Spam Bots Attacking! Please Help!

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Anti-Spam Guide
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
udonmap
Registered User
Posts: 21
Joined: Mon Jul 13, 2009 3:13 am

Re: Spam Bots Attacking! Please Help!

Post by udonmap »

I've changed over to Q&A also however I'm still inundated with spam registrations.

Looks like a vulnerability may have been found in the registration process.
Travisher
Registered User
Posts: 15
Joined: Fri May 19, 2006 10:56 pm
Location: Peterborough
Contact:

Re: Spam Bots Attacking! Please Help!

Post by Travisher »

I just took a look at your forum registration, the question it asked was too simplistic and gives the answer on the same page and indeed within the question. It is possible to script a bot to parse the words on a page and try them until it hits the jackpot.
Ask what the quarterly magazine is called or the full name of the club. If they are genuinely interested they will look for the answer. Don't be afraid of having whole sentences for answers. Don't hand people the answer, let them prove they pass the Turin test. Don't embed the answer in the question, don't have the answer on the same page. Consider putting the answers in image form. Look at photos you have and see if there are obvious words in them that you can ask questions on in your gallery.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 70438
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Spam Bots Attacking! Please Help!

Post by KevC »

Travisher wrote:the question it asked was too simplistic and gives the answer on the same page
That's usually not a problem to be honest. I've had a simple 'put this word in that box' Q&A for quite a while. It was only 'broken' last week and a slight rewording has stopped the bots instantly again.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"
niall0s
Registered User
Posts: 1
Joined: Wed Dec 12, 2007 12:15 am

Re: Spam Bots Attacking! Please Help!

Post by niall0s »

udonmap wrote:I've changed over to Q&A also however I'm still inundated with spam registrations.

Looks like a vulnerability may have been found in the registration process.
I have to agree, since upgrading to 3.0.8 my forum is getting quite a few spam bot registrations.

Using reCatchpa and 3.0.7-PL1 i had no problems with spambots.
Travisher
Registered User
Posts: 15
Joined: Fri May 19, 2006 10:56 pm
Location: Peterborough
Contact:

Re: Spam Bots Attacking! Please Help!

Post by Travisher »

niall0s wrote:
udonmap wrote:I've changed over to Q&A also however I'm still inundated with spam registrations.

Looks like a vulnerability may have been found in the registration process.
I have to agree, since upgrading to 3.0.8 my forum is getting quite a few spam bot registrations.

Using reCatchpa and 3.0.7-PL1 i had no problems with spambots.
Make sure you are not confusing cause and effect. There has been a concerted attack on bulletin boards and it may be a co-incidence that you upgraded. I was seeing attacks before I upgraded since I was a little slow in doing so. From what I see in the server logs the attacks are of a 'brute force' nature rather than a clever code exploit. Literally thousands of attempts to register in the logs. If it were a bypass, then I'd expect to see a flood of successful attempts with near 100% success. This is definitely not the case.
User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam Bots Attacking! Please Help!

Post by callumacrae »

Speedy62 wrote:I have changed the Q&A to entirely new questions everyday since Friday and the onslaught still continues. I am at a loss what to do.
Use unique questions, and have lots of them. Also enable user activation

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of
udonmap
Registered User
Posts: 21
Joined: Mon Jul 13, 2009 3:13 am

Re: Spam Bots Attacking! Please Help!

Post by udonmap »

I updated all my questions last night, however this morning I noticed there were over 125 registrations during the night. The normal amount of registrations my board receives is between 10-20 per day!

I have just this minute changed the question to a code request e.g. all new registrations have to request a code from me via email to enter in the answer box. So in theory the only way for a new member to sign up is to contact me first for the code. The code I am using is very secure.

Unfortunately this has not worked and I've received 4 sign ups in the past hour already, neither of these requested the secret code from me. Therefore I'm guessing there is a vulnerability in both the recaptcha and the Q&A since both are not working on my board.

The only way I can stop this at present is to turn off new registrations completely however I don't really want to do this.

I've always found phpbb to be very secure against spam registrations up until recently.

Any help would be appreciated.
User avatar
ric323
Former Team Member
Posts: 22910
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: Spam Bots Attacking! Please Help!

Post by ric323 »

udonmap wrote:Unfortunately this has not worked and I've received 4 sign ups in the past hour already, neither of these requested the secret code from me. Therefore I'm guessing there is a vulnerability in both the recaptcha and the Q&A since both are not working on my board.
What is the address of your board?
Please PM it to me if you don't want to reveal it in public.
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions
User avatar
/a3
Registered User
Posts: 411
Joined: Sun Sep 19, 2010 9:08 am
Location: /dev/random

Re: Spam Bots Attacking! Please Help!

Post by /a3 »

udonmap wrote:Unfortunately this has not worked and I've received 4 sign ups in the past hour already, neither of these requested the secret code from me. Therefore I'm guessing there is a vulnerability in both the recaptcha and the Q&A since both are not working on my board.
Are you using unique questions/answers for your Q&A CAPTCHA? From what I've heard, spammers seem to have found a way around the Q&A CAPTCHA when commonly used questions are used.

As for reCAPTCHA, it appears to be broken, so I would recommend using the Q&A CAPTCHA for now.
$ git commit -m "YOLO"
udonmap
Registered User
Posts: 21
Joined: Mon Jul 13, 2009 3:13 am

Re: Spam Bots Attacking! Please Help!

Post by udonmap »

I'm was using unique questions e.g. What is the most common staple food of Thailand?, what is the capital of Thailand?, What is Thailand's currency etc.
webhostuk
Registered User
Posts: 20
Joined: Tue Apr 13, 2010 1:11 pm
Location: UK
Contact:

Re: Spam Bots Attacking! Please Help!

Post by webhostuk »

I will also suggest you to go for CAPTCHA spam protection to your forum or have admin approval before publishing or registering any new user.
WebhostUK.Co.UK | Best UK web Hosting
Webhost.US.Com | Best US Web Hosting
99.99% guaranteed uptime with 24/7 support
User avatar
ric323
Former Team Member
Posts: 22910
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: Spam Bots Attacking! Please Help!

Post by ric323 »

ric323 wrote:
udonmap wrote:Unfortunately this has not worked and I've received 4 sign ups in the past hour already, neither of these requested the secret code from me. Therefore I'm guessing there is a vulnerability in both the recaptcha and the Q&A since both are not working on my board.
What is the address of your board?
Please PM it to me if you don't want to reveal it in public.
udonmap PMd me the address of their board, and it does seem to have a Q&A question set up correctly.
There has still been no vulnerability identified in the Q&A code, so the most likely explanation is that one of the people you DID give the code to was acting as a front man to pass it on to the spammers.
Try changing to a different code immediately, and see what happens.
In my own case, I simply swapped the order of the required words in the answer, and the spambots stopped immediately. I suspect a human analysed the question first, then passed this on to the spamming progeam.
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions
User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam Bots Attacking! Please Help!

Post by callumacrae »

ric323 wrote:
ric323 wrote:
udonmap wrote:Unfortunately this has not worked and I've received 4 sign ups in the past hour already, neither of these requested the secret code from me. Therefore I'm guessing there is a vulnerability in both the recaptcha and the Q&A since both are not working on my board.
What is the address of your board?
Please PM it to me if you don't want to reveal it in public.
udonmap PMd me the address of their board, and it does seem to have a Q&A question set up correctly.
There has still been no vulnerability identified in the Q&A code, so the most likely explanation is that one of the people you DID give the code to was acting as a front man to pass it on to the spammers.
Try changing to a different code immediately, and see what happens.
In my own case, I simply swapped the order of the required words in the answer, and the spambots stopped immediately. I suspect a human analysed the question first, then passed this on to the spamming progeam.
I have seen multiple people saying that they believe that the Q&A CAPTCHA has been hacked, and it is definitely a possibility that should not be discounted, although I think it would have been noticed by now. It isn't specific to this version of phpBB, as I haven't got round to updating my board yet.

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of
udonmap
Registered User
Posts: 21
Joined: Mon Jul 13, 2009 3:13 am

Re: Spam Bots Attacking! Please Help!

Post by udonmap »

Thank you for the quick response. I will do as you've said an change the code immediately and let you know what happens.
Saint_hh
Registered User
Posts: 362
Joined: Thu Mar 31, 2005 5:16 pm
Location: Hamburg / Germany
Name: Kevin
Contact:

Re: Spam Bots Attacking! Please Help!

Post by Saint_hh »

Callum95 wrote:It isn't specific to this version of phpBB, as I haven't got round to updating my board yet.
People using Vbulletin, IPB and self build websites are reporting that it seems that reCaptcha is cracked too. See here.
And I doubt that it has something to do with phpBB or the phpBB version too. I've updated to 3.0.8 also pretty late and the problems with reCaptcha have already began with 3.0.7pl1 for me. But the mayor peak came up at around the 4th of January.
Locked

Return to “[3.0.x] Support Forum”