News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Bots, Hacking and Other Mischief

Started by BillLeeDee, April 20, 2013, 09:17:47 AM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4
User actions

trlacey

#60
March 16, 2014, 02:03:54 PM
Please read my very first Post.  The question is clearly there.

Kindred

#61
March 16, 2014, 02:08:15 PM
Oh, for the love of gods....


Your initial question has been answered several times.

There are no known vulnerabilities in smf 2.0.6 or 2.0.7.
The bots that you are seeing are just hitting your site, and probably three million ore sites, looking for ways to post spam, or gather data, or hit an old vulnerability....
Or potentially not even related to smf. I get hit with script kiddie attempts, daily, trying to exploit Wordpress hacks, even though my site has never run Wordpress.

Both I and suki have addressed your question. We have expounded upon the answers. You don't seem willing to accept the answer that there is nothing really the matter with what you saw... And nothing really to be done. You banned the addresses. Good for you. That will work, but is probably not even necessary.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

trlacey

#62
March 16, 2014, 02:12:40 PM
Oh for the love of God...

The question wasn't whether SMF was vulnerable.  Do you even read?  The question was, why are these "bots" here.  You've clearly summarily dismissed many people in this thread by saying that they're harmless "information gatherers".  You're clearly wrong.  Get your facts straight before you answer in these threads.

Suki

#63
March 16, 2014, 02:18:34 PM

OK, lets see:

Quote
My server has been inundated with requests for an SMF Forum that used to exist but doesn't anymore.

yes, this is a recurrent problem, when you delete a portion of your site, it doesn't mean that it will immediately be erased from the Internet, the bot that is targeting your site has some old or outdated info about your site, on this info your SMF forum still appear in existence.

Quote
There will be 20 or so requests, all from different IP Addresses all over the world, for the same Forum, in succession.

This is what a bot typically does, the IPs from all over the world are, most of the time, infected PCs (colloquially known as "Zombie PC")

As long as the PC is on, the bot will be running.

Quote
All of the requests are within a second of each other.

Yes, as I explained before, bots will hit anything, anywhere, anytime, they are designed tht way because its cheaper to do it like that.

Quote
The final hit is when they request a GET / with a Referer of forum.<yourdomainname>.com, which, unless you have a machine called that, should never, EVER, happen.

If your domain name was publicly available, you can be a target for those bots, if you ever had any link comming to your site, you will be target by bots. This is why I say bots harvest everything, while they harvest any data, they can also harvest any links looking for potential new victims.

Quote
I've written code in my server to immediately Blacklist these IP's.  Obviously they're infected in some way and are targeting SMF Forums.

Good to know you addressed the issue.  The IPs aren't infected, rather the PCs behind those IPs are the ones been infected.  SMF is indeed a target as so does every other web application out there.

Quote
These attacks happen roughly three or four times per day.

Yes, like I already explained, as long as a bot can hit your site it will hit your site.


Thank you for raising your concern.
Disclaimer: unless otherwise stated, all my posts are personal and does not represent any views or opinions held by Simple Machines.

trlacey

#64
March 16, 2014, 02:26:19 PM
So now we've all finally come to the conclusion that these bots are infected and harmful.  Thanks for the answer.  It is what I said in the first place.

Suki

#65
March 16, 2014, 02:30:45 PM
Quote from: trlacey on March 16, 2014, 02:26:19 PM
So now we've all finally come to the conclusion that these bots are infected and harmful.  Thanks for the answer.  It is what I said in the first place.

Yes, in a general sense. Glad you finally found whatever you were looking for.
Disclaimer: unless otherwise stated, all my posts are personal and does not represent any views or opinions held by Simple Machines.

trlacey

#66
March 16, 2014, 02:35:49 PM
I'm looking for knowledge.  If you have it, bring it on.  If you don't, don't bother Posting.

Suki

#67
March 16, 2014, 02:47:08 PM
Quote from: trlacey on March 16, 2014, 02:35:49 PM
I'm looking for knowledge.  If you have it, bring it on.  If you don't, don't bother Posting.

Sure, always glad to assists in any way I can, I wonder, however, if this still holds any meaning:

Quote from: trlacey on March 16, 2014, 01:51:38 PM
I will definitely let you know if you are polite and work with me.

Anyway, your issue was been resolved and all your questions and statements has been addressed.  I will now proceed to lock this topic since we are going no where on it.  Feel free to post any more questions you might have in order to pursue your quest for knowledge :)
Disclaimer: unless otherwise stated, all my posts are personal and does not represent any views or opinions held by Simple Machines.
Print
Go Up Pages 1 2 3 4
User actions
Advertisement: