News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Is our forum under attack?

Started by Odessite, August 25, 2019, 10:16:06 AM

Previous topic - Next topic

Odessite

APOLOGIES SHOULD THIS REQUEST BE IN THE WRONG TOPIC
A small number of us are Admin and Mods for a version 2.0.1 SMF forum. The previous owner sold the forum and website. The new owner, after posting a single introductory entry on the forum some 5 months ago, has not logged on since then. We believe he is focusing on the website and has left the forum to us. Unfortunately, we are simply users and without any technical expertise at all.
A couple of months ago, a large number of spammers were able to join. We have cleaned up the forum and introduced a number of bans, some specific and some global, based on IPs and email addresses. All is now calm except for the following:

We are seeing thousands of user error messages:
Sorry Guest, you are banned from using this forum! This ban is not set to expire.
These stem from banned IP addresses, both specific and global that we managed to set-up. These are mainly from Huawei, other Chinese and Russian IPs.
For example:   159.138.128.203  Huawei Hong Kong Clouds and many others in the 159.138.128.NNN series.

It reached the point where we had to prune these yesterday as the log has in excess of 500,000 entries. Already, since the pruning, we have in excess of 70,000 new entries.

Should we simply ignore these or is there something we can do to avoid this?
Thank you.

Irisado

I'll leave a member of the Support Team to help you regarding the issue of error logging, however, another way to avoid all of this is to avoid having so many bans in the first place.  If you have a problem with spammers, the trick is to prevent them from being able to register in the first place, so that you don't actually need to ban them.  This page will help you in that respect: https://wiki.simplemachines.org/smf/Spam_-_my_forum_is_flooded_with_spam,_what_can_I_do
Soñando con una playa donde brilla el sol, un arco iris ilumina el cielo, y el mar espejea iridescentemente

Aleksi "Lex" Kilpinen

Okay, first things first - you really should update the forum.
Secondly, In general, banning by IP is a bad idea to begin with. Banning by ranges even worse. If you really need to ban multiple IP addresses, you do not want to do it in SMF, but on the server level then.

Bots will crawl, and banning a crawler in SMF, you are basically asking them to leave a log of their each visit for you to see.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Looking

 I see those IPs all the time. May be just Baidu and Yandex. I just ignore them so long as they do not overdo to the point of slowing my server.

Odessite

Thank you. Appreciated.

Should we start unblocking all those blanket IP addresses?

Agree, the registration process should be tightened up. We also agree the forum could do with being updated. We tried to get the previous owner to organise both the registration and updating processes but without success even though, at the time, he had technical assistance.

Looking

Quote from: Odessite on August 25, 2019, 12:07:48 PMShould we start unblocking all those blanket IP addresses?
I wouldn't, especially if you are not expecting traffic from those countries. The updates to your software are more critical as mentioned before.

Aleksi "Lex" Kilpinen

Quote from: Odessite on August 25, 2019, 12:07:48 PM
Should we start unblocking all those blanket IP addresses?
In my opinion, it is usually best to try everything else before resorting to using large amounts of IP bans.
So, unless you are convinced these IP addresses are purely malicious - I would remove the bans.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Odessite

Thank you both.

Thanks. We'll try and contact this new owner by asking around. Someone may know him personally within the community. The forum definitely requires an update.

Illori

maybe time to move the forum to another host where someone trusted in the community can manage it  once you find out how to contact the owner.

lurkalot

Disable the registrations for a hour or so, they'll soon stop and go somewhere else.  ;)  While waiting for them to come back you can work on a plan of action.

delta5

I'm not an expert, but I have two forums of my own. You should update to 2.0.15. Then set up the captcha questions. IMO, you should also go to stopforumspam.com and download their spammer ip scanner plugin and install it. Then go into the admin settings for it and check all three boxes for it. That should block almost all known spammers from registering.

Odessite

Quote from: lurkalot on August 25, 2019, 02:14:38 PM
Disable the registrations for a hour or so, they'll soon stop and go somewhere else.  ;)  While waiting for them to come back you can work on a plan of action.

Good idea. Will try this!

I cannot see a LIKE button, so thanks.

Odessite

Quote from: delta5 on August 25, 2019, 07:03:21 PM
I'm not an expert, but I have two forums of my own. You should update to 2.0.15. Then set up the captcha questions. IMO, you should also go to hxxp:stopforumspam.com [nonactive] and download their spammer ip scanner plugin and install it. Then go into the admin settings for it and check all three boxes for it. That should block almost all known spammers from registering.

We are on 2.0.15.

Thanks. I will liaise with the other Mods and Admin volunteers and request they read this topic thread.

As mentioned above, our priority must be to connect somehow with the forum owner so that we can move forward. Of course, the depends upon whether the guy wishes to continue. We have nearly 4,000 users, the majority of whom haven't returned for more than a year, sometimes more. With only about 24 regulars, it may be a question of time before the forum folds.




Aleksi "Lex" Kilpinen

If you are on 2.0.15 then you are up to date, and can disregard my earlier note on updating :)
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Odessite

Quote from: Aleksi "Lex" Kilpinen on August 26, 2019, 04:24:18 AM
If you are on 2.0.15 then you are up to date, and can disregard my earlier note on updating :)

Thanks, appreciated. We're now awaiting a response from the previous forum owner as to whether he can provide a contact address for the current owner.

Since pruning the error messages on the 24th, we have since then accumulated another :

Apply filter of type:   All errors (93284) | General (293) | User (92991)


Illori

without knowing what the errors are, we cannot assist you further in possibly fixing them.

if they are all related to the bans, then just delete them.

Advertisement: