Who's Online (Was: re: Forum getting swarmed by 500+ guests?)

Bob Clifton · May 14, 2024, 10:46:10 AM

You are not ALONE .
Same with 2.0.19
Several of my sites are getting HAMMERED by Google ,Singapore ,Microsoft , Amazon
from ip's starting with 101.44. 114.119 , and 18.225.56.
The 18's are AMAZON who is selling those to ner do wells or developers they say .
What I dont get is HOW they can even see the boards and threads ,Member profiles ,with not only Guests unchecked where Guests should not be able to see nuttin and even with the sites in off they still get in .
Like was said if I ban a range it may ban some good peeps too but that is what I am having to do then weed out those later .

Aleksi "Lex" Kilpinen · May 14, 2024, 10:58:51 AM

If guests can't see, bots can't either. Many bots will know how the url structure in SMF works though, it's no secret, so they may try, and even if they can't access a try is still a hit to the server.

Bob Clifton · May 14, 2024, 01:20:20 PM

Quote from: Aleksi "Lex" Kilpinen on May 14, 2024, 10:58:51 AMIf guests can't see, bots can't either. Many bots will know how the url structure in SMF works though, it's no secret, so they may try, and even if they can't access a try is still a hit to the server.

That's just it I have Guests checked unable to see and yet they are seeing.
I even put the site in maintainance mode and they still get in. Haveing to just ban one at a time. Most are from IPSHU or Amazon.Apparently they have Back Doors . CRAZY !!!

Aleksi "Lex" Kilpinen · May 14, 2024, 01:23:04 PM

No, like I said, they are not seeing. They are trying, and failing. There is no way a bot will see something a guest can't see, because bots are guests.

Bob Clifton · May 14, 2024, 01:35:51 PM

it currently says Me and 1 Guest are viewing this topic.
Guests are not allowed to view forum untill I Ban this ip they show to be viewing it .
After I ban the ip it says me and o guests after a minute or 2 . are viewing .

Aleksi "Lex" Kilpinen · May 14, 2024, 01:39:57 PM

Any attempt at a valid SMF url will usually be shown in the who's online list,
it will not separate failed attempts from actual access.
It is NOT an access log. You can see this for yourself, quite easily, if you want to:
- Open 2 browsers side by side
- Use 1 logged in, and the other logged out
- With the logged out browser, try to access a topic (by copying and pasting an url from the other browser)
- See Who's Online with the logged in browser.

EDIT:
Topic split from Forum getting swarmed by 500+ guests?

EDIT2:
Also, moved to 2.0 based on the forum in OP's profile links.

Bob Clifton · May 14, 2024, 01:58:01 PM

When I attempt to see my forum as a guest it says I have to log in as a member and
I understand whose online showing me as in the other ip's however it should NOT show them viewing anything.
Viewing anything but sorry guest you are banned from viewing this thread/post whatever OR you must login to see .........
When guests I am getting should not even be able to click on a link I go to the thread it shows me and a guest viewing until I ban that guests ip .
NOW maybe spiders have acsess to the forum and might be scanning the site but they should show up as spiders as I have it checked . IF these others are guising as spiders then maybe that is the problem but I see no way to Block spiders .

Aleksi "Lex" Kilpinen · May 14, 2024, 02:01:14 PM

No, no one has access to the forum. What you see as guest, is what all the crawlers see too.

Bob Clifton · May 14, 2024, 03:58:49 PM

Quote from: Aleksi "Lex" Kilpinen on May 14, 2024, 02:01:14 PMNo, no one has access to the forum. What you see as guest, is what all the crawlers see too.

I HOPE you are right and appreciate your patience however I can not get it through my old head why it shows them in the forum and in the thread when it shows me using a diff ip as as a guest and not able to see or show me looking at anything xcept the message for non member accsess .
Until I ban their ip they show up as actually in the forum or specific thread .
I may take some screen shots and try and show this better .
Thank you .....

shawnb61 · May 14, 2024, 04:08:15 PM

Yes, it can be confusing.

Some bots even run thru various admin & moderation functions... So if you are constantly watching "Who's Online", you may even see "Guest moderating topic xxxx"...

Kindred · May 14, 2024, 08:32:13 PM

Once more: the who's online list is NOT an access log.
It is 100% based on the url being requested... even if that url returns an error to the user, the who's online list will show them as accessing that url action
E.g. reading topic, sending pm, etc... if you have guest access turned off, then guests are setting the error message and nothing shown in that list is what they are SEEING

Steve · May 15, 2024, 08:32:14 AM

@Bob Clifton - I'm going to mark this solved. The question has been asked and the answer given several times. If you don't want to believe the experts on SMF, that's on you.

Bob Clifton · January 29, 2025, 02:56:12 PM

Quote from: Steve on May 15, 2024, 08:32:14 AM@Bob Clifton - I'm going to mark this solved. The question has been asked and the answer given several times. If you don't want to believe the experts on SMF, that's on you.

Thank you ( Aleksi "Lex" Kilpinen,shawnb61,and Kindred )for the information. Been under the weather a while and just now able to reply .

However ( STEVE) I NEVER said I REFUSE to Believe you guys .Just did not understand why I can for example If I go to my site with different browser and watch logged in as Admin on my other and it will NOT allow ME to see Anything as guest from the other browser(just you must log in to see basically) yet shows others looking at boards or posts and shows them in the board under who is viewing yet no guests is checked . Sometimes I notice it showing them printing Topic even with the sight in Maintenance Mode .
Maybe it has something to do with Search Engines crawling the site as was mentioned above ? I don't know . Just think it is peculiar that's all.
So (STEVE) If YOU think everything is Hunky Dorie then I am not concerned about it .
Thank you again ( Aleksi "Lex" Kilpinen,shawnb61,and Kindred ) for your inputs.

Kindred · January 29, 2025, 03:20:12 PM

that is because the "who's online" action list is built based on WHat the URL is -- it has no bearing on whether the user can/did complete the action or not.

If I went to your site and used ?action=admin then it would show a guest accessing the admin area.
As a guest, I would see a "you are not allowed to access this section" or have the boardindex displayed (depending on your setup) -- but *YOU* would see that I was in admin, based on the URL

there is nothing wrong. This is completely Functions As Designed (FAD).

News:

Who's Online (Was: re: Forum getting swarmed by 500+ guests?)