Jump to content

Bots / Scripts Can Register on 2.3.5


Guest Katsuma

Recommended Posts

  • Replies 161
  • Created
  • Last Reply

How would we check that?



Talk with reCaptcha, they can create page for you (returning "Ok", for example), class_core_captcha check link/replies and call appropriate class. U can make check page on your server (refresh reCaptcha server every 5 min.). Another way - "task", running regularly and insert server status in reCaptcha or other table.
Link to comment
Share on other sites

I'm probably stating the obvious here, but I've noticed my site has not had any bots register at all. The differences I can see is that we don't have a mention of IP.Board or the version on our forums.


I assume you paid for the copy write removal?
Link to comment
Share on other sites

I'm having a significant spam problem as well.

A 'member' appeared on the forums and created a topic in a forum at random.

Title: Looking for seek-url on your site!!!


Description: problem


Message: So... good site...


Where search-page on your site.


Can you advise me?



P.S. Anybody know about XRumer 5.0 program? Need an url to it...



One of my members caught it right away. I banned it and enabled admin approval for registrations on top of the email verification. I did some sleuthing and found out that it is a common tactic for 'XRumer' to make a post like this in the hopes that someone would link to the site willingly. The program is Russian made and has claimed to be able to register and post in a large assortment of forum software Ipb, Vbulletin, phpbb, custom software etc...

I found a database that tracks and keeps records of spam bots and over the past few day the registrations have been pilling up in the admin panel and everyone is failing the check with the database. I banned inbox.ru mail.ru, cashette.com emails but a good few have gone to using gmail.

Much like the person above I have custom fields, only mine are optional. In the (3) fields the bot puts the Username in the first one, something related to the name in the second one, and google in the last one.

Each bot uses a different email, username, and ip.

---

I'm glad to say that the spammers haven't succeeding in posting since that fist message, but between server emails, sifting through real registrations and fake ones, and the overall thought that some jack*** is smirking behind some machine while I whittle away is starting to make me lose it. I consider this a short term solution, because if this continues I'll eventually quit sifting through the registrations and my forum will be dead in the water. Does anyone know of anyway to stop this for good?

The only thing I can think of is .htaccess but a post on a site that distributes xrumer mentioned the following:

The list of user agent now can be edited in file x_user_agent.txt




any ideas for what I can do?

//Edit: I checked the user agent of one of the malicious IP Addresses, it's using a Valid windows opera 9.0 string.
"Opera/9.0 (Windows NT 5.1; U; en)"

I don't want to ban a valid agent just to get rid of bots. Is there some way to implement a Q & A field in Ipb?
If not I would love to see an option to switch between a Q&A verification or a captcha in IPB 3


//Second Edit

Whoops I didn't catch the update, I was so caught up in the spammer I missed it. Sorry about this, I'll install the update and see if it stops them. Glad to see IPB reacting so swiftly though.
Link to comment
Share on other sites

Another interesting note is that if you use Converge to handle registrations (no, not let IPB use Converge, but actually force IPB to send registrations to Converge) to handle, it's something so completely unexpected, that the bots don't work. In my case, I force registrations to a Converge install on a completely different subdomain, and it seems to do the trick.

Link to comment
Share on other sites

Well, up until a week ago, I never had a problem with spambots. However, in the last week, there's scores of them registering. Even updating the improved CAPTCHA has not stopped them and more arrive on a daily basis. Grrrrr! :(

I've obtained my recaptha keys and have upgraded to 2.3.6 :rolleyes:

Here's hoping.

Link to comment
Share on other sites

Applied the update and removed the administrator approval process, caught about three online late last night trying to register and they all failed. I'm going to keep a close eye on it but I think the update did it for me.

Looking forward to 3.0, keep up the good work invisionpower. :)

Link to comment
Share on other sites

well, i just did the follow the letter to the t, added the questions and we went from close to 400 spam tries to 0 the second i did it. my tech guy will still apply the new fix, but i was impressed that i was able to take care of it by doing the custom question.

Link to comment
Share on other sites

It's normal question. reCaptcha server may be stopped or DDos-ed. Board engine [b]must[/b] check it and switch to internal captcha.



Eh, I see a problem with that. If you code the board to check, and ReCaptcha has region specific unaccessability (say you can't access in Raleigh NC but everywhere else works fine, due to ISP/DNS issues) the board would show it as being acessable and you'd still see a empty spot.

So you'd have to code for the users browser to check, and if it fails, to show the board's captcha. Then a bot could just simply block the Recaptcha request, make it fail, and use the older style captcha built into IPB.

Darn robots. And I just finished watching Terminator: SCC too!
Link to comment
Share on other sites

itsnt it also a good idea just to put *@gmail.com and *@googlemail.com as one of your black list emails? i mean it seems like everyone who got spammed was from a google email service. :huh:



No because many human people use it.
Link to comment
Share on other sites

  • 1 month later...

Considering I now have 3000 spam accounts on my forum, does anyone know of a SQL query I can run to get rid of them all? I was thinking along the lines of:

DELETE * from ibf_members WHERE 'location' = "Google"



Which I know won't work, but you see my line of thinking...

Link to comment
Share on other sites

Considering I now have 3000 spam accounts on my forum, does anyone know of a SQL query I can run to get rid of them all? I was thinking along the lines of:



DELETE * from ibf_members WHERE 'location' = "Google"



Which I know won't work, but you see my line of thinking...




What you can do is let all visitors who register put them to a new group lets say pre-member, and once they post they can be moved automatically to
members group.
Link to comment
Share on other sites

What you can do is let all visitors who register put them to a new group lets say pre-member, and once they post they can be moved automatically to


members group.



That's a decent idea to manage new registrations that may be occuring from suspicious persons (or bots that may bypass the captcha prior to the 2.3.6 captcha fonts and backgrounds) but it doesn't address the issue of having hundreds or thousands of suspected "validated" spam accounts.

Some methods I have been evaluating for sites we manage:

I think that many of us have been focusing heavily on looking for publicly visible SPAM posts in our IPB forums, but we have to remember that these bots or malicious human members may be quietly sending out SPAM via private messages to your members. Some of these recipients may simply get annoyed and leave your community without even signaling the issue. Often a member may think that a forum is somehow explicitly allowing this type of PM SPAM ... which, I'm sure, is far from the truth for most forum managers. Just my $0.02 ;) Rob
  1. [*]Do a targetted mailing to all member accounts with zero posts since the bot attacks started in October 2008. Ask them to post an introductory message in a "Introductions" forum. [*]After 7-14 days, delete (or move into a restricted member group) all member accounts that have not been active and/or posted. [*]Send an email to your well established members (i.e. > 50 posts) asking them to check for, and report, any SPAM being sent through PM by members - especially recently registered members with little or no public forum activity.






Link to comment
Share on other sites

Thats not really what I asked. I've implemented the security question idea which has now stopped spam registrations. However I currently have 3000 existing spam accounts that I want to get rid of. Instead of spending hours deleting each account manually I was wondering if anyone knew the SQL to do it?

Link to comment
Share on other sites

Thats not really what I asked. I've implemented the security question idea which has now stopped spam registrations. However I currently have 3000 existing spam accounts that I want to get rid of. Instead of spending hours deleting each account manually I was wondering if anyone knew the SQL to do it?



Are these account easily identifiable and if so, how ?
Link to comment
Share on other sites

Yes, they all used the same information in certain fields:



Location: google


Drives: 143040


Member of a local club? 143040



I was going to base my delete query on any member where the location = google.



ok here is what I would do.

Setup a new group for member to be deleted and run the following SQL query replacing xx with the new member group id.

update ibf_members set mgroup=xx where id = (SELECT e.id FROM ibf_member_extra e where e.location='google')



Then use the manage members to find members for mass delete and select the group for deleted members.

Note: I have not tested this SQL query.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...