Advertisement:

Author Topic: Fake guests, bots and login attempts  (Read 852 times)

Offline dekatria

  • Jr. Member
  • **
  • Posts: 109
  • Leave Nothing
    • roulette30 on Facebook
    • roulette30 on LinkedIn
    • @@roulette30 on Twitter
    • How to play Roulette
Fake guests, bots and login attempts
« on: November 06, 2019, 05:53:57 PM »
I'm having a problem.
For reasons that are outside of the topic, someone is trying to overload my forum.
I'm not having problems with spam as I have enabled admin approval and I don't get many registrations anyway.
But I'm getting MANY bot visits.
Where I had less than a  hundred guests per hour, I'm now having thousands. And thousands login attempts.
I installed bad behavior and HttpBL, but I'm still having problems.
I even installer LoginVerification and LoginSecurity mods.
But the bots continue to use my server resources.

Any help is welcome. My host suggested to me to... "use CAPTCHA" (LOL, where? how?)

I'm thinking that I could deter those login attempts if the login fields where not visible and one had to login or register via the menu links.
How can I safely disable the:
"Welcome, Guest. Please login or register...." form?

Offline dekatria

  • Jr. Member
  • **
  • Posts: 109
  • Leave Nothing
    • roulette30 on Facebook
    • roulette30 on LinkedIn
    • @@roulette30 on Twitter
    • How to play Roulette
Re: Fake guests, bots and login attempts
« Reply #1 on: November 06, 2019, 07:46:26 PM »
Btw, most of those fake guest are coming from China and using Linux.
Would be possible to block those who meet both these conditions? Maybe with some htaccess code?

Offline Sir Osis of Liver

  • SMF Hero
  • ******
  • Posts: 9,868
Re: Fake guests, bots and login attempts
« Reply #2 on: November 06, 2019, 08:21:41 PM »
Mods will not stop bots from hosing your forum, they'll just block them from registering.  If you block ips in .htaccess, they won't touch the forum.

https://htaccessbook.com/block-ip-address/

Offline Biology Forums

  • SMF Hero
  • ******
  • Posts: 3,779
    • StudyForcePS on Facebook
    • @studyforceps on Twitter
Re: Fake guests, bots and login attempts
« Reply #3 on: November 06, 2019, 09:03:10 PM »
Mods will not stop bots from hosing your forum, they'll just block them from registering.  If you block ips in .htaccess, they won't touch the forum.

https://htaccessbook.com/block-ip-address/


Bad idea, this is good for 1 or 2 ips, but overloading htaccess will bring down the server.

Offline Sir Osis of Liver

  • SMF Hero
  • ******
  • Posts: 9,868
Re: Fake guests, bots and login attempts
« Reply #4 on: November 06, 2019, 09:12:36 PM »
Never seen that happen.  Blocking ip range is sometimes ineffective, but doesn't usually affect server load adversely.

Offline dekatria

  • Jr. Member
  • **
  • Posts: 109
  • Leave Nothing
    • roulette30 on Facebook
    • roulette30 on LinkedIn
    • @@roulette30 on Twitter
    • How to play Roulette
Re: Fake guests, bots and login attempts
« Reply #5 on: November 06, 2019, 09:55:23 PM »
My host is Siteground and they have usually good support. In this issue their technical team was useless. They do pointed me to my server stats though.
There I saw that the vast majority of traffic was from china and using linux.

All the mods I mentioned in op didn't made a difference, completely ineffective in my case. As ineffective were .htaccess codes like 6g firewall and others. I was receiving thousands of guest visitors per hour.

What made a difference was use Coudflare, which fortunately was offer seamlessly by my host (free version).
I added some firewall rules, like country and threat score and linux and it seems my guests have come down to realistic levels again.
« Last Edit: November 06, 2019, 10:50:11 PM by dekatria »

Offline a10

  • Charter Member
  • Sr. Member
  • *
  • Posts: 965
Re: Fake guests, bots and login attempts
« Reply #6 on: November 07, 2019, 02:55:56 AM »
^^^ As a coincidence, the last few days a large bunch of china ip's have appeared. Nearly all from Chinanet, and Unknown Action.
2.0.17, ssl, php 7.3.14, 10.3.21-MariaDB
Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,937
  • Gender: Male
    • Kindred-999 on GitHub
Re: Fake guests, bots and login attempts
« Reply #7 on: November 07, 2019, 11:10:20 AM »
Mods won't help....    You need to block them at the HTAccess level, as suggested...

Bad idea, this is good for 1 or 2 ips, but overloading htaccess will bring down the server.


this is untrue.  A well formed DENY set in HTACCESS works just fine and has never crashed my server, in 5 years of using htaccess deny to prevent china and russia IPs
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,980
    • StoryBB/StoryBB on GitHub
Re: Fake guests, bots and login attempts
« Reply #8 on: November 07, 2019, 11:11:53 AM »
If you put too many individual IPs into an htaccess, on an already overloaded server, yes, you can break it. But that’s usually a symptom of a site outgrowing overly stingy hosting.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,937
  • Gender: Male
    • Kindred-999 on GitHub
Re: Fake guests, bots and login attempts
« Reply #9 on: November 07, 2019, 11:12:47 AM »
ok, that's true...

if you have a bad host, then there are all sorts of things that will go wrong. :)
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Biology Forums

  • SMF Hero
  • ******
  • Posts: 3,779
    • StudyForcePS on Facebook
    • @studyforceps on Twitter
Re: Fake guests, bots and login attempts
« Reply #10 on: November 07, 2019, 01:16:40 PM »
Quote
Bad idea, this is good for 1 or 2 ips, but overloading htaccess will bring down the server.

Speaking from EXPERIENCE

Quote
this is untrue.  A well formed DENY set in HTACCESS works just fine and has never crashed my server, in 5 years of using htaccess deny to prevent china and russia IPs

Do not take advice from this man. Clearly you've never operated a server

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,980
    • StoryBB/StoryBB on GitHub
Re: Fake guests, bots and login attempts
« Reply #11 on: November 07, 2019, 01:31:11 PM »
He operates a server just fine, as do I. The difference is we don’t run sites too large for the resources available to save money, and don’t add vast swathes of individual IP addresses when we could use blocks.

Or better, iptables if your resources are really that constrained.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,937
  • Gender: Male
    • Kindred-999 on GitHub
Re: Fake guests, bots and login attempts
« Reply #12 on: November 07, 2019, 01:59:43 PM »
IN short, Mr Biology Forums....     you have commented on something that other people know more about than you and those people have told you that you are wrong... but then you attempted to double down on being wrong by being insulting....

Using .htaccess to deny blocks from china, russia or any other collected set is demonstrably the correct way to do things as I have a decent host and I have been using such deny blocks for years now without affecting my server performance at all.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline dekatria

  • Jr. Member
  • **
  • Posts: 109
  • Leave Nothing
    • roulette30 on Facebook
    • roulette30 on LinkedIn
    • @@roulette30 on Twitter
    • How to play Roulette
Re: Fake guests, bots and login attempts
« Reply #13 on: November 07, 2019, 04:42:01 PM »
FYI,

This is the result of Cloudflare firewall rules I set:
https://prnt.sc/ptxyi3

The China bots when realized they couldn't get thru, stopped the attack.
The majority of bots are "on paper" legitimate bots like msn, semrush, opensiteexplorer etc.

Offline delta5

  • Jr. Member
  • **
  • Posts: 300
    • @@kd8hmo on Twitter
    • FedUpWithLiberals.com
Re: Fake guests, bots and login attempts
« Reply #14 on: November 10, 2019, 11:54:34 PM »
If you happen to have the Succuri firewall, it has geo blocking. Just click the countries that you want to block. Default settings are Russia, China, and Turkey. I block n. Korea and France too.

Offline Kiriakos GR

  • Jr. Member
  • **
  • Posts: 206
  • Gender: Male
    • @ITTSB_EU on Twitter
Re: Fake guests, bots and login attempts
« Reply #15 on: November 12, 2019, 07:37:31 AM »
I did IP ban due my forum to 3000 IP, all of them get the  famous nag message SORRY you cannot register ... YOU ARE BANNED for EVER.

SMF this is strong enough to handle sever thousands members, by the same engine YOU can push away several thousands unwanted IPs too. 

Cpanel IP Block, is a known problematic app about handling large htaccess files.
Cpanel team does not do anything to improve  IP Block module, I did personally reported the issue on their Forum. 

Cpanel those days tripled their pricing per month,  I am now switching hosting server and  the new one will not using Cpanel.
   
Some people keep spreading misinformation that htaccess file can crash a server,  these are trash in worth comments.
When and if  Cpanel -> IP Block module starts malfunctioning, it will start blocking and non listed IPs .

Regional firewall block this is also a stupid idea,  several thousands Europeans and Americans they are now located and working in China.
       

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,937
  • Gender: Male
    • Kindred-999 on GitHub
Re: Fake guests, bots and login attempts
« Reply #16 on: November 12, 2019, 10:42:39 AM »
Once again, you give some not so good recommendations...

Although SMF *CAN* handle that size of ban list, it's not recommended at all...

Every BAN that you add inside of SMF takes resources on EVERY PAGE LOAD...  because SMF has to load itself on the connection attempt, then process (and trigger if needed) the various bans...  If you have 3000 bans in your list, then your system is making a query and processing 3000 potential matches every page load.

the .htaccess route is the correct way to implement bans on IPs (which are mostly useless anyway, when targeted to a specific IP, because it is so simple to get a proxy set up and use a different IP ---even htaccess IP Bans should be by block)

As for banning blocks of IP by country...    depends on your forum and your target audience.
I run several forums which are local.   I block all IPs from outside the US - because no one outside of our area in the US belongs in the forum.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.