Banning and dealing with a relentless Spammer and Brute Force New User

Started by stoo23, January 16, 2025, 10:06:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

stoo23

January 16, 2025, 10:06:11 PM Last Edit: January 16, 2025, 10:24:12 PM by stoo23
Hi all,

Since early December, one of our forums has been seeing a Lot of decidedly 'dodgy' and unwanted new registrations from very dubious entities, most of whom are listed as Spammers.

I have deleted any posts made and when noticed early, Banned them, as Permanent Full bans.
Most are the usual Spam Bomber types, they register but never return to post as the questions are too hard (or the 'Bot' has been fouled),... BUT, I have One User by the name of;
'BryanUtigo' using IP ranges supplied by 'VPN-Consumer-Network' based in the Netherlands, who has quite honestly been relentless.
He has used ALL of one IP range from .01 to .254 and others to keep attempting a Log-In on the forum.
No 'Validation' is happening.
I have banned him by ALL the Parameters available including User Name and yet, after adding his most used IP range to the permanent deny list on the server firewall, lo and behold, he is back, Same User name, completely different IP range Now via 'SkyNet' based in,... wait for it, ... Russia !!!??  ::)  :-*  ;)

I would have thought the Full Ban, would have precluded that ??
How do I Delete and/or Ban this User Name from continuously attempting to Log In ??

Should I Modify my Full Ban, to ONLY his chosen User name ??

Simply wondering what the Best or reccommended method is :)
cheers,
Stewart

Aleksi "Lex" Kilpinen

#1
January 17, 2025, 01:05:05 AM
Well, if you ban a username, you don't really know it's them before they try to log in, so you can't really stop them from trying.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

GL700Wing

#2
January 17, 2025, 01:33:07 AM
Maybe consider trying to prevent spammers from registering new user accounts in the first place through the use of 10-20 complex verification questions which need to be answered everywhere verification is required (eg, registration, post count is less than a certain value, guest searches, guest posting, guests reporting posts, etc).

Also, verification questions can be made more difficult to answer (and more effective) when used in conjunction with the Image for Anti-Spam Verification Questions mod.
Life doesn't have to be perfect to be wonderful ...

Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

stoo23

#3
January 17, 2025, 05:39:53 PM
Quote from: Aleksi on January 17, 2025, 01:05:05 AMWell, if you ban a username, you don't really know it's them before they try to log in, so you can't really stop them from trying.
;)  :)  Yeah, I guess Not,...  :D

This is what I have had Heaps of, sometimes up to 4 times a day:


It really does make one Wonder just what the 'interest' in our forum is, or the ultimate purpose of these attempted Log-Ins,.. it's a forum for Bespoke Tailors and Clothing 'Hobbyists' ??  ::)  ;D

Quote from: GL700Wing on January 17, 2025, 01:33:07 AMMaybe consider trying to prevent spammers from registering new user accounts in the first place through the use of 10-20 complex verification questions which need to be answered everywhere verification is required (eg, registration, post count is less than a certain value, guest searches, guest posting, guests reporting posts, etc).

Also, verification questions can be made more difficult to answer (and more effective) when used in conjunction with the Image for Anti-Spam Verification Questions mod.

We already Have a number of 'Verification' Questions set for Registration AND initial 'Postings' etc, which works quite well, as often they Register but either Never return OR 'post' anything but often include 'Casino' URL's on their Profile etc  ;)  Guests, can ONLY 'browse', Not Post.

I must admit, I have often thought about the use of a 'Unique' Image in the manner of that Mod', so thanks, I will seriously consider it's use  :)

I must say, one thing that Might be nice, is if the Validation questions, could be 'Rotated/Changed' Randomly, via a Preset somewhere in the Admin' section  :)

GL700Wing

#4
January 17, 2025, 06:05:41 PM
Quote from: stoo23 on January 17, 2025, 05:39:53 PMI must say, one thing that Might be nice, is if the Validation questions, could be 'Rotated/Changed' Randomly, via a Preset somewhere in the Admin' section  :)
In addition to three custom fields that must be completed as part of the registration process I have defined +30 verification questions for use with the following custom image and three must be answered each time - no spammers on my forum!
You cannot view this attachment.
Life doesn't have to be perfect to be wonderful ...

Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

stoo23

#5
January 17, 2025, 06:32:09 PM
Hmmm, OK so from your reply am I correct in assuming the Three (3) questions are randomly presented out of the collection of the Thirty (30) that you have created ??

GL700Wing

#6
January 17, 2025, 07:55:21 PM
Quote from: stoo23 on January 17, 2025, 06:32:09 PMHmmm, OK so from your reply am I correct in assuming the Three (3) questions are randomly presented out of the collection of the Thirty (30) that you have created ??
Yes - that's how it works!
Life doesn't have to be perfect to be wonderful ...

Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Sir Osis of Liver

#7
January 17, 2025, 08:29:45 PM
The main advantage of the mod is it provides a simple way to create 30 questions.  If it's breached (never seen that happen) you can just change the image and the questions.

I've seen forums that used just questions that were so simple a dog could answer them, and others that were so complicated you'd have to search for an hour to get in.
When in Emor, do as the Snamors.
                              - D. Lister

stoo23

#8
January 17, 2025, 08:45:50 PM
Thanks all, for the advice etc  :)  8)

GL700Wing

#9
January 18, 2025, 12:15:17 AM Last Edit: January 18, 2025, 03:59:16 AM by GL700Wing
Quote from: Sir Osis of Liver on January 17, 2025, 08:29:45 PMThe main advantage of the mod is it provides a simple way to create 30 questions.  If it's breached (never seen that happen) you can just change the image and the questions.

I've seen forums that used just questions that were so simple a dog could answer them, and others that were so complicated you'd have to search for an hour to get in.
The other advantage of this mod is that spambots can't see the image so trying to register using brute force answers and/or by using AI to try and interpret/decipher the questions doesn't work for them ...
Life doesn't have to be perfect to be wonderful ...

Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Dave J

#10
January 18, 2025, 08:51:01 AM
Quote from: stoo23 on January 16, 2025, 10:06:11 PMHi all,

Since early December, one of our forums has been seeing a Lot of decidedly 'dodgy' and unwanted new registrations from very dubious entities, most of whom are listed as Spammers.

I have deleted any posts made and when noticed early, Banned them, as Permanent Full bans.
Most are the usual Spam Bomber types, they register but never return to post as the questions are too hard (or the 'Bot' has been fouled),... BUT, I have One User by the name of;
'BryanUtigo' using IP ranges supplied by 'VPN-Consumer-Network' based in the Netherlands, who has quite honestly been relentless.
He has used ALL of one IP range from .01 to .254 and others to keep attempting a Log-In on the forum.
No 'Validation' is happening.
I have banned him by ALL the Parameters available including User Name and yet, after adding his most used IP range to the permanent deny list on the server firewall, lo and behold, he is back, Same User name, completely different IP range Now via 'SkyNet' based in,... wait for it, ... Russia !!!??  ::)  :-*  ;)

I would have thought the Full Ban, would have precluded that ??
How do I Delete and/or Ban this User Name from continuously attempting to Log In ??

Should I Modify my Full Ban, to ONLY his chosen User name ??

Simply wondering what the Best or reccommended method is :)
cheers,
Stewart

If you have a persistent spammer who's coming from a certain IP e.g 186.30.20.40 try adding the following to the .htaccess in the root of your site. Then add the first 3 sets of numbers as shown below. I would suggest that before you do that check your 'Forum► Administration Center► Members► View all Members' then click on 'IP Address' at the top of the page to see if any current known good members are using that IP, if not go ahead and add it to the file. If they get past that then remove the last digits so it's 186.30 if you have to add more IPs to the list just use a space between the number sets so it would be '186.30.20 187.31.21 188.32.22' etc

Code Select
Allow from all
<Files 403.shtml>
order allow,deny
allow from all
</Files>
Deny from 186.30.20
It's been working OK like that for me for a long time now, I do also use GL700Wing's mod for the bots

stoo23

#11
February 16, 2025, 10:36:25 AM
Quote from: GL700Wing on January 17, 2025, 06:05:41 PM
Quote from: stoo23 on January 17, 2025, 05:39:53 PMI must say, one thing that Might be nice, is if the Validation questions, could be 'Rotated/Changed' Randomly, via a Preset somewhere in the Admin' section  :)
In addition to three custom fields that must be completed as part of the registration process I have defined +30 verification questions for use with the following custom image and three must be answered each time - no spammers on my forum!
You cannot view this attachment.

Hey, :) Hi again, I have finally managed to load this on my Test forum and simply have a couple of questions :)
You suggest, you have a 'List' of 30 Questions for your Image, of which Only Three are shown.

To Implement a Similar 'Rotational' series of questions, do I Create, (Up to 30 individual Questions in the section provided), .... then Only Set Three (3) in the 'Number of verification questions user must answer' Box ??

Thanks in advance :)
Stewart
Print
Go Up Pages1
User actions
Advertisement: