FJ Cruiser Forum banner
1 - 20 of 31 Posts

·
Registered
Joined
·
3,586 Posts
Discussion Starter · #1 ·
mrsmainster said:
Due to all the spammers we have today alone, we are changing some of the procedures that go on here. There will no longer be guest viewing allowed, only registered members who are signed in may view ANYTHING on the boards. Also, when new members register only Admin have the ability to activate the new member to prevent them from posting anything before their account information is reviewed. Hopefully this will be a quick fix to everything that has been going on lately.
We have been attacked by spammers over the last 48 hours, mostly from EU, Saudi, and Netherlands IP addresses. We hope that the above procedure will stop this....it's hard to watch every single new member registering, new posts, etc, even though there was a moderator on pretty much 24 hours a day here.

If you all know a way to get this to stop while still allowing guests to view the forum, please let one of us know. There has to be a fix out there somewhere...thanks for understanding folks!
 

·
Premium Member
Joined
·
1,996 Posts
Thanks Dave for posting this. Looking through the stats for today we have had 15 new members...almost all spammers and have been deleted. We are still keeping a close eye on ALL new members. I think that these changes will help until the spamming gets under control
 

·
NOT a moderator!
Joined
·
3,224 Posts
Seems to me the only thing you needed to do to stop the spammers was switch to an Admin approval of new accounts before posting. I really don't understand how the logging in to view posts is going to stop spammers. Am I missing someting here?

Edit: besides the h in the word someting
 

·
Premium Member
Joined
·
1,996 Posts
Just taking every precaution, it shouldn't be that hard for existing members to just sign in to view the boards. That part will last until its all under control. There are spam and hack attempts on the Element site as well, they are coming directly from this site so for now we feel that this is necessary. Thank you for your input
 

·
Registered
Joined
·
1,291 Posts
That sux. How do you know they are coming from the middle east? Is there a way to block IP addresses outside of the US? There is a food chat site I use to belong to. You could sign up to become a member. But the Admin will not activate until you make contact with him with your attent to become a member via email. This was his fix for spammers. But, I am glad to hear you guys are keeping up the good work here in keeping spammers out. Congrats and good luck. Thank you.
 

·
Registered
Joined
·
3,586 Posts
Discussion Starter · #6 ·
When you look at the bottom of the main page, there is a section that shows users on line. * Guests and * Users. Click on that, and it'll show the users logged in and the guests reading the forums. It will also show what forum they are in at the time. It gives the IP address, and when you click on the IP address WHOIS pops up and we can see where the address is coming from.
 

·
Premium Member
Joined
·
1,996 Posts
We've been tracking IP's all day and the majority have been traced to the middle east. We originally weren't going to post anything about the spammers but since we have changed a few things it's best to notify everyone whats going on. It's nothing we can't handle it's just come out of no where. Almost like we have become a target for multiple spammers withing 24 hours, it's crazy. We are banning accounts and banning specific IP's traced to spam accounts. If anyone has any questions or suggestions please let one of us know, but for now we are doing the best we can and it seems to be working for now.
 

·
Registered
Joined
·
52 Posts
Sounds like a bot problem
We had them at AD4x4. they had hacked our BB software and were porning the board a lot.
I investigated the bastards but kept getting IP addresses that lead to nowhere.
They are self generating and self cloning, but set up a pattern.
I found a new BB service that is very aggressive in security.
Sent a PM to Matt about it.
 

·
Registered
Joined
·
4,309 Posts
its all cool........we dont mind logging in to get to the forum....at least i dont. do whatever it takes to keep them away....great job and keep up the good work.
 

·
NOT a moderator!
Joined
·
3,224 Posts
mrsmainster said:
Just taking every precaution, it shouldn't be that hard for existing members to just sign in to view the boards. That part will last until its all under control. There are spam and hack attempts on the Element site as well, they are coming directly from this site so for now we feel that this is necessary. Thank you for your input
How is it that there is currently guest accounts looking at forum threads and posts if you require everyone to log in? The Who's Online link has never stopped showing guest accounts currently in discussion areas. Hmmmm software bug?
 

·
Premium Member
Joined
·
3,397 Posts
FJ-Piper said:
How is it that there is currently guest accounts looking at forum threads and posts if you require everyone to log in? The Who's Online link has never stopped showing guest accounts currently in discussion areas. Hmmmm software bug?
I've been looking into that and it's gotta be a bug in the forum software. We have spammers attempting to log in about every 30 seconds right now, but I'm getting it all taken care of.
 

·
Registered
Joined
·
52 Posts
I have talked to a few admins, and a developer this morning by email and have gotten a response that seems well put forward.
Seems the admin think turning off the board to all but registered users is a bit extreme, and would like to know if just limiting new users to admin approval works. (no one uses SMF so they do not have knowledge with the particular software) They all state that not letting the public read the board is not going do the board much use in the growth department.
My developer friend states that you need to check with the developer of your software to get a patch, or let him know there is a problem so a patch can be developed. All admit chasing down IP addresses is not doing anything as most bots generate IP addresses in their cloning software. Any hacker with even medium experience can write a IP generator, that is how they stay hidden. Remember, these guys get paid for hits, and anyone making money off the system is not going write a program that goes away. They are the modern equivalent of the kind of slime ball that used to write viruses, they went from viruses to spy/ad ware and now are finding that bots increase the bottom line by thousands. I still have a few unanswered emails and if I hear anything else I will post it up.
 

·
Registered
Joined
·
52 Posts
found this patch at the SMF site
http://custom.simplemachines.org/mods/index.php?mod=999
as well as this
http://custom.simplemachines.org/mods/index.php?mod=1078

a cut and paste from the SMF board explaining the problem
n recent days there has been a huge surge in the numbers of spambots attacking SMF 1.1.x forums. Some have suggested that this is due to the recent SMF 1.1.7 security upgrade, but in fact the attacks are unrelated to the functional changes in SMF 1.1.7. This is supported by the fact that SMF 1.1.6 and earlier versions are also subject to the attacks. The attacks have nothing to do with the SMF 1.1.7 upgrade.

We at SMF believe that this is nothing more than a coincidental, large scale, coordinated attack, possibly orchestrated using the recently updated version of Xrumer or a similar script or program used for spamming forums. Evidently one or more large bot herders have decided to exploit the market and has targeted their fleet towards spamming SMF forums. It is mere coincidence that this happened around the same time as the SMF 1.1.7 upgrade was released.


Why aren't SMF 2.0 forums being targeted?

Nobody knows, but we can speculate that it is due to SMF 2.0's improved functionality, or maybe there are minor differences between 1.1.x and 2.0 that confuse the bots. In either case if you are running 2.0 you should be on the watch for the attack spreading to SMF 2.0.


What can you do?

1.) Everybody should make sure that they are running the latest SMF 1.x or 2.x version. While the spam attacks are not related to security, you should take this occasion as a reminder to check out your security and make sure you have done everything you can to make your forum safe.

2.) At least for now SMF 2.0 has not been affected. The new version has improved spam defenses including the ability to ask any number of verification questions (what year is it? are you a bot?). Since most forums will pick different questions, these questions are very difficult for spambots to answer. If you have been considering upgrading to 2.0, now might be a good time to do so.

3.) Smaller forums may be able to switch from Member Activation to Member Approval and then may examine email addresses, IP addresses, etc. to decide which applications are human and which are spammers. This of course will result in more labor to operate your forum.

4.) You may decide to use post counts to restrict new members to posting a staging area, then give them full access only after they have shown they are human. The staging area can be easily swept of any spam debris.

5.) There are three modification packages that we believe can provide adequate defenses against spambots. I have verified that each of these packages is suitable for SMF 1.1.7. They are:

* Anti-Bot Registration Puzzles

* Are You Human? (Anti-Bot Check)

* reCAPTCHA for SMF


The last of the three replaces SMF's CAPTCHA system, but if you use one of the other mod packages make sure you have your CAPTCHA enabled. It won't hurt and it may help.


What won't work?

1.) Blaming it on SMF 1.1.7: As I explained above, the attacks are targeting all 1.1.x versions. It has nothing to do with the recent 1.1.7 release.

2.) Banning IP addresses: This is the Internet version of "Whack a Mole." They can create IP addresses and find proxies faster than you can ban them. This is useless in my opinion...

3.) Banning email addresses: Again, they can change them faster than you can ban them. I've never seen a human registration from mail.ru but some of the bots are using Gmail and other accounts. This is probably wasted effort unless you are manually verifying registrations.

4.) Hiding your SMF version: It's impossible for me to beleive that SMF 2.0 wasn't targeted only because the bots are searching for SMF 1.1.x strings. The target of SMF 2.0 would be too irrestible if there were not some other reason than the version tag.


Summary:

Well that's about it. My colleagues at SMF and I agree that there is no new problem with SMF's software, and that this is simply something that was going to eventually happen anyway. The only thing that changed is that some bot master tweaked and tuned his scripts for SMF 1.1.x. and so the attack has arrived this week.

Please take advantage of one or more of the steps that I've outlined above, and we believe that your spam attacks should stop. Be assured that if these measures don't work that either the developers or the mod package authors will come to your defense. Let's just all stay calm and collected, and one way or another we will beat the spambots. Unfortunately this will be an ongoing effort because each side is always going to be trying to upstage the other. Good luck!
 

·
Registered
Joined
·
402 Posts
That explains the slowness of this forum, Anyway i just wanted to let you guys know that I am new to this forum since yesterday, not a spammer.
 

·
NOT a moderator!
Joined
·
3,224 Posts
Will you guys PLEASE turn off the worthless, pointless requirement to log in to view posts. You are inhibiting my ability to register new members and having this enabled does NOTHING to prevent spammers.

edit:
Although, I just noticed I'm in the lead again Dom..... 14 to 13, na na na na na ;D J/K Dom, I am NOT competing, I think. ;)
 

·
Registered
Joined
·
3,586 Posts
Discussion Starter · #20 ·
I have 2....that's all I need. :D All others I refer will no longer be using my screen name as a referral. They will be referred by the person with screen name __________ (blank to be filled in by the highest bidder) :D
 
1 - 20 of 31 Posts
Top