hammered by newly registered members

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Anti-Spam Guide
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
User avatar
Spino27
Registered User
Posts: 32
Joined: Tue Mar 25, 2008 5:07 pm

Re: hammered by newly registered members

Post by Spino27 » Fri Nov 16, 2012 1:24 pm

Having exact same problems myself. 20+ spambots overnight.

I changed the Spambot countermeasures from entering a captcha code to a 'generate 3D image' code. Not sure if it'll have any effect but we shall see.
For all things calcio: SerieAForums.com

Red90
Registered User
Posts: 10
Joined: Thu Oct 19, 2006 4:17 pm

Re: hammered by newly registered members

Post by Red90 » Fri Nov 16, 2012 1:29 pm

Obviously the spammers have found a way around Q&A.......

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69427
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: hammered by newly registered members

Post by KevC » Fri Nov 16, 2012 1:33 pm

Red90 wrote:Obviously the spammers have found a way around Q&A.......
No. They've found a way to understand a certain type of Q&A question. The advantage of Q&A is you can reword it how ever you like. I've changed my question and the accounts stopped. They seem to have learned the 'letters from a code' type of question. That doesn't stop you from writing a different kind of question.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

henmedia
Registered User
Posts: 140
Joined: Wed Dec 19, 2007 9:31 am
Location: Germany
Contact:

Re: hammered by newly registered members

Post by henmedia » Fri Nov 16, 2012 1:33 pm

It must be a software issue:

I just changed my Q&A completely, but the new registration continues. And my Q&A is in german language!
Get the latest version of newpost2mail for phpBB3 at http://henmedia.de | [donate USD] [donate EUR]

tortus32
Registered User
Posts: 46
Joined: Fri Jan 20, 2006 7:25 pm
Location: Montague NJ USA
Contact:

Re: hammered by newly registered members

Post by tortus32 » Fri Nov 16, 2012 1:36 pm

Looks like I'm in the same boat after reading this thread. I hope they come up with a fix soon!

For now I just disabled registration all together until I hear something has been done to fix this.
Last edited by tortus32 on Fri Nov 16, 2012 1:38 pm, edited 1 time in total.

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69427
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: hammered by newly registered members

Post by KevC » Fri Nov 16, 2012 1:37 pm

henmedia wrote:It must be a software issue:

I just changed my Q&A completely, but the new registration continues. And my Q&A is in german language!
What makes you think they don't have the ability to read more than one language?
I've changed my Q&A and they've stopped so I don't believe it's an exploit.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

tortus32
Registered User
Posts: 46
Joined: Fri Jan 20, 2006 7:25 pm
Location: Montague NJ USA
Contact:

Re: hammered by newly registered members

Post by tortus32 » Fri Nov 16, 2012 1:39 pm

Kevin Clark wrote:What makes you think they don't have the ability to read more than one language?
I've changed my Q&A and they've stopped so I don't believe it's an exploit.
I've changed my Q&A completely and it hasn't slowed it down at all. So for now I'm disabling registration until I hear that they have solved this problem.

smk17
Registered User
Posts: 2
Joined: Mon Apr 11, 2011 1:41 pm

Re: hammered by newly registered members

Post by smk17 » Fri Nov 16, 2012 1:57 pm

over 600 new SPAM posts this morning, DAMN!!!!!!!! I hate updating to an improved product and then going through this, so effing mad right now.

stayalive
Registered User
Posts: 134
Joined: Fri Feb 12, 2010 12:01 pm

Re: hammered by newly registered members

Post by stayalive » Fri Nov 16, 2012 2:00 pm

You could try setting registration activation to admin at least for the time being???? I have mine set like this so I only have to check each attempt and don't have any worries about having to delete 100s of spam posts.

User avatar
Joe User
Registered User
Posts: 71
Joined: Mon Sep 13, 2004 9:56 am
Location: Germany
Name: Markus Kohlmeyer
Contact:

Re: hammered by newly registered members

Post by Joe User » Fri Nov 16, 2012 2:04 pm

The Bots are accessing the registration-form directly without rendering the registration-page (accesses to the images, javascripts or stylesheets are *not* logged for the bot-registers), so it has to be an exploit. Even changing the captchas from q&a to the other captchas in many diffrent non-default settings did not stop them.

Got over 200 spam-accs in the last 13 hours, more than in the last two years together.

That is a serios problem, maybe looking in the already mentioned Xrumor (announced a few days ago on full-disclosure) will help.
PayPal.Me/JoeUserFreeBSD Remote Installation
Wings for LifeWings for Life World Run

„If there’s more than one possible outcome of a job or task, and one
of those outcomes will result in disaster or an undesirable consequence,
then somebody will do it that way.“ -- Edward Aloysius Murphy Jr.

User avatar
HGN
Former Team Member
Posts: 4706
Joined: Wed Dec 03, 2008 1:53 pm
Location: The Netherlands
Name: Alfred
Contact:

Re: hammered by newly registered members

Post by HGN » Fri Nov 16, 2012 2:08 pm

tortus32 wrote:until I hear that they have solved this problem.
Until now there is nothing to solve, since the phpBB software does not judge (is not able to judge) the question used.

We are not seeing an increase of spam registrations at phpbb.com though, and we have no other spam measures in place than standard Q&A (and first post approval for Newly Registered Users).

The spammers search the internet to create lists of forums, blogs, etc. They also crawl the captcha methods and e.g. the queries asked in the Q&A captcha. So chances a spambot is able to answer the Q&A is higher, in case the same question is used at more sites. Once a question has been resolved it can/will be added to a database, so that question is broken for ever.

Still I think the resolution is to use a unique question, that is hard to interpret by a program.

chuckpo
Registered User
Posts: 8
Joined: Mon Apr 12, 2010 3:35 pm

Re: hammered by newly registered members

Post by chuckpo » Fri Nov 16, 2012 2:12 pm

Just want to add another record, so we can start seeing the scope here. My board started getting hit last night with spambot registrations. BUT, a couple of weeks ago my board hit an unlikely all-time high for most ever users. That was my first indication that the spammers were coming hard again.

I always have my board set to admin approval for registrations too. SO, I'm annoyed, but my board members don't have to deal with any of it, and I'm not weeding through posts for junk or deleting users. I highly recommend this approach.

tortus32
Registered User
Posts: 46
Joined: Fri Jan 20, 2006 7:25 pm
Location: Montague NJ USA
Contact:

Re: hammered by newly registered members

Post by tortus32 » Fri Nov 16, 2012 2:22 pm

HGN wrote:
tortus32 wrote:until I hear that they have solved this problem.
Until now there is nothing to solve, since the phpBB software does not judge (is not able to judge) the question used.

We are not seeing an increase of spam registrations at phpbb.com though, and we have no other spam measures in place than standard Q&A (and first post approval for Newly Registered Users).

The spammers search the internet to create lists of forums, blogs, etc. They also crawl the captcha methods and e.g. the queries asked in the Q&A captcha. So chances a spambot is able to answer the Q&A is higher, in case the same question is used at more sites. Once a question has been resolved it can/will be added to a database, so that question is broken for ever.

Still I think the resolution is to use a unique question, that is hard to interpret by a program.
I changed my Q&A to questions that only I could answer, just as a test, and it did not slow them down at all. One was asking for my wife's work number, and I made the acceptable answer a made up phone number. Another was asking for my first pet's name - and again, I entered a random name as the acceptable answer. A third one I said what is 23 plus 14 minus 10 - and i made the acceptable answer 157, which is obviously wrong. None of this slowed them down.

All these people having the same problem seems to point out that there's definitely an issue here.
Last edited by tortus32 on Fri Nov 16, 2012 2:24 pm, edited 1 time in total.

Daryl Grant
Registered User
Posts: 182
Joined: Mon Nov 19, 2007 4:28 pm

Re: hammered by newly registered members

Post by Daryl Grant » Fri Nov 16, 2012 2:22 pm

I know its early days but setting my Q&A to what word is in my forums banner pic has so far worked.

We only ever have admin activation so we were just spammed with accounts rather than posts... hopefully the new Q&A will solve the problem.

ilh
Registered User
Posts: 11
Joined: Sun Dec 14, 2008 3:44 pm

Re: hammered by newly registered members

Post by ilh » Fri Nov 16, 2012 2:23 pm

So I disabled registrations.... and it isn't stopping the bot registrations. This sucks.

edit: hadn't cleared inactive users - I'm an idiot
Last edited by ilh on Fri Nov 16, 2012 4:44 pm, edited 1 time in total.

Locked

Return to “[3.0.x] Support Forum”