Unwanted registrations (security issue)

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
Clive
Registered User
Posts: 45
Joined: Sat Jan 17, 2004 3:59 pm
Contact:

Unwanted registrations (security issue)

Post by Clive »

I have been getting people advertising porn on my forum and wanted to ask is it possible to set up phpBB 2.0.6 so that when some one registers, e-mail is sent to them with a temporary password for them to access the site and then change it if they wish.

What I’m asking is -- is there a way to ban people from registering till e-mail is verified?

Any help in averting this scourge of spam registrations would be greatly appreciated. Hard to call it a family site with this action, some people are very inconsiderate of what others have created .

Thanks EH…!

User avatar
shekinahs
Registered User
Posts: 81
Joined: Sat Oct 18, 2003 5:50 am
Location: USA

Post by shekinahs »

Go into your admin panel, under Geneal Admin go to configuration, on the line that says "Enable account activation" click on 'user'. This way a confirmation email is sent to the email address they used to register and they have to click on the link in the email to activate the account before they can log onto your board.

I think it's a great feature myself. :wink:

But it will not stop someone who really wants to post porn on your board but it may discourage some people.
Last edited by shekinahs on Wed Mar 24, 2004 2:56 am, edited 1 time in total.
~Everything is in the eye of the beholder. ~

Heimidal
Former Team Member
Posts: 958
Joined: Fri Jul 06, 2001 11:56 am
Location: Greeley, CO, US
Contact:

Post by Heimidal »

Moved for relevance's sake.

Clive
Registered User
Posts: 45
Joined: Sat Jan 17, 2004 3:59 pm
Contact:

This Community Rocks

Post by Clive »

I can not believe the speed of the help in this community it ROCKS,,,

Thanks shekinahs…

MobileBadBoy
Registered User
Posts: 356
Joined: Wed Mar 06, 2002 5:29 pm
Location: Mobile, AL
Contact:

Post by MobileBadBoy »

I'm getting close to this same problem, but people are registering beyond the usual way. Getting around wildcards for usernames and entering porn URLs in the website field, even with it completely removed from registration/profile. I edited 12 styles just to find that out. :roll:

transm
Registered User
Posts: 99
Joined: Mon Feb 09, 2004 2:26 pm

Post by transm »

It must be some script. I've been getting it since a few weeks ago but can easily delete them. Some places are hit worse than others (depending on how easy the board is to find) and get them many times a day.

User avatar
smithy_dll
Former Team Member
Posts: 7630
Joined: Tue Jan 08, 2002 6:27 am
Location: Australia
Name: Lachlan Smith
Contact:

Post by smithy_dll »

MobileBadBoy wrote: I'm getting close to this same problem, but people are registering beyond the usual way. Getting around wildcards for usernames and entering porn URLs in the website field, even with it completely removed from registration/profile. I edited 12 styles just to find that out. :roll:


got them too, really annoying, the best defence is the visual confirmation in the /contrib directory and a smart set of filters banning certain usernames which no-one else would use and e-mail domains

Clive
Registered User
Posts: 45
Joined: Sat Jan 17, 2004 3:59 pm
Contact:

Spammed by BOT / SCRIPT

Post by Clive »

I seem that the porn ads on my forum may have been generated by a bot / script as the beginning of the member name that starts with !_! and posted very rapidly almost 30 in 5 minutes.
I run a large literary website and the Author Feedback form I created in FrontPage has been getting hit with a similar attack with E-mail address used for Name of Author and Name of Story as well as the Your name and e mail address section all filled out I believe by spam address harvesters.

It is amazing how some people think that after all the hard work that goes in to a site to keep it educational and family oriented that these selfish people come along and try to destroy it. It is the sign of a small mind…

Some day we will have to get a license to operate a computer.

I better ask a question instead of ranting…

On my website I have a book gif at the bottom of every page just above the bottom shared border and was wondering if there is a code that I could add to recognize the page title and automatically add it to a form that submits feedback to another page. I plan on using a PHP guest book modified to be a feedback page.

Vague question perhaps…

Thanks

Clive

User avatar
jtphpbb
Registered User
Posts: 4
Joined: Wed Mar 24, 2004 8:32 pm

Post by jtphpbb »

Same thing here. Clive, I noticed I had 30 registrations within seconds.

I emailed security-at-this-site with what I found in my web logs because I didn't want to post a possible exploit publicly. If anyone else finds the offender, please do not post it. PM me with the entry, or at least the IP. It would be interesting to see if it is the same guy I'm tracking. Class action lawsuit anyone? ;)

geocator
Registered User
Posts: 16242
Joined: Fri Jan 09, 2004 11:56 pm
Location: On dry land
Contact:

Post by geocator »

There is an anti-robot registration add on in the contrib folder. It will add one of those nifty enter what you see boxes so that robots cant register. From what I have seen and heard it really helps reduce the amount of these type of registrations.

Rita012
Registered User
Posts: 5
Joined: Thu Mar 25, 2004 5:23 pm

Post by Rita012 »

I'm getting hit with the same ! porn user. Just last night I had about 30 new names registered.

For those of you having this problem, did clicking user on 'enable account activation' help?

evoke
Registered User
Posts: 31
Joined: Sat Jun 14, 2003 4:48 pm
Contact:

Post by evoke »

ive had a few of these over the last few weeks then blam today 30 of them 8O i have been disallowing names that start with a hyphen but these had an exclamtion mark at the start.

'enable account activation' doesn't help at all as they don't need to activate to 'register' in the first place :( the names will still appear at the bottom even though they haven't activated the account fully.

ive seen a mod here for 2.04 ( i use 2.06) and am wondering if it's worth trying as im desperate now.

http://www.phpbbhacks.com/viewhack.php?id=560

anyone know of any other way to stop this as i hate modding my forum tbh

edit:
There is an anti-robot registration add on in the contrib folder. It will add one of those nifty enter what you see boxes so that robots cant register. From what I have seen and heard it really helps reduce the amount of these type of registrations.


where's that?
Last edited by evoke on Thu Mar 25, 2004 7:46 pm, edited 1 time in total.

Clive
Registered User
Posts: 45
Joined: Sat Jan 17, 2004 3:59 pm
Contact:

Account Activation helps...

Post by Clive »

I have had 2 days now with no porn ads posted on my forum and I believe it is because of the E-mail activation. I was wondering if I added that the register must agree to pay me 5,000 dollars to remove ads that are porn related -- but try to collect. Class action is a good concept. Always some one that cant control them selves in public places they are the one with small craniums lol.

evoke
Registered User
Posts: 31
Joined: Sat Jun 14, 2003 4:48 pm
Contact:

Post by evoke »

email activation doesn't work - how can it? the user/bot does not have to actually activate their account for the name to appear at the bottom of the page. they will still appear there with their account pending activtaion by email.

i enabled it after my last attack a couple of weeks ago and all was well until today where i got 30 new users in one go

User avatar
jtphpbb
Registered User
Posts: 4
Joined: Wed Mar 24, 2004 8:32 pm

Blocking spammers via deny IP in .htaccess

Post by jtphpbb »

From some public and private descriptions, it sounds like we're all getting attacked by the same brazillian shemale. Since this is clearly an automated attack, it won't be long before it spreads to others that do the same thing.

However, all of the attacks I've had have been from the same IP address. Ever since I blocked the IP, I don't know if they've even tried since they can't reach any of my domains! :) Here's how I did it:
  • 1. My site is configured to require admin approval. Every registration attempt results in me getting a piece of mail to approve it.

    2. I tracked down the IP address of each attempt by looking through my web logs for the entires with the dates+times corresponding to the dates+times the registration approval email was sent to me.

    3. I added yet-another line like this to my .htaccess file (requires Apache):

    Code: Select all

    deny 1.1.1.1
    (replace 1.1.1.1 with the IP found in the logs)

    4. I also upgraded to 2.0.7a, installed and enabled visual confirmation, and put in a mod/hack of my own. But because of blocking the IP, I'll never know if that same brazillian shemale will ever pay me a visit ever again. :twisted:
For those not familiar with Apache's .htaccess files, you can control some behavior of the website on a recursive, per directory basis. If you create a file like I just described and drop it in your phpBB directory, that directory and all below it will deny anyone from that IP from seeing/connecting/using the phpBB, but everything else in the domain outside of it isn't affected. If you want to block them from seeing the entire site, drop it in the root level.

Using a deny statement in .htaccess isn't the best way to do it, but if you don't have access to the main server config, it might be the only way and works wonderfully. And of course, that only applies to Apache, but I'm sure other servers have similar features.

Be careful with it though. Don't test it by using your own IP. ;) You can also use it to deny IP ranges, companies, countries, etc. On top of that, .htaccess has even more wonderful features that I won't get into here.

Again, if you find the IP, please let me know. Thanks.

Locked

Return to “2.0.x Discussion”