SMF 2.1.6 errors

b4pjoe · July 02, 2025, 01:04:34 PM

Keep getting this error a lot since upgrading to SMF 2.1.6. It only happens to guest users. Any idea how to fix?

You cannot view this attachment.

b4pjoe · July 03, 2025, 11:19:42 AM

This morning there were 57 of these errors in the error log. Has no one else experienced this after updating to 2.1.6?

Kindred · July 03, 2025, 12:19:35 PM

Looks to me as if bots and spiders are hitting your likes...

But no, I have not seen those errors

b4pjoe · July 03, 2025, 01:23:36 PM

Thanks for the reply. The ability to Like a post is not available to guests. They can see Likes that people have liked and can click the Like to see who liked a post but when I do that logged out and viewing as a guest it does not generate the error. Why would this only start after upgrading to 2.1.6? Never got this once under 2.1.4. Not sure about 2.1.5 because it was only around for a few days.

shawnb61 · July 03, 2025, 02:05:13 PM

They are *viewing* the likes, not liking something.

Viewing likes is visible to guests.

I saw similar earlier, from all kinds of different hosts, mainly from China:
https://www.simplemachines.org/community/index.php?topic=590069.0

I have blocked FB from crawling me via .htaccess. As well as those Chinese bots.

It really was weird... They were crawling the whole site, focusing on the likes. "Likes" attacks...

b4pjoe · July 03, 2025, 02:50:34 PM

Quote from: shawnb61 on July 03, 2025, 02:05:13 PMThey are *viewing* the likes, not liking something.

I don't think viewing the likes is what is causing this. If I logout and view likes as a guest it doesn't generate the errors. Plus I only started getting these errors immediately after upgrading to SMF 2.1.6.

shawnb61 · July 03, 2025, 03:09:16 PM

You have a valid referring url. Not all crawlers do.

https://scamalytics.com/ip/43.163.104.89

You need to think about blocking that guy.

shawnb61 · July 03, 2025, 03:25:25 PM

Note that referring url errors can come from other sources also:
https://www.simplemachines.org/community/index.php?topic=592148.0

Or... Just a badly written bot.

b4pjoe · July 03, 2025, 05:16:29 PM

Here is a list of IP's since my last post that have generated these errors:

43.156.181.50
43.156.5.235
43.134.125.57
43.163.102.56
43.153.212.106
43.128.67.168
43.134.93.198
43.156.54.7
43.134.178.89
43.163.100.202
43.134.48.50
43.156.28.152
43.163.91.186
43.153.225.47
43.134.117.138
43.156.19.206
43.163.95.209
43.163.115.11
43.128.106.173
43.156.36.26
43.153.194.236
43.133.49.48
43.128.87.231
43.159.52.154
43.134.136.217

119.28.105.166

101.32.244.173

129.226.92.181

All of the ones that start with 43 and the one that starts with 119 are from Tencent Cloud Computing in Singapore.

The other two are from Aceville Pte.ltd also in Singapore.

Is there an easy way to block this many...and probably more IP addresses?

Kindred · July 03, 2025, 05:22:58 PM

Use htaccess to block the range

shawnb61 · July 03, 2025, 06:03:11 PM

That's kind of a big topic... What I do...

(1) See if I can find the ASN of the biggest offender. When you do a whois IP lookup, you usually see something like

Code Select

% Information related to '43.156.0.0/18AS132203'

route:          43.156.0.0/18
origin:         AS132203
descr:          ACEVILLE PTE.LTD.
                16 COLLYER QUAY
                #18-29
                INCOME AT RAFFLES
mnt-by:         MAINT-ACEVILLEPTELTD-SG
last-modified:  2021-12-17T04:09:15Z
source:         APNIC

... and the ASN above is AS132203

(2) Find all IPs for that ASN. Using a tool like this: https://hackertarget.com/as-ip-lookup/
(3) But that list of CIDRs is long... 1000+ entries. I will then use a tool to clean those up. I wrote one, discussed here: https://www.simplemachines.org/community/index.php?topic=592124.0
The above tool will whittle the 1000+ down to ~150.
(4) I confirm I have no users within those IP ranges. I use Excel, with a copy of my member list in it. I create a vlookup to confirm or deny any users are in those ranges. If no users are, I add the appropriate lines into .htaccess.

After cleaning, AS132203 ends up looking like the following. I only use the ipv4 entries:

Code Select

1.12.0.0/20
1.12.34.0/23
1.201.184.0/22
1.201.188.0/23
43.128.0.0/17
43.128.128.0/19
43.128.192.0/18
43.129.0.0/16
43.130.0.0/17
43.130.128.0/18
43.130.224.0/19
43.131.0.0/18
43.131.224.0/19
43.132.0.0/18
43.132.68.0/24
43.132.96.0/19
43.132.128.0/17
43.133.0.0/16
43.134.0.0/16
43.135.0.0/17
43.135.128.0/18
43.135.192.0/19
43.152.64.0/20
43.152.80.0/21
43.152.90.0/23
43.152.92.0/22
43.152.96.0/20
43.152.112.0/22
43.152.116.0/23
43.152.224.0/19
43.153.0.0/16
43.154.0.0/15
43.156.0.0/15
43.158.0.0/17
43.159.0.0/18
43.159.128.0/17
43.160.0.0/17
43.160.128.0/19
43.160.160.0/20
43.160.192.0/18
43.161.0.0/18
43.161.128.0/17
43.162.0.0/15
43.164.0.0/18
43.164.128.0/17
43.165.0.0/16
43.166.0.0/17
43.166.128.0/18
43.166.224.0/19
43.167.0.0/16
43.173.0.0/16
45.40.216.0/21
45.146.112.0/23
49.51.32.0/20
49.51.48.0/22
49.51.52.0/23
49.51.64.0/20
49.51.80.0/21
49.51.128.0/18
49.51.192.0/19
49.51.224.0/23
49.51.228.0/22
49.51.232.0/21
49.51.240.0/20
101.32.0.0/18
101.32.64.0/20
101.32.94.0/23
101.32.96.0/19
101.32.128.0/18
101.32.192.0/19
101.32.224.0/22
101.32.238.0/23
101.32.240.0/20
101.33.4.0/23
101.33.30.0/23
101.33.32.0/20
101.33.48.0/21
101.33.56.0/22
101.33.64.0/18
101.33.128.0/18
103.7.28.0/22
103.238.16.0/23
119.28.0.0/17
119.28.128.0/18
119.28.192.0/19
119.28.224.0/20
119.29.29.0/24
120.53.52.0/23
120.88.56.0/23
121.4.4.0/22
124.156.96.0/19
124.156.128.0/17
129.226.0.0/20
129.226.48.0/20
129.226.64.0/18
129.226.128.0/17
150.109.0.0/18
150.109.64.0/20
150.109.80.0/21
150.109.90.0/23
150.109.92.0/22
150.109.96.0/19
150.109.128.0/21
150.109.138.0/23
150.109.140.0/22
150.109.144.0/20
150.109.160.0/19
150.109.192.0/18
156.240.88.0/22
162.14.0.0/19
162.14.32.0/21
162.14.48.0/20
162.62.10.0/23
162.62.14.0/23
162.62.42.0/23
162.62.48.0/20
162.62.64.0/20
162.62.80.0/21
162.62.96.0/19
162.62.128.0/23
162.62.132.0/22
162.62.136.0/21
162.62.144.0/20
162.62.160.0/21
162.62.168.0/22
162.62.208.0/20
162.62.224.0/20
170.106.0.0/16
182.254.116.0/24
182.254.118.0/24
203.205.128.0/23
203.205.134.0/23
203.205.136.0/21
203.205.144.0/22
203.205.155.0/24
203.205.157.0/24
203.205.188.0/24
203.205.191.0/24
203.205.192.0/21
203.205.218.0/23
203.205.220.0/22
203.205.224.0/24
203.205.232.0/21
203.205.248.0/21
210.171.232.0/21
210.180.74.0/23
211.56.92.0/22
211.152.128.0/23
211.152.148.0/23
211.152.154.0/23
211.152.158.0/23
240d:c000:1000::/36
240d:c000:2000::/35
240d:c000:6000::/36
240d:c000:7000::/44
240d:c000:f000::/44
240d:c000:f020::/43
240d:c000:f040::/42
240d:c000:f0c0::/42
240d:c010:14::/48
240d:c010:16::/48
240d:c010:20::/44
240d:c010:30::/48
240d:c010:58::/48
240d:c010:5c::/48
240d:c010:68::/48
240d:c010:6f::/48
240d:c040::/43

b4pjoe · July 05, 2025, 08:35:47 AM

Quote from: Kindred on July 03, 2025, 05:22:58 PMUse htaccess to block the range

I'm not having much luck with getting a range of IP's blocked. My web server is running LiteSpeed and not Apache. Could that be the problem I am having using something like this in .htaccess? (IP's below are just samples and not what I am entering for IP addresses)

Code Select

Order Allow,Deny
Deny from 192.168.1.0/24
Deny from 203.0.113.*
Allow from all

b4pjoe · July 05, 2025, 08:36:21 AM

Quote from: shawnb61 on July 03, 2025, 06:03:11 PMThat's kind of a big topic... What I do...

(1) See if I can find the ASN of the biggest offender. When you do a whois IP lookup, you usually see something like
Code Select Expand
% Information related to '43.156.0.0/18AS132203' route: 43.156.0.0/18 origin: AS132203 descr: ACEVILLE PTE.LTD. 16 COLLYER QUAY #18-29 INCOME AT RAFFLES mnt-by: MAINT-ACEVILLEPTELTD-SG last-modified: 2021-12-17T04:09:15Z source: APNIC
... and the ASN above is AS132203

(2) Find all IPs for that ASN. Using a tool like this: https://hackertarget.com/as-ip-lookup/
(3) But that list of CIDRs is long... 1000+ entries. I will then use a tool to clean those up. I wrote one, discussed here: https://www.simplemachines.org/community/index.php?topic=592124.0
The above tool will whittle the 1000+ down to ~150.
(4) I confirm I have no users within those IP ranges. I use Excel, with a copy of my member list in it. I create a vlookup to confirm or deny any users are in those ranges. If no users are, I add the appropriate lines into .htaccess.

After cleaning, AS132203 ends up looking like the following. I only use the ipv4 entries:
Code Select Expand
1.12.0.0/20 1.12.34.0/23 1.201.184.0/22 1.201.188.0/23 43.128.0.0/17 43.128.128.0/19 43.128.192.0/18 43.129.0.0/16 43.130.0.0/17 43.130.128.0/18 43.130.224.0/19 43.131.0.0/18 43.131.224.0/19 43.132.0.0/18 43.132.68.0/24 43.132.96.0/19 43.132.128.0/17 43.133.0.0/16 43.134.0.0/16 43.135.0.0/17 43.135.128.0/18 43.135.192.0/19 43.152.64.0/20 43.152.80.0/21 43.152.90.0/23 43.152.92.0/22 43.152.96.0/20 43.152.112.0/22 43.152.116.0/23 43.152.224.0/19 43.153.0.0/16 43.154.0.0/15 43.156.0.0/15 43.158.0.0/17 43.159.0.0/18 43.159.128.0/17 43.160.0.0/17 43.160.128.0/19 43.160.160.0/20 43.160.192.0/18 43.161.0.0/18 43.161.128.0/17 43.162.0.0/15 43.164.0.0/18 43.164.128.0/17 43.165.0.0/16 43.166.0.0/17 43.166.128.0/18 43.166.224.0/19 43.167.0.0/16 43.173.0.0/16 45.40.216.0/21 45.146.112.0/23 49.51.32.0/20 49.51.48.0/22 49.51.52.0/23 49.51.64.0/20 49.51.80.0/21 49.51.128.0/18 49.51.192.0/19 49.51.224.0/23 49.51.228.0/22 49.51.232.0/21 49.51.240.0/20 101.32.0.0/18 101.32.64.0/20 101.32.94.0/23 101.32.96.0/19 101.32.128.0/18 101.32.192.0/19 101.32.224.0/22 101.32.238.0/23 101.32.240.0/20 101.33.4.0/23 101.33.30.0/23 101.33.32.0/20 101.33.48.0/21 101.33.56.0/22 101.33.64.0/18 101.33.128.0/18 103.7.28.0/22 103.238.16.0/23 119.28.0.0/17 119.28.128.0/18 119.28.192.0/19 119.28.224.0/20 119.29.29.0/24 120.53.52.0/23 120.88.56.0/23 121.4.4.0/22 124.156.96.0/19 124.156.128.0/17 129.226.0.0/20 129.226.48.0/20 129.226.64.0/18 129.226.128.0/17 150.109.0.0/18 150.109.64.0/20 150.109.80.0/21 150.109.90.0/23 150.109.92.0/22 150.109.96.0/19 150.109.128.0/21 150.109.138.0/23 150.109.140.0/22 150.109.144.0/20 150.109.160.0/19 150.109.192.0/18 156.240.88.0/22 162.14.0.0/19 162.14.32.0/21 162.14.48.0/20 162.62.10.0/23 162.62.14.0/23 162.62.42.0/23 162.62.48.0/20 162.62.64.0/20 162.62.80.0/21 162.62.96.0/19 162.62.128.0/23 162.62.132.0/22 162.62.136.0/21 162.62.144.0/20 162.62.160.0/21 162.62.168.0/22 162.62.208.0/20 162.62.224.0/20 170.106.0.0/16 182.254.116.0/24 182.254.118.0/24 203.205.128.0/23 203.205.134.0/23 203.205.136.0/21 203.205.144.0/22 203.205.155.0/24 203.205.157.0/24 203.205.188.0/24 203.205.191.0/24 203.205.192.0/21 203.205.218.0/23 203.205.220.0/22 203.205.224.0/24 203.205.232.0/21 203.205.248.0/21 210.171.232.0/21 210.180.74.0/23 211.56.92.0/22 211.152.128.0/23 211.152.148.0/23 211.152.154.0/23 211.152.158.0/23 240d:c000:1000::/36 240d:c000:2000::/35 240d:c000:6000::/36 240d:c000:7000::/44 240d:c000:f000::/44 240d:c000:f020::/43 240d:c000:f040::/42 240d:c000:f0c0::/42 240d:c010:14::/48 240d:c010:16::/48 240d:c010:20::/44 240d:c010:30::/48 240d:c010:58::/48 240d:c010:5c::/48 240d:c010:68::/48 240d:c010:6f::/48 240d:c040::/43

Thanks for the info but that seems to be way above my knowledge.

shawnb61 · July 05, 2025, 09:36:05 AM

More info may be found here:
https://www.simplemachines.org/community/index.php?msg=4179600

& examples here:
https://github.com/sbulen/SMF-bot-hygiene

b4pjoe · July 05, 2025, 09:52:28 AM

Quote from: shawnb61 on July 05, 2025, 09:36:05 AMMore info may be found here:
https://www.simplemachines.org/community/index.php?msg=4179600

& examples here:
https://github.com/sbulen/SMF-bot-hygiene

Thank you. Would these things still work since my host uses LiteSpeed instead of Apache?

shawnb61 · July 05, 2025, 10:01:27 AM

I'm not familiar with Litespeed, TBH.

A quick search says it is designed to be a drop-in replacement for apache, and that yes, it does honor .htaccess.

Ottokar · July 05, 2025, 01:12:20 PM

Over 700 attacks in 3 days here.
I used a Ban to block the attackers IP ranges.

IP: 129.226.0.0-129.226.255.255
IP: 43.133.0.0-43.133.255.255
IP: 43.156.0.0-43.156.255.255
IP: 150.109.0.0-150.109.255.255
IP: 43.134.0.0-43.134.255.255
IP: 43.163.0.0-43.163.255.255
IP: 101.32.0.0-101.32.255.255
IP: 43.128.0.0-43.128.255.255
IP: 124.156.0.0-124.156.255.255
IP: 31.173.0.0-31.173.84.103
IP: 178.176.0.0-178.176.255.255
IP: 89.113.0.0-89.113.255.255
IP: 83.220.0.0-83.220.255.255
IP: 91.193.0.0-91.193.255.255
IP: 43.153.0.0-43.153.255.255
IP: 119.28.0.0-119.28.255.255
IP: 43.159.0.0-43.159.255.255

Kindred · July 05, 2025, 02:07:15 PM

Using smf ban system is the wrong way to do it

a10 · July 05, 2025, 02:32:16 PM

It's botworld, probably forever from now on, following the rise of AI.

Seeing 10000 to 20000 guests (unique ip's!) \ 720 minutes, in the good old days used to be 750 or so.

Temporarily using smf ip ban is fine to get the overview, gives good info for further actions, htaccess.

shawnb61 · July 05, 2025, 02:43:33 PM

Quote from: a10 on July 05, 2025, 02:32:16 PMIt's botworld, probably forever from now on, following the rise of AI.

Yep.

Quote from: a10 on July 05, 2025, 02:32:16 PM10000 to 20000 guests (unique ip's!) \ 720 minutes, in the good old days used to be 750 or so.

If you're talking about guest stats on the board index, I have found that this simple change helps. Easily adapted for 2.0.x:
https://github.com/SimpleMachines/SMF/pull/8394/commits/2f2a5e0ae404fd1adb408b87896ce00cca1715ec#diff-4edd47bd0375fd8cc8df23ccd9a41ddb948e0d8f256b8bdfe0d603b104c109dd

It gets rid of bot-caused users online spikes & most_on stat spikes, and gets rid of most corresponding CPU spikes.

Also, if your block lists are getting lengthy, this might help:
https://www.simplemachines.org/community/index.php?topic=592124.0

News:

SMF 2.1.6 errors