Abuse: Random users with invalid emails and Russian URLs

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
Bjørn Lindeijer
Registered User
Posts: 10
Joined: Sat Sep 25, 2004 9:09 pm
Contact:

Post by Bjørn Lindeijer »

Techie-Micheal wrote: Hostility begets hostility. You weren't exactly very nice to us when we answered your question. ;)

Hmm, I wasn't aware of my being hostile... If saying that phpBB encourages this kind of abuse was hostile, I explained why it does that in the same sentence... Note the use of smilies in the rest of my post, to prevent hostile interpretation of what I say...
Techie-Micheal wrote: 1. Use the visual confirmation, which 2.2 makes use of by the way.
2. Edit the registration template so that registering users will not have the opportunity to input their homepage, ICQ, MSN, etc. until they are approved by the admin, and log in again. Rather simple to do actually. And in fact, 2.2 makes use of this as well.

Well I hope I can turn off VC in 2.2. I do like the second option, though, not only because a crawler won't be able to use it, but also because it makes registering that much less daunting. :-)
Mike Panic wrote: ive disallowed *.hotmail email addy's from registering, but its still allowing them for some odd reason... so frikkin annoying

Maybe you need to disallow "*hotmail.com"? ;-)

Judging from the number of people and mentioned domains (sounding familiar), I think this is a rather recent trend that many phpBB users will be suffering from, unless they have this VC added. I hope the hidden variable trick works, though if everybody starts using that, it will only be a temporary solution. :-)
daveykins
Registered User
Posts: 1
Joined: Sun Sep 26, 2004 11:15 am
Contact:

Post by daveykins »

CyberAlien wrote: I had the same problem on my forum. And I also don't like visual confirmation, so I solved problem differently - don't show website url for users who have 0 posts, and don't show memberlist to search engines (makes whole registration spamming thing pointless). Also I added hidden variable to registration form and if form is submitted without that variable then registration fails (keeps registration bots away from forum).


Can you give any details on how you did this?

It sounds a great solution - and like the others on this topic - i've also had a similar problem on a board I assist with.

All help appreciated!
CLee
Registered User
Posts: 511
Joined: Fri Nov 23, 2001 2:42 pm

Post by CLee »

Bjørn Lindeijer wrote:
Techie-Micheal wrote:Hostility begets hostility. You weren't exactly very nice to us when we answered your question. ;)

Hmm, I wasn't aware of my being hostile... If saying that phpBB encourages this kind of abuse was hostile, I explained why it does that in the same sentence... Note the use of smilies in the rest of my post, to prevent hostile interpretation of what I say...

You were very hostile to those who recommended using the Visual Conformation MOD to solve your problem. And it is still your best, perhaps only real, solution.
Carlos Myers
A+, Network+
Member - Star Wars Roleplaying Club
Bjørn Lindeijer
Registered User
Posts: 10
Joined: Sat Sep 25, 2004 9:09 pm
Contact:

Post by Bjørn Lindeijer »

CLee wrote: You were very hostile to those who recommended using the Visual Conformation MOD to solve your problem. And it is still your best, perhaps only real, solution.

I don't see how saying I don't like it is hostile, but meh.
User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Post by Techie-Micheal »

Here's what I did for the registration template. Note it is for subSilver.

Code: Select all

<!-- BEGIN switch_edit_profile -->
        <tr>
          <td class="catSides" colspan="2" height="28">&nbsp;</td>
        </tr>
        <tr>
          <th class="thSides" colspan="2" height="25" valign="middle">{L_PROFILE_INFO}</th>
        </tr>
        <tr>
          <td class="row2" colspan="2"><span class="gensmall">{L_PROFILE_INFO_NOTICE}</span></td>
        </tr>
        <tr>
          <td class="row1"><span class="gen">{L_ICQ_NUMBER}:</span></td>
          <td class="row2">
                <input type="text" name="icq" class="post"style="width: 100px"  size="10" maxlength="15" value="{ICQ}" />
          </td>
        </tr>
        <tr>
          <td class="row1"><span class="gen">{L_AIM}:</span></td>
          <td class="row2">
                <input type="text" class="post"style="width: 150px"  name="aim" size="20" maxlength="255" value="{AIM}" />
          </td>
        </tr>
        <tr>
          <td class="row1"><span class="gen">{L_MESSENGER}:</span></td>
          <td class="row2">
                <input type="text" class="post"style="width: 150px"  name="msn" size="20" maxlength="255" value="{MSN}" />
          </td>
        </tr>
        <tr>
          <td class="row1"><span class="gen">{L_YAHOO}:</span></td>
          <td class="row2">
                <input type="text" class="post"style="width: 150px"  name="yim" size="20" maxlength="255" value="{YIM}" />
          </td>
        </tr>
        <tr>
          <td class="row1"><span class="gen">{L_WEBSITE}:</span></td>
          <td class="row2">
                <input type="text" class="post"style="width: 200px"  name="website" size="25" maxlength="255" value="{WEBSIT$
          </td>
        </tr>
        <tr>
          <td class="row1"><span class="gen">{L_LOCATION}:</span></td>
          <td class="row2">
<input type="text" class="post"style="width: 200px"  name="location" size="25" maxlength="100" value="{LOCAT$
          </td>
        </tr>
        <tr>
          <td class="row1"><span class="gen">{L_OCCUPATION}:</span></td>
          <td class="row2">
                <input type="text" class="post"style="width: 200px"  name="occupation" size="25" maxlength="100" value="{OCC$
          </td>
        </tr>
        <tr>
          <td class="row1"><span class="gen">{L_INTERESTS}:</span></td>
          <td class="row2">
                <input type="text" class="post"style="width: 200px"  name="interests" size="35" maxlength="150" value="{INTE$
          </td>
        </tr>
        <tr>
          <td class="row1"><span class="gen">{L_SIGNATURE}:</span><br /><span class="gensmall">{L_SIGNATURE_EXPLAIN}<br /><b$
          <td class="row2">
                <textarea name="signature"style="width: 300px"  rows="6" cols="30" class="post">{SIGNATURE}</textarea>
          </td>
        </tr>
        <!-- END switch_edit_profile -->
Yes, I know some text was cut off. That's what happens when you copy and paste from emacs/jed. :P
Proven Offensive Security Expertise. OSCP - GXPN
Bjørn Lindeijer
Registered User
Posts: 10
Joined: Sat Sep 25, 2004 9:09 pm
Contact:

Post by Bjørn Lindeijer »

Thanks, that works nicely! On top of that, I added the following code to usercp_register.php:

Code: Select all

  if ( $mode == 'editprofile' )
  {
    $user_id = intval($HTTP_POST_VARS['user_id']);
    $current_email = trim(htmlspecialchars($HTTP_POST_VARS['current_email']));
  }

  // Stop people trying to set URL on registering
  if ( $mode == 'register' && isset($HTTP_POST_VARS['website']) )
  {
    message_die(GENERAL_ERROR, 'Setting website url on registering not allowed');
  }
The addition is the second if statement, the other one exists around line 99 for me. If people can't submit an URL on registering, somebody who is still trying to do so must be some bot/crawler. You could check each field, but in my case the URL field was the only one used in all cases.

Between my initial report above and this change, I got another two of these random people signing up. I'm curious if this change will put an end to it, as long as it lasts.
User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Post by Techie-Micheal »

No problem. For me, it didn't stop them at first, but I guess once the owners of the bots saw it wasn't working, they backed off. That and I banned a number of email addresses. :P
Proven Offensive Security Expertise. OSCP - GXPN
User avatar
globetrotting
Registered User
Posts: 217
Joined: Thu Jan 15, 2004 8:14 pm
Location: globetrotting
Contact:

Die, you spammer!

Post by globetrotting »

I have read of another, much simplier way to prevent spammer at http://www.phpbb.com/phpBB/viewtopic.php?p=1259459 . What do you cracks think - would that also be an effective option?
Das Sein ändert das Bewußtsein
Bjørn Lindeijer
Registered User
Posts: 10
Joined: Sat Sep 25, 2004 9:09 pm
Contact:

Post by Bjørn Lindeijer »

The hidden form variable? It's basically the same, though I like how it doesn't change anything for normal users. It was suggested here too, and should work as long as the bot isn't interpreting the form and just doing the submission assuming the form is the default phpBB one. This would be likely.
TerraFrost
Former Team Member
Posts: 5957
Joined: Sun Dec 26, 2004 3:40 am
Location: Austin, TX

Post by TerraFrost »

a lot of these people use open proxies. thusly, the Block Open Proxy Registrants mod should prevent a good number of registrations.

also, as others have pointed out, many of these people don't ever post. consequently, the Hide Zero Posters MOD may be appealing.

finally, the Deter Comment Spam MOD can remove much of the incintive to register.
User avatar
globetrotting
Registered User
Posts: 217
Joined: Thu Jan 15, 2004 8:14 pm
Location: globetrotting
Contact:

Re: Die, you spammer!

Post by globetrotting »

Hi all
globetrotting wrote: I have read of another, much simplier way to prevent spammer at http://www.phpbb.com/phpBB/viewtopic.php?p=1259459 . What do you cracks think - would that also be an effective option?


I'm using it ever since - and it works perfectly for me.
No need to look any further.
Das Sein ändert das Bewußtsein
LVZ
Registered User
Posts: 27
Joined: Fri Apr 30, 2004 7:35 pm
Location: Las Vegas
Contact:

Post by LVZ »

Mike Panic wrote: im in the same boat... tons of new bogus registers all w/ numbers and all pointing to the same url... choppy.com/something-something, they are all differant.


If the problem is infrequent, why not just go into your http://{yourDomainHere}.com/cpanel and click on "IP Deny Manager"?
LVZ
Registered User
Posts: 27
Joined: Fri Apr 30, 2004 7:35 pm
Location: Las Vegas
Contact:

Post by LVZ »

CyberAlien wrote: I solved problem differently - don't show website url for users who have 0 posts, and don't show memberlist to search engines (makes whole registration spamming thing pointless).


That's enough for me.

Your code snippet ... ?
The Pelican
Registered User
Posts: 2176
Joined: Tue Jun 18, 2002 9:50 am
Location: Home is where the heart is (which happens to be in the Netherlands)
Contact:

Post by The Pelican »

CyberAlien wrote: I solved problem differently - don't show website url for users who have 0 posts, and don't show memberlist to search engines (makes whole registration spamming thing pointless).

Problem is: The bots who do this registration work don't know this and will sign up anyway.

In other words: You will keep those members signing up.

So: upgrade to 2.0.11 and while / after doing so, install the Visual Confirmation functionality; bots don't seem to understand this ;)
The Pelican :)
Knowledge Base || No PM support and no MSN or E-mail support || Asking Questions The Smart Way (and use the template)
TerraFrost
Former Team Member
Posts: 5957
Joined: Sun Dec 26, 2004 3:40 am
Location: Austin, TX

Post by TerraFrost »

If the problem is infrequent, why not just go into your http://{yourDomainHere}.com/cpanel and click on "IP Deny Manager"?

i've never seen these people use the same ip address twice. as such, doing this really isn't gonna accomplish a lot - you'd need one of the previously mentiond hacks.
Problem is: The bots who do this registration work don't know this and will sign up anyway.

In other words: You will keep those members signing up.

yes, but they'll be less reward for their doing it. and short of contacting their isp (which really wouldn't work, anyway, if they were using open proxies), it's the only way you really have to punish these people. it's not perfect, but it's better than nothing.
Locked

Return to “2.0.x Discussion”