Advertisement:
GCWebhosting

Author Topic: Automated new accounts - hundreds of them...  (Read 5927 times)

Offline sulwen

  • Newbie
  • *
  • Posts: 7
Automated new accounts - hundreds of them...
« on: June 28, 2013, 04:22:17 AM »
SMF version installed: 2.0.4

mods:
1.     RSS Feed Icon    1.1
2.   Stop Spammer    2.3.7
3.   Bot Buster    1.1
4.   DisableTemplateEval
5.   Delete Spam Posts    1.5
6.   SMF 2.0.3 Update    1.0
7.   SMF 2.0.4 Update    1.0
8.   Fix for log spam due to failed attempt of quickmod2 exploit    0.1
9.   Advanced Language Menu    2.2
10.   Simple .htaccess Cache Mod     1.0

Problem:

I get hundreds of new accounts created per hour. At this point StopSpammer is just loading all of them into approval list, so they can't do anything and I am just bulk deleting them, but it is extremely annoying and clearly points at some sort of vulnerability.

Anyone has any ideas?

Offline TheDragon

  • Sr. Member
  • ****
  • Posts: 756
Re: Automated new accounts - hundreds of them...
« Reply #1 on: June 28, 2013, 07:59:29 AM »
what is your URL ?

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,320
  • Gender: Male
    • Kindred-999 on GitHub
Re: Automated new accounts - hundreds of them...
« Reply #2 on: June 28, 2013, 09:22:41 AM »
are you using the "questions" feature in smf 2.0.x?

Stop Spammer is doing exactly what it is supposed to - it is flagging the potential/identified spammers.

If you want to actually STOP the spam registrations, then you need to add additional protections... like questions and bad behavior+httpBL
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline sulwen

  • Newbie
  • *
  • Posts: 7
Re: Automated new accounts - hundreds of them...
« Reply #3 on: June 28, 2013, 10:07:02 AM »
Yes I know that StopSpammer is doing its job and brilliantly.

However... I am using questions. And I have email verification as well. This has nothing to do with a normal account creation process.

Isn't bad behavior+httpBL doubling StopSpammers job a little bit?

And I'm sorry but I'd rather not share url on a public forum, when I've already given exact information about mods used. I hope you understand that TheDragon.

TheListener

  • Guest
Re: Automated new accounts - hundreds of them...
« Reply #4 on: June 28, 2013, 10:11:08 AM »
Quote
And I'm sorry but I'd rather not share url on a public forum, when I've already given exact information about mods used. I hope you understand that TheDragon.

9 times out of 10 this is the only way we can ofer help with a vast majority of problems.

Obviously we would (and have done previously) remove any links when requested to do so.

 :)

The only security I have on my forum is bad behaviour plus two verification questions related to my forums subject.


kat

  • Guest
Re: Automated new accounts - hundreds of them...
« Reply #5 on: June 28, 2013, 10:17:41 AM »
How about trying this?

http://custom.simplemachines.org/mods/index.php?mod=2502

As an off-topic note, why do you have a "DisableTemplateEval" mod installed?

That's a standard feature of SMF v2. So, you really don't need that mod.


Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,320
  • Gender: Male
    • Kindred-999 on GitHub
Re: Automated new accounts - hundreds of them...
« Reply #7 on: June 28, 2013, 10:26:10 AM »
bad behavior + httpBL uses bad behavior and project honeypot to exterminate spam registrations before they complete the registration process.

However... I am using questions. And I have email verification as well. This has nothing to do with a normal account creation process.

Then your questions are not good enough.
(email verification is simple for the bots to handle)
and you have provided no evidence to support your last statement... 
If stop spammer is catching them, then they are , indded going through the normal account creation process.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline TheDragon

  • Sr. Member
  • ****
  • Posts: 756
Re: Automated new accounts - hundreds of them...
« Reply #8 on: June 28, 2013, 10:30:05 AM »
Quote
And I'm sorry but I'd rather not share url on a public forum, when I've already given exact information about mods used. I hope you understand that TheDragon.

sure = I can understand that part
but me = and the PROS here / can look at your register process and make suggestions

u can send us a PM if you want

ANYWAY

I am confused HOW you can get swamped with SPAMMERS ??
if you are REALLY blocking the registrations with email authentication/approval ????
like said above = if you ask verify question(s) = first = to stop bots
then examine the email request for approval

just my 2c




MrPhil

  • Guest
Re: Automated new accounts - hundreds of them...
« Reply #9 on: June 28, 2013, 10:57:26 AM »
Take a look at your questions -- are they trivial? (2 + 2 = ?) Are they common knowledge? They should be something only familiar to your intended audience.

Make sure you have the number of questions displayed set to more than 0. It's common to leave it at the default and then no questions are asked. Have you tried signing up as a test?

Offline sulwen

  • Newbie
  • *
  • Posts: 7
Re: Automated new accounts - hundreds of them...
« Reply #10 on: June 28, 2013, 12:12:49 PM »
Let me answer to all questions in order:

K@: afaik Bad Behaviour is not needed I'll explain later. As to the mod you've mentioned my forum went through many versions and this is possibly a reminder of some old one. I'll remove it, thanks for pointing it out.

Kindred: Tbh I would yet have to see a system which can answer questions in my language as it's not English and questions aren't trivial. There is only one asking for a result of an equation but the equation itself isn't trivial as the last part of it is explained in text.

TheDragon, I may not have made myself clear, nobody is spamming my forum, it's just registrations. I get emails that a new user has registered, that's the type of flood I see. StopSpammer is not allowing them to finish the registration simply because it recognizes the IP/email/username triplet as a spamming source. So not spam. That's why (this is to K@) I think bad Behaviour isn't really needed.

MrPhil: I've already written about triviality of my questions. CAPTCHA in place at medium (my users couldn't read any harder) and one security question.

Thank you for all your suggestions I'll look into it myself and if I find anything I'll let you know.

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,320
  • Gender: Male
    • Kindred-999 on GitHub
Re: Automated new accounts - hundreds of them...
« Reply #11 on: June 28, 2013, 12:49:20 PM »
K@: afaik Bad Behaviour is not needed I'll explain later.

bad behavior + httpBL uses bad behavior and project honeypot to exterminate spam registrations before they complete the registration process.

So... if spammers are egtting through your registration process, even if they are flagged and caught by Stop Spammer, then, obviously, something more is needed.

I have Questions, Stop Forum Spam and Bad Behavior + httpBL.
I have no capthca (which is basically useless against spambots, at this time)
I get 1 or 2 spammers registered and flagged by SFS per month.
At the peak, I had bad behavior stopping 500+ hits to the registration system per day.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline sulwen

  • Newbie
  • *
  • Posts: 7
Re: Automated new accounts - hundreds of them...
« Reply #12 on: June 28, 2013, 12:55:20 PM »
Like I said: "nobody is spamming my forum, it's just registrations."

Account gets opened and flagged by Spam Stopper so it's inactive and it's not posting anything.


Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,320
  • Gender: Male
    • Kindred-999 on GitHub
Re: Automated new accounts - hundreds of them...
« Reply #13 on: June 28, 2013, 12:58:29 PM »
you have AGAIN, missed my point.

With my set up, very few of the spammers even REACH the "stop Spammer" flagged account stage
(none at all make it through to the board)

You complained that you were getting hundreds of accounts flagged as spammers.
install bad behavior+ httpBL and add a honeypot to your site...
this will stop 90% of the spammers before they even get into the registration process and get flagged
(because only spammers who COMPLETED the registration process have an account to BE flagged)
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline sulwen

  • Newbie
  • *
  • Posts: 7
Re: Automated new accounts - hundreds of them...
« Reply #14 on: June 28, 2013, 01:00:31 PM »
Ok, I seem to have everything in order but still something is going through it.
Is it possible that due to the age of that forum (since early versions of 1.0.*) something went wrong with the code and there is a hole there?

I'm thinking I'll just install it clean and import db and then use the same setup as you're suggesting Kindred. Thanks.

Is there any information on how to do it without too much downtime, anywhere?

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,320
  • Gender: Male
    • Kindred-999 on GitHub
Re: Automated new accounts - hundreds of them...
« Reply #15 on: June 28, 2013, 01:18:01 PM »
if you are currently on 2.0.4, then you can just delete your directories and files
/Sources
/Themes
and all files in the root, with the exception of Settings.php (and Settings_back.php)
then - using the large upgrade archive, upload a clean set of files
then - using the clean archive of your cusotm theme, re-upload a clean set of your custom theme files into the correct subdirectory of Themes

*note: you may want to go into the database and truncate the smf_log_packages table
** note2: You may want to go into the database and find (and then clean out) the integration rows of the smf_settings table

by replacing the files, you have reset all of your FILES tyo the default installation\
by doing the database things, you have removed all your MODS, making it a "clean" install for you to start with new mods.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 51,009
Re: Automated new accounts - hundreds of them...
« Reply #16 on: June 28, 2013, 01:21:18 PM »
http://wiki.simplemachines.org/smf/How_to_upload_a_fresh_set_of_files

by uploading a fresh installed.list file in the packages folder it will make it look like all the packages are uninstalled.

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,320
  • Gender: Male
    • Kindred-999 on GitHub
Re: Automated new accounts - hundreds of them...
« Reply #17 on: June 28, 2013, 01:41:10 PM »
Illori...   not quite.
to do it properly, you need to truncate the log_packages table - and you have to remove the hooks
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 51,009
Re: Automated new accounts - hundreds of them...
« Reply #18 on: June 28, 2013, 01:48:05 PM »
that is one way, but i have tested my way and it does mark the packages as uninstalled given they dont have hooks you can reinstall with no problems.

Offline sulwen

  • Newbie
  • *
  • Posts: 7
Re: Automated new accounts - hundreds of them...
« Reply #19 on: June 28, 2013, 02:04:45 PM »
No problem deleting files and truncating table.

Thank you ever so much for help! I'll be back soon with results.