I'm mystified -- I'm getting hundreds of new potential spammers a day.........

[Deprecated]

I don't want to give my URL but anybody I know here with good creds I'll reply in a PM and you can check out my registration settings.

I have the registration set to the second most hardest CAPTCHA and had 3 fairly complicated questions (requiring math and counting) yet I'm getting like 100-200 registrations a day, all of them in the approval queue (waiting for them to verify their email address).

I've just increased the # questions to 12 including "You do understand we have a bit of a spam problem?" just as an ironic question.

I don't know where the heck they are all coming from. Too many to track down. I just wrote a custom mod and installed it to see if I can see if they are coming from one country or a few. (I just CloudFlared the forum today and using their country ID feature.)

I'm not getting any significant spam but my approval queue is getting a few hundred more unapproved members every day!


I have written my own CDS over the last several years and I have the feature that I can ban entire countries based on IP address, and it has done a lot of good in terminating kiddy scripters. I'm about to write the same mod for SMF, just pick your least favorite countries and black hole the whole darned country.

I've already banned about every ISP in Pakistan and that helped a lot for a while on my SMF 2.0.9 forum. On my own CDS I've banned RU, UA, CZ, MD, RO, too many hackers vs. the little legitimate traffic I get from these countries.

This is like your kitchen being invaded by ants. I have these mysterious, likely 'botted getting past the second hardest CAPTCHA  plus 3 now 12 questions.

In my more paranoid moments I wonder if they have access to my MySQL database! (Not gonna happen, my host 1&1 won't allow direct connections from the Internet to their MySQL databases.)

Do you have any idea where all these insects are coming from? I guess I can just DELETE FROM `smf_members` WHERE `is_activated` = '0'; (or something like that) and I guess my database could take tens of thousands of members (about 10K legit members at present)...

But it just bugs me. Where are all these unvalidated account applications coming from? My forum has ants!

[Arantor]

Math questions are useless. As are any questions that can be searched on Google.

Try: Spam - my forum is flooded with spam, what can I do , has some other suggestions.

[Deprecated]

Thanks Arantor, you're quick. You're either up late or lots of west from me (in SoCal here). I had just one math question, now gone. I left the google question since it requires a bit of thought. After I post I'll PM you the URL and you can check it out if you'd do me the favor.

I did read the link you posted. I'm mostly in compliance other than installing the mods.

You remind me of my old days when I used to spend several hours a day here at SMF helping out. Even got helper of the month award once.

[Deprecated]

Well I guess you don't want to receive PMs from me. I tried. Maybe somebody else will have an idea.

[Bruce the Shark]

Well I guess you don't want to receive PMs from me. I tried. Maybe somebody else will have an idea.

Bro your welcome to PM me anytime but i dought it if i can help you out.

[Kindred]

Additionally - back in Novemeber, a new database came online filled with 90% of the questions/answers for forums around the world. (and yes, I am serious - they had humans document the correct answers and then loaded the database)

You notonly have ot have GOOD questions, you have to have a BUNCH of questions that randomly cycle.
For example, I have 10 questions written - of which 3 are asked for any registration - but a bigger pool would be even better.
If you just have 3 questions, always the same, they will break in as humans and document it in a short time.

[Chas Large]

I've been using this Stop Spammer mod for years, it works very well. It's not been updated in a while but it works with 2.0.x upwards, just emulate 2.0 to install it.

[Edit] Link corrected.

[Deprecated]

Additionally - back in Novemeber, a new database came online filled with 90% of the questions/answers for forums around the world. (and yes, I am serious - they had humans document the correct answers and then loaded the database)

You notonly have ot have GOOD questions, you have to have a BUNCH of questions that randomly cycle.
For example, I have 10 questions written - of which 3 are asked for any registration - but a bigger pool would be even better.
If you just have 3 questions, always the same, they will break in as humans and document it in a short time.

Doh!!! That's why you make the big bucks Kindred! That is the best damned advice I have received on this forum since my recent return to activity!

I didn't know about the cycling thing. Your explanation perfectly explains why we are getting so many bot applications, because one guy figured out all our questions, and from then on his bot can register thousands of accounts. That is exactly what is happening!!! Mystery solved!!!

I'll head over in a few minutes and add another several questions, maybe 20 or so, and set it to maybe 3-4 to be asked at random. I bet that works!

Thanks bud! I owe you one!

___________

ETA:

I just went over and set it to 4 questions and I currently have 10 to randomize from. I'm going to think up maybe another 10 or so and change the ones I've been using so his bot will have incorrect answers.

My typical question is like "Which digit is 5th in the number 13564852?" That is so easy to change and I'm going to enjoy the thought that I've thrown a wrench in his annoying bot.

Then a quick manual MySQL query and I'll empty the approval queue and be done with him! Also I can go in every week or so and change the questions to stay ahead of him.

This topic is solved!!! I'm sure that will work! Thanks again!!!

__________________

By the way, that advice is good enough to put in the the explanation of how to use the question feature. Either it is not obvious or maybe I'm a dummy, but that never occurred to me.

[Bob Perry of Web Presence Consulting]

I'll head over in a few minutes and add another several questions, maybe 20 or so, and set it to maybe 3-4 to be asked at random. I bet that works!

Yep, the more the better... and also the more "abstract" the questions are the better... but don't make them so difficult to answer that its impossible for the legit users, balance the difficulty/abstractness...

[margarett]

Then a quick manual MySQL query and I'll empty the approval queue and be done with him! Also I can go in every week or so and change the questions to stay ahead of him.

You shouldn't be doing this, as there other tables that SMF updates when you remove a member

You should create a PHP script, include SSI in it, then fetch the ($smcFunc['db_query']) IDs of the unnaproved members, include Sources/Subs-Members.php and pass them as an array to the function deleteMembers. It will perform all of this (in your case, most will be skipped, but that's the proper way to do it )

Code Select Expand

void deleteMembers(array $users, bool check_not_admin = false)
- delete of one or more members.
- requires profile_remove_own or profile_remove_any permission for
  respectively removing your own account or any account.
- non-admins cannot delete admins.
- changes author of messages, topics and polls to guest authors.
- removes all log entries concerning the deleted members, except the
  error logs, ban logs and moderation logs.
- removes these members' personal messages (only the inbox), avatars,
  ban entries, theme settings, moderator positions, poll votes, and
  karma votes.
- updates member statistics afterwards.

[Deprecated]

I just had to come back and cackle! I now have 30 questions, and 3 required. With three samples a shot at 30 total it is going to take the hacker a very long time to figure it out, particularly when I notice the not approved list starting to grow again and I'll just go change the questions again.

Thanks for the suggestion margarett.

[Deprecated]

Um, marg, what tables do you suggest I should weed? I've already deleted several thousand members via MySQL. None of them ever activated so no avatars, no PMs, etc.

I understand the SMF database petty well, just the table names will get me there.

Also, can anybody tell me what table the questions and answers are stored in? I'm afraid I got carried away and I must have 3 dozen questions now. They are all stupid simple, or barely above that but they'll mess up my hacker really good. I think this measure will make him give up and go away. I'll dump the table, reformat and post the data in my admin section and have my supermod verify their validity.

Does anybody have a conjecture why the hacker is doing this? I'm not getting any spam -- just thousands of members waiting for activation.

[margarett]

There's no one targeting you directly Just a bunch of automated bots trying to spam whatever they can find

About the members, you need to check smf_settings mostly. Last registered member, and total members, IIRC (but I'm on the phone now)

Edit: about the questions I don't remember off-hand but you can search phpmyadmin for one of them, it should get you there

[Deprecated]

Thanks marg. I was pretty much planning on just skimming through the tables via PMA and should be able to find it.

And I did figure out the member count would have to be edited, easy to do, just one query on smf_members and put that number in the member count. Last registered member will fix itself.


I still don't get it though. I'm getting all these registrations, no activations, no spam. Maybe they were planning to blitz me and didn't realize I know SMF inside and out, and don't realize I have the capability to write a custom mod just to get rid of them. Too bad I can't have a selfie when this jerk realizes I put his game out of business on my forum.

[Deprecated]

I just had an idea that somebody might want to make for a mod package: add a setting that will delete non-activated accounts after a set period of time. I'll go post it in the mod suggestions section.

[Deprecated]

Of course I knew the Q & A were in a database table somewhere, but after searching all the obvious places I had to go to the code. I found my answer in ManageSettings.php and the Q & A are stored in `smf_log_comments`

Seems a little un-obvious to me but now that I've found them it will be simple to extract the Q & A from a table SQL dump, format it into a BBcoded table and post it for my supermod to double check me.

It's fun to have a mystery when you know there is an answer, kind of like an Easter egg hunt.

[Steve]

Doh!!! That's why you make the big bucks Kindred!

He wishes!