Strange Spam Posts

Started by Stanyy, January 13, 2019, 11:05:28 AM

Previous topic - Next topic

Stanyy

Hi,

So apparently, some bots have been posting on my forum. I have custom verification questions on registration which has worked quite well for several years, until recently.

Now I'm not sure if they're getting in through the registration page.

The funny thing is, even though they have posts, their post count says "0".
In my messages table, all their entries have an "id_topic" of "0".
Also, if I try to view their posts from the forum, I get this error:
Wrong value type sent to the database. Integer expected. (id_msg)

I'm confused. I have a feeling they might not be making these posts via the post form.

Any ideas? Thanks.

vbgamer45

Does it say a line/file number?
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Stanyy

Quote from: vbgamer45 on January 13, 2019, 11:14:14 AM
Does it say a line/file number?

Hi,
No it doesn't. That's all the error says.

I wanted to go to their profiles to delete their accounts (including all topics and posts) but their post count says "0" which isn't right, and going ahead with the delete might screw things up, I guess.

vbgamer45

Anything related in the error log? Or if show the errors from that user?
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Stanyy

Quote from: vbgamer45 on January 13, 2019, 11:30:41 AM
Anything related in the error log? Or if show the errors from that user?
No, nothing related in the error log.

Stanyy

I just ran "Find and Repair any Errors" from Forum maintenance and got these...
See screenshots. https://imgur.com/a/z3GpxSO


PS: It says the upload folder is full if I try to attach images here.

Kindred

First... if you have had the same questions for years, then you need to change them.

What php version are you running?
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Stanyy

Quote from: Kindred on January 13, 2019, 12:32:41 PM
First... if you have had the same questions for years, then you need to change them.

What php version are you running?

Yes, I have switched to reCaptcha.
I am running php 7.1.26

Stanyy

The 'Find and Repair any Errors' tool combined all the messages into one topic so I was able to delete them and the bot accounts.
Now I am hoping that reCaptcha would prevent them from getting in again.

GigaWatt

"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Stanyy

Quote from: GigaWatt on January 13, 2019, 01:00:41 PM
http://www.simplemachines.org/community/index.php?topic=531660.msg3776163#msg3776163

I believe my questions were somewhat better.
For example, I have an anagram of a local meal of a small tribe in my country, then I would ask for the correct name.
Another example is: I would give an ad-lib or phrase usually said by a local musician in my country and ask for their stage name.

I have about 20 of these questions, and they worked for years. It's possible that a bot found the answer to one of them and then hammered the registration page repeatedly until they got that question.

There's also a possibility that they did not get in via the registration page, but that's unlikely the case.

Kindred

Do you run tapatalk?
If so, that is likely how they got in.

But yes... bits do catalog questions and answers.
If you used the same questions dr years, then it is very likely that the questions were slowly cataloged
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

delta5

Kindred, would the stopforumspam.com mod help block his spammers if they are coming through tapatalk?

Illori


Shambles

If they are accessing via Tapatalk, untick this option in your Tapatalk settings:

"Automatic approval for user registered from Tapatalk"


Also, consider disabling this option:

"In-App Registration"

Kindred

Or just get rid of tapatalk completely, which would be my suggestion
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Stanyy

Quote from: Kindred on January 13, 2019, 02:06:47 PM
Do you run tapatalk?
If so, that is likely how they got in.

But yes... bits do catalog questions and answers.
If you used the same questions dr years, then it is very likely that the questions were slowly cataloged

No I don't use tapatalk.
Yeah, they probably found the answer to one or more of the questions.
But I still can't fathom how they could have made those posts.

live627

Can you post a list of your installed mods?

Stanyy

Quote from: live627 on January 13, 2019, 06:53:41 PM
Can you post a list of your installed mods?

1.   reCAPTCHA for SMF   2.0.0
2.   FAQ Mod   2.0
3.   Simple Audio Video Embedder   4.5
4.   404 on Missing Topics/Boards   2.1
5.   Optimus   1.9.6
6.   Drafts   1.1.5
7.   InLine Attachments   1.2.1
8.   SMF 2.0.14 Update   1.0
9.   SMF 2.0.13 Update   1.0
10.   SMF 2.0.12 Update   1.0
11.   SMF 2.0.11 Update   1.0
12.   SMF 1.1.21 / 2.0.10 Update   1.0
13.   Elastic EMail for SMF   1.1
14.   Auto Twitter Embed   1.0
15.   SEO Sitemap   2.2.1
16.   SMFPacks Alerts Pro   2.0.9
17.   Smart Pagination   0.8.2
18.   BBCode with style   1.5.1
19.   Add Table, Td, Tr Button   1.0
20.   Buddies With Me (aka Followers)   2.0
21.   Contact Page   3.2
22.   SMF Activity Stream PRO   1.0.14
23.   SMF Arcade   2.51
24.   EmailValidator   1.0
25.   Flat Emoji (Twitter Emoji)   1.0
26.   SMFPacks Likes Pro Mod   2.0.7
27.   SMF 1.1.20 / 2.0.9 Update   1.0
28.   SMF 2.0.8 Update   1.0
29.   SMF 2.0.7 Update   1.0
30.   Personalized BBC   1.8
31.   Team Page   4.0.1
32.   Edit All Message Titles   0.1.1
33.   Pretty URLs   1.0RC5.2
34.   SMFShop   3.3.2
35.   Ad Seller Pro   2.1
36.   Count unread replies 2.0 RC3   2.0
37.   Downloads System   2.1a
38.   SMF 1.1.19 / 2.0.6 Update   1.0
39.   Birthday On Register   1.0
40.   SMF 2.0.5 Update   1.0
41.   PrettyCacheCleaner   0.1
42.   Recent Topics On Board Index   1.03
43.   SMF 2.0.4 Update   1.0
44.   Wireless/RSS amount displayed   1.2.1
45.   SMF 2.0.3 Update   1.0
46.   Custom Action Mod   3.2
47.   Related Topics   1.401
48.   SMF Articles   2.0.1
49.   Sitemap   2.2.0
50.   GoogAd Mod v.1.4   1.3
51.   PM to New Members   1.2
52.   Default Avatar   2.2
53.   BxK's WAP Mod   1.4-2
54.   SimplePortal   2.3.4
55.   Custom Copyright   1.0.2

Stanyy

Another bot has registered and posted a similar topic, even with reCaptcha.

Also, yet another bot has posted to my recycle board as a guest.
The permissions for my recycle board doesn't allow guests to post topic or replies.

I think one of my mods has it's legs open but I have no clue which one.

Advertisement: