News:

Wondering if this will always be free?  See why free is better.

Main Menu

More and more bots are trying to register an account

Started by Wolpo, August 14, 2024, 04:37:08 AM

Previous topic - Next topic

Wolpo

Hello,

there seems to be a new generation of bots, possibly using "artificial intelligence", that try to register an account on my forum and certainly on many other SMF platforms. The problem started some months ago. Nearly every day my error log gets hundreds of entries triggered by various code lines in the Subs.php file. The kind of error varies so much that it makes no sense to discuss them individually. I think the bots just try all kinds of nonsense to register an account. What they have in common is that the backtrace always starts in the Subs.php code, and that they make 8 attempts in less than 1 minute -- maybe even in 1 second; I don't know exactly because the log doesn't show the seconds.

My idea is this: I'd like to implement a special timeout in the error log system. Whenever an error occurs, the system should note the IP address. When any error occurs again before, say, 60 seconds have passed, and the IP is the same as in the previous error, the error should not be stored in the log.

I manually note all logged bot IPs and put them in my htaccess file. This timeout trick would reduce the log list to a small fraction of its conventional size.

Unfortunately, I'm not a php expert. What do the experts think about that idea? I guess this pest with those bots has just started, with the help of AI. It will get worse, not better. They won't stop flooding the error logs via the Subs.php code. What other solutions might help?

Thank you!


Arantor

I think you're chasing the wrong problem.

If you have an error, fix the actual error rather than trying to juggle when the error should or should not be logged.

Even the AI bots hitting registration in bulk shouldn't ordinarily be causing errors.
Holder of controversial views, all of which my own.

Wolpo

OK, I'll post the backtrace lists of the various errors. Should I start a new thread for each kind of error? Or put all into this thread?

Arantor

Holder of controversial views, all of which my own.

Steve

Are any of these marked 'Critical'. If so, post 3 or 4 of the errors here, as Arantor said.
DO NOT pm me for support!

Wolpo

Hi,

here are the latest entries. There are always 8 entries within 1 second or minute. Each 8-pack comes from a different IP address, and each 8-pack contains 8 different errors, always in the same order. Below are all 8 errors:

------------------------------------------------
Type of error
General
Error message
2: foreach() argument must be of type array|object, null given
File
.../Sources/Subs.php Line 4548
URL of page causing the error
.../index.php?action=register;sslRedirect
Backtrace information
    #0: smf_error_handler()
    Called from .../Sources/Subs.php on line 4548
    #1: template_header()
    Called from .../Sources/Subs.php on line 4157
    #2: obExit()
    Called from .../Sources/Errors.php on line 389
    #3: setup_fatal_error_context()
    Called from .../Sources/Errors.php on line 238
    #4: fatal_lang_error()
    Called from .../Sources/Load.php on line 2220
    #5: loadTheme()
    Called from .../index.php on line 227
    #6: smf_main()
    Called from .../index.php on line 184

------------------------------------------------
Type of error
Undefined_vars
Error message
2: Undefined array key "template_layers"
File
.../Sources/Subs.php Line 4548
URL of page causing the error
.../index.php?action=register;sslRedirect
Backtrace information
    #0: smf_error_handler()
    Called from .../Sources/Subs.php on line 4548
    #1: template_header()
    Called from .../Sources/Subs.php on line 4157
    #2: obExit()
    Called from .../Sources/Errors.php on line 389
    #3: setup_fatal_error_context()
    Called from .../Sources/Errors.php on line 238
    #4: fatal_lang_error()
    Called from .../Sources/Load.php on line 2220
    #5: loadTheme()
    Called from .../index.php on line 227
    #6: smf_main()
    Called from .../index.php on line 184

------------------------------------------------
Type of error
Undefined_vars
Error message
2: Undefined array key "can_register"
File
.../Sources/Subs.php Line 5563
URL of page causing the error
.../index.php?action=register;sslRedirect
Backtrace information
    #0: smf_error_handler()
    Called from .../Sources/Subs.php on line 5563
    #1: setupMenuContext()
    Called from .../Sources/Subs.php on line 4357
    #2: setupThemeContext()
    Called from .../Sources/Subs.php on line 4514
    #3: template_header()
    Called from .../Sources/Subs.php on line 4157
    #4: obExit()
    Called from .../Sources/Errors.php on line 389
    #5: setup_fatal_error_context()
    Called from .../Sources/Errors.php on line 238
    #6: fatal_lang_error()
    Called from .../Sources/Load.php on line 2220
    #7: loadTheme()
    Called from .../index.php on line 227
    #8: smf_main()
    Called from .../index.php on line 184

------------------------------------------------
Type of error
Undefined_vars
Error message
2: Undefined array key "session_id"
File
.../Sources/Subs.php Line 5553
URL of page causing the error
.../index.php?action=register;sslRedirect
Backtrace information
    #0: smf_error_handler()
    Called from .../Sources/Subs.php on line 5553
    #1: setupMenuContext()
    Called from .../Sources/Subs.php on line 4357
    #2: setupThemeContext()
    Called from .../Sources/Subs.php on line 4514
    #3: template_header()
    Called from .../Sources/Subs.php on line 4157
    #4: obExit()
    Called from .../Sources/Errors.php on line 389
    #5: setup_fatal_error_context()
    Called from .../Sources/Errors.php on line 238
    #6: fatal_lang_error()
    Called from .../Sources/Load.php on line 2220
    #7: loadTheme()
    Called from .../index.php on line 227
    #8: smf_main()
    Called from .../index.php on line 184

------------------------------------------------
Type of error
Undefined_vars
Error message
2: Undefined array key "session_var"
File
.../Sources/Subs.php Line 5553
URL of page causing the error
.../index.php?action=register;sslRedirect
Backtrace information
    #0: smf_error_handler()
    Called from .../Sources/Subs.php on line 5553
    #1: setupMenuContext()
    Called from .../Sources/Subs.php on line 4357
    #2: setupThemeContext()
    Called from .../Sources/Subs.php on line 4514
    #3: template_header()
    Called from .../Sources/Subs.php on line 4157
    #4: obExit()
    Called from .../Sources/Errors.php on line 389
    #5: setup_fatal_error_context()
    Called from .../Sources/Errors.php on line 238
    #6: fatal_lang_error()
    Called from .../Sources/Load.php on line 2220
    #7: loadTheme()
    Called from .../index.php on line 227
    #8: smf_main()
    Called from .../index.php on line 184

------------------------------------------------
Type of error
Undefined_vars
Error message
2: Undefined array key "id"
File
.../Sources/Subs.php Line 5398
URL of page causing the error
.../index.php?action=register;sslRedirect
Backtrace information
    #0: smf_error_handler()
    Called from .../Sources/Subs.php on line 5398
    #1: setupMenuContext()
    Called from .../Sources/Subs.php on line 4357
    #2: setupThemeContext()
    Called from .../Sources/Subs.php on line 4514
    #3: template_header()
    Called from .../Sources/Subs.php on line 4157
    #4: obExit()
    Called from .../Sources/Errors.php on line 389
    #5: setup_fatal_error_context()
    Called from .../Sources/Errors.php on line 238
    #6: fatal_lang_error()
    Called from .../Sources/Load.php on line 2220
    #7: loadTheme()
    Called from .../index.php on line 227
    #8: smf_main()
    Called from .../index.php on line 184

------------------------------------------------
Type of error
Undefined_vars
Error message
2: Undefined array key "is_guest"
File
.../Sources/Subs.php Line 5393
URL of page causing the error
.../index.php?action=register;sslRedirect
Backtrace information
    #0: smf_error_handler()
    Called from .../Sources/Subs.php on line 5393
    #1: setupMenuContext()
    Called from .../Sources/Subs.php on line 4357
    #2: setupThemeContext()
    Called from .../Sources/Subs.php on line 4514
    #3: template_header()
    Called from .../Sources/Subs.php on line 4157
    #4: obExit()
    Called from .../Sources/Errors.php on line 389
    #5: setup_fatal_error_context()
    Called from .../Sources/Errors.php on line 238
    #6: fatal_lang_error()
    Called from .../Sources/Load.php on line 2220
    #7: loadTheme()
    Called from .../index.php on line 227
    #8: smf_main()
    Called from .../index.php on line 184

------------------------------------------------
Type of error
Undefined_vars
Error message
2: Undefined array key "can_mod"
File
.../Sources/Subs.php Line 5374
URL of page causing the error
.../index.php?action=register;sslRedirect
Backtrace information
    #0: smf_error_handler()
    Called from .../Sources/Subs.php on line 5374
    #1: setupMenuContext()
    Called from .../Sources/Subs.php on line 4357
    #2: setupThemeContext()
    Called from .../Sources/Subs.php on line 4514
    #3: template_header()
    Called from .../Sources/Subs.php on line 4157
    #4: obExit()
    Called from .../Sources/Errors.php on line 389
    #5: setup_fatal_error_context()
    Called from .../Sources/Errors.php on line 238
    #6: fatal_lang_error()
    Called from .../Sources/Load.php on line 2220
    #7: loadTheme()
    Called from .../index.php on line 227
    #8: smf_main()
    Called from .../index.php on line 184

------------------------------------------------


My system: SMF 2.1.4, default theme, no modifications.

Thank you for your kind support and attention.

Arantor

Default theme with no mods... that implies there is a bug in SMF, or possibly several bugs.

One thing I notice, sslRedirect in all cases - would probably move that to htaccess rather than let SMF do the redirection from HTTP to HTTPS. I have a feeling that would resolve your issues.
Holder of controversial views, all of which my own.

Wolpo

Indeed, "Forum SSL mode" is set to "Force SSL throughout the forum".

I do have a general SSL redirect function for my website, but not in any htaccess file as far as I can see; I think I've set the SSL redirect somewhere on my website's admin panel (the panel from my provider, not the forum admin panel).

I'll check ...

Thanks.

Wolpo

More than 24 hours have passed since I disabled the SSL mode, and no entries have occured in the log. That's a good sign that this trick was the solution. But I want to wait a few weeks to be sure it's no coincidence ...

Steve

I'm going to mark it solved now instead of in a 'few weeks'. If the problem does reoccur, by all means, mark it unsolved and continue with your questions.
DO NOT pm me for support!

Wolpo

#10
I just realized, since I disabled the SSL mode there has been a side effect:

As usual, notification mails contain various links to the forum. That's fine. But they are all "http" instead of "https". Can I set this to https somewhere on the forum's admin panel? I can't find anything.

I thought I had a general domain-wide auto-redirect to https somewhere. But I haven't. Also, I tried certain redirect codes in the htaccess at the top of the file as described by various serious experts, but they failed. Maybe I get this to work sometime, but I think the first and more elegant step should be to get https links in the notification mails.


Arantor

Server Settings contains the primary forum URL, which should be https at this point.
Holder of controversial views, all of which my own.

Wolpo

I'm on Admin > Maintenance > Server Settings > General.

Can't find any URL edit field.

I also looked at the other pages under "Server Settings": Database, Cookies and Sessions, Security, Caching, Data Export, Load Balancing, PHP Info.

Can't find any URL edit field.


shawnb61

#13
Something is still configured http.

SMF's "force SSL on" feature does a soft redirect with "sslRedirect" in the url when https is not being used.  I.e., if everything were consistently https, you'd have never seen "sslRedirect" in the url. 

Note that turning "force SSL on" from off to on will change SMF urls from http to https, including the board url, avatars, images, themes, languages, etc.  It will only do so if a cert is detected, so it should be safe.

I would suggest turning it back on.  If the stray http setting is an SMF setting, it will fix that.  (If the errors recur with "sslRedirect" in the URL, that would suggest some other URL - likely a mod - is still configured for http.)

As for the original errors, they seem to be related to loading the theme.  First guess is that you somehow had managed to get 'force ssl' on but some theme was still left http. 

I'm not sure how that can happen, tbh, but the fix either way is to find the stray http setting and fix that. 

I suggest 3 steps:
 - Look at all URLs & change any http to https.  Look at the board, avatars, themes, etc.  repair_settings.php may help.
 - Turning force ssl back on will address any SMF URLs that were somehow missed, if any.
 - Setting up a proper .htaccess http=>https redirect, to cut over to https even further upstream.

Assuming your URLs are all configured https, you don't really need both, but having both doesn't hurt.
A question worth asking is born in experience & driven by necessity. - Fripp

shawnb61

Quote from: Wolpo on August 25, 2024, 01:28:39 PMI'm on Admin > Maintenance > Server Settings > General.

Can't find any URL edit field.

For the board url, I believe you need to look in Settings.php.

For avatars, look under Forum | Attachments and Avatars | Avatar settings.

For smileys, look under Forum | Smileys and Message Icons | Smiley settings.

For the theme urls, look under Configuration | Themes and Layout | Theme Settings.
A question worth asking is born in experience & driven by necessity. - Fripp

Wolpo

Thank you very much, Shawn. Ha :-) I'm so blind. But there was a technical problem too. Anyway, I think it's fixed now.

Here are my steps to fix everything, thanks to your great hints:

1.
Settings.php indeed had an http URL. Don't know why I missed that during my check two hours ago. Too blind. But it could be that I intentionally kept it at http some years ago when I changed to SSL, because changing it to https caused my theme to disappear. I tried it again today and the theme was gone; all was shown in unformatted plain text. Anyway, now it has the https URL. The missing theme will be fixed in the steps below.

2.
I checked the avatars under Forum | Attachments and Avatars | Avatar settings: All OK on https.

3.
Smileys under Forum | Smileys and Message Icons | Smiley settings: All OK on https.

4.
Themes under Configuration | Themes and Layout | Theme Settings:
At "Base URL to the same directory:" there was the correct https URL.
But in the paragraph above that, under "SMF Default Theme - Curve2", there are these two indications in italic font:
"URL to above directory:"
"URL to images directory:"
These two still indicated "http" URLs. Eventually I noticed the button with the label "ATTEMPT TO RESET ALL THEMES", located at the lower right of the page. I clicked it, and those URL indications in italic font changed from http to https according to the entry at "Base URL to the same directory:".
The theme is now shown as usual. And everything's on https. "Force SSL" is off.

Thanks again! :-)

(I expected that the subdirectories for themes, smileys etc. were based on the base URL in Settings.php.)

Arantor

Themes etc are not based on the value in Settings.php for the few sites that use separate URLs entirely for these values, so you can serve theme assets from a different domain to reduce cookies for performance.

I know of precisely one site that does this.
Holder of controversial views, all of which my own.

Wolpo

Quote from: Arantor on August 25, 2024, 05:32:50 PMThemes etc are not based on the value in Settings.php for the few sites that use separate URLs entirely for these values, so you can serve theme assets from a different domain to reduce cookies for performance.

I know of precisely one site that does this.

I see. -- Now, which site does it? Is it simplemachines org here? :-)

Kindred

In other words... once you change Settings.php,  you also need to change the theme settings AND the attachment settings AND the avatar settings...

Plus any mods that you have that define a url.

That's the cause for your "theme appears unformatted"
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

Quote from: Wolpo on August 25, 2024, 08:49:26 PM
Quote from: Arantor on August 25, 2024, 05:32:50 PMThemes etc are not based on the value in Settings.php for the few sites that use separate URLs entirely for these values, so you can serve theme assets from a different domain to reduce cookies for performance.

I know of precisely one site that does this.

I see. -- Now, which site does it? Is it simplemachines org here? :-)

Yes. It is a decision that was practical for this site but I lament that we never figured out a smarter way to solve this problem that doesn't push one site's edge case into everyone else's problem.
Holder of controversial views, all of which my own.

Advertisement: