means getting hands dirty at times, and that means stepping up to the plate. If you're not prepared to do these things, you shouldn't really be running a site (NB: I'm not saying that everyone needs to learn PHP inside and out and get ZCE or whatever, but being prepared to do something does help!)

See, anti spam questions are by far the single most effective tool, when done properly. But that requires people to actually do something - and people just want a magic bullet. As irritating as it is, the broader base of immunity that Kindred talks about is the nearest to that right now.

Bob Perry of Web Presence Consulting

Quote from: Arantor on April 08, 2013, 09:51:53 PM
See, anti spam questions are by far the single most effective tool, when done properly. But that requires people to actually do something - and people just want a magic bullet. As irritating as it is, the broader base of immunity that Kindred talks about is the nearest to that right now.

I've not disagreed with anti-spam questions & lots of them, you are right on there... but I disagree that people just want a magic bullet, what they really want is leadership, someone to hold their hand and show them where to go and what to do to get what they want & goes a bit deeper than just SMF business, the world has become a mass of chaotic and unorganized thinking mixed with emotional turmoil & those in control are loving it, but the flip side is that the situation shows signs that it could all backfire in the face of those that would see us as a species crumble & fall...

Best Regards,
Bob Perry



"The world is moving so fast these days that the man who says it can't be done is generally interrupted by someone doing it." Elbert Hubbard

Arantor

Quotebut I disagree that people just want a magic bullet,

Yes, they do. They just want the problem to go away. They don't really care how. Looking through the support topics is good evidence of this.

Quotethe world has become a mass of chaotic and unorganized thinking mixed with emotional turmoil & those in control are loving it, but the flip side is that the situation shows signs that it could all backfire in the face of those that would see us as a species crumble & fall...

Those in power don't like a populace that can think.

Advertisement: