Unwanted registrations (security issue)

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
rubenski
Registered User
Posts: 33
Joined: Sat Nov 01, 2003 1:43 am

Post by rubenski »

Hi there, I got 30 new registrations from this bot too last night. As previously suggested, I want to add a "type what you see" field to the reg page, but i'll do that later. Any experience with this? Does this really prevent bot registrations?

Right now, i would like to know the ip address from which the registrations are done, but I can't find the right SQL query to retrieve the ip.

Can someone help me with this?
(don't worry, i will not post the ip here)
Clive
Registered User
Posts: 45
Joined: Sat Jan 17, 2004 3:59 pm
Contact:

Manual Spammers...

Post by Clive »

I watched as a spammer registered the hard way and copied the info and because one of the names was not in the automatically noticeable smut post I followed the link and found the .net extension was wrong when I changed it to .com it went to a smut site. I have noticed a lot of these bad extensions and wonder why a person would waste that kind of time for not.

Anyways after I removed the first the second appeared so I deleted that and he went away.

Off the topic here a little… IM trying to set up an Apache 2.0.49 / PHP test server on my work station and when I run the server in console it lags BIG time and the error log says…

[Sat Mar 27 07:32:44 2004] [error] (OS 10045)Operation not supported on socket: Child -1313913: Encountered too many errors accepting client connections. Possible causes: Unknown. Try using the Win32DisableAcceptEx directive.

The cure is to …you should use this directive to disable the use of AcceptEx().

Where can I do this anyone know.

Could you PM me or by mail… Thanks…
kkks
Registered User
Posts: 50
Joined: Mon Jul 08, 2002 3:48 am
Location: Auckland, New Zealand
Contact:

Post by kkks »

I've been having my dirty script to record IP addresses when users first registered.

Of my 18 porn spam accounts, their 12 different IP addresses so far. They might be an organisation distribution such bots/warms sending to unsuspected victims.

BTW, they are getting smarter now, instead of direct link to porn sites, they now link to Geocities pages, and the Geocities' webpages are nothing but links to porn sites.
SillyDog701: Netscape Browser Archive | Browser Version Guide | Message Centre | MacCentre701
MozInfo - Mozilla Information Centre
Darth Wong
Registered User
Posts: 2398
Joined: Wed Jul 03, 2002 5:20 am
Location: Toronto, Canada
Contact:

Post by Darth Wong »

Not to ask silly questions, but why isn't the visual confirmation mod enabled by default on current versions?
Not a three-foot tall green gnome in real-life: My home page.
My wretched hive of scum and villainy: http://bbs.stardestroyer.net/
geocator
Registered User
Posts: 16242
Joined: Fri Jan 09, 2004 11:56 pm
Location: On dry land
Contact:

Post by geocator »

Darth Wong wrote: Not to ask silly questions, but why isn't the visual confirmation mod enabled by default on current versions?


It is a backport from the upcoming 2.2 release. I think that since 2.0.x is feature locked they are not coding it into the core and leaving it as an addon.
commandermombo
Registered User
Posts: 2
Joined: Wed Jul 16, 2003 6:28 pm

I'm going to comment out user urls

Post by commandermombo »

Until i can think of something better to do.
niekas
Registered User
Posts: 562
Joined: Sun Sep 23, 2001 7:34 am

Post by niekas »

I implemented a system to ban the IP on spot if the bot tries to register such user. They only try to promote links to their own website. thats what this hack will prevent. The links can be in website field or signature. I configured registration page not to display website and signature fields. They are activated only after user has 10 posts (configurable).

If bot tries to submit website or signature fields before that - instant ban.
after dude tried 12 different IP's he apparently removed my site from his list. No more porn spam. He was really pissing me off. I think its one genius running this scam.

here is my solution for the problem:

http://www.phpbb.com/phpBB/viewtopic.php?t=186683

Of course you can add a notice about this in your template - that website and signature field will be activated after certain amount of posts or ask them to contact administrator.

Let me know if it works for you

Maybe i should release it as a MOD
Last edited by niekas on Sat Apr 03, 2004 5:20 am, edited 1 time in total.
misohoni
Registered User
Posts: 150
Joined: Fri Jan 23, 2004 5:31 pm
Location: Hong Kong
Contact:

Post by misohoni »

just to confirm, that if a user adds their web details unknowlingly (i.e by not reading the info on the site) then they'll be automatically banned?
----------------------------------------
Cars under $1000 - New and used cars cheap
http://www.usedcars.org.nz
geocator
Registered User
Posts: 16242
Joined: Fri Jan 09, 2004 11:56 pm
Location: On dry land
Contact:

Post by geocator »

misohoni wrote: just to confirm, that if a user adds their web details unknowlingly (i.e by not reading the info on the site) then they'll be automatically banned?


No that mod removes the website field from the registration form completley. Once registered users are free to add a website. The key to it is that if you have a bot submitting a registration it will not know that the field is gone.
niekas
Registered User
Posts: 562
Joined: Sun Sep 23, 2001 7:34 am

Post by niekas »

misohoni wrote: just to confirm, that if a user adds their web details unknowlingly (i.e by not reading the info on the site) then they'll be automatically banned?


no they can't add website
regular user wouldn't be able unknowingly to submit those details.

you disable website and signature input fields in the form untill they post 10 messages.
User avatar
wilkc
Registered User
Posts: 251
Joined: Wed Mar 27, 2002 2:43 am
Location: Tampa, FL
Contact:

Post by wilkc »

I installed the visual confirmation from the contrib folder, as directed, but now when you go to Register at my board, its all Fd up.

Take a look at:

http://www.wilkc.com/sniderhs/phpBB/index.php
NWTAMPA.COM
Serving NW Tampa
misohoni
Registered User
Posts: 150
Joined: Fri Jan 23, 2004 5:31 pm
Location: Hong Kong
Contact:

Post by misohoni »

SQL Error : 1146 Table 'sniderhs2.CONFIG_TABLE' doesn't exist

is your problem
----------------------------------------
Cars under $1000 - New and used cars cheap
http://www.usedcars.org.nz
User avatar
wilkc
Registered User
Posts: 251
Joined: Wed Mar 27, 2002 2:43 am
Location: Tampa, FL
Contact:

Post by wilkc »

It seems constants.php copied over to zero (bytes). I re-uploaded and now that problem is solved.

HOWEVER, the real problem exists on the registration screen. Try to register at my board at http://www.wilkc.com/sniderhs/phpBB/index.php
and you'll see what I mean.

Its 2 mins to midnight and I'm weary. I may have copied or not copied something correctly, but at this late hour I can't see the forest through the trees so I'll come back here around 9:00 a.m. EST to see if there's a solution.

Thx,
wilkc
NWTAMPA.COM
Serving NW Tampa
User avatar
wilkc
Registered User
Posts: 251
Joined: Wed Mar 27, 2002 2:43 am
Location: Tampa, FL
Contact:

Post by wilkc »

OK... its 8:15 a.m. EST, and I thought for sure when I logged in this morning there would be a solution posted for me to read.

8O

I can wait...
NWTAMPA.COM
Serving NW Tampa
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

Here are domains that I have blocked to prevent the latest round of folks trying to register for web site links. Note that these are not listed in domain form to prevent them from becoming links. Based on spamming memberships I have banned:
star at xxxgallery dot com
star at xxxgallery dot org
star at fineslut dot com
star at industryofporn dot net
star at pleasantphoto dot com
star at erotix-dreams dot com

Also from an earlier round of drug-related membership spammers I have banned
star at freemail dot ru

Note to moderators: I have posted the domains in such a way that they will not be links. If any of you feel that this post is still in appropriate, please feel free to edit or delete the post. Not that you need my permission to do either of those ;-) but I am posting these to help other folks.

I would appreciate it if others would do the same; if we all post domains used to post spam members, it would be faster for us to go ahead and ban the domains before they try to start up with our boards, especially if they haven't found us yet.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
Locked

Return to “2.0.x Discussion”