Repeating spam user registrations

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
tellmethis
Registered User
Posts: 97
Joined: Sun Feb 14, 2010 7:02 pm
Contact:

Repeating spam user registrations

Post by tellmethis » Thu Aug 08, 2019 5:57 am

I'm running phpBB 3.2.7 on a Linux server.

I have the extension OneAll Social Login installed, with options for Facebook, Google and LinkedIn checked.

I discovered a couple of fake users had registered with the forum some time ago. I'll use details of one of these users as an example.
  1. User registers on 6 Jul 2018. Based on information I see in ACP > Maintenance > Admin log, the Username is Anonymous, IP is 122.110.139.137, and in the Action column it states "Added new members to usergroup Registered OneAll users - kevin.smith". The user's email address is with domain @example.com
    Line break
  2. Realising this was an invalid user on 5 Aug 2019, I deleted the user on that date.
    Line break
  3. On 6 Aug 2019, same user had re-registered. From IP 175.32.9.32.
    Line break
  4. I deleted the user again on 8 Aug 2019. This time I also went to ACP > Users and Groups > Ban emails, adding *@example.com to the permanent banned list.
    Line break
  5. On 8 Aug 2019, the same user had re-registered. From IP 175.32.9.32. And with an email address from the domain @example.com
The fact that I have User registration settings > Account activation set to "By admin" is being bypassed somehow.
  • User registration settings > Enable spambot countermeasures for registrations is set to "Yes".
  • Spambot countermeasures
    • Enable spambot countermeasures for registrations is Enabled.
    • Installed plugins is set to GD image.
Can anybody tell me whether this a problem to address from within phpBB, or is this a problem that I need to raise with OneAll Social Login ?

User avatar
david63
Registered User
Posts: 16330
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: Repeating spam user registrations

Post by david63 » Thu Aug 08, 2019 6:09 am

There is nothing wrong with the user Anonymous performing actions on your board. The Anonymous user is the name given to all users who have accessed the board but have not logged in - they may be members who are logging in or they may be guest users who are just browsing your board, could even be unregistered bots.

There is nothing to be concerned about - this is normal phpBB behaviour.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

tellmethis
Registered User
Posts: 97
Joined: Sun Feb 14, 2010 7:02 pm
Contact:

Re: Repeating spam user registrations

Post by tellmethis » Thu Aug 08, 2019 8:17 am

Thanks David. I'm not following though. Only registered users, subject to admin approval, and in turn subject to forum permissions, should have be able to see beyond the login page.

The scam user in this case has, automatically it seems, become a member of Groups:
  • Newly registered users
  • Registered users
  • Registered OneAll users
Registered users have access to forums which should only be accessed by users that Admin has approved. 'Anonymous' / 'kevin.smith' hasn't been given that access. So I'm not following "There is nothing wrong with the user Anonymous performing actions on your board"? when seemingly the Anonymous user in question, as a member of the Group Registered users, presumably has access to all content.

User avatar
kinerity
Community Team Member
Community Team Member
Posts: 2311
Joined: Mon Sep 01, 2014 1:00 am
Location: sudo rm -rf /
Name: Kailey Truscott
Contact:

Re: Repeating spam user registrations

Post by kinerity » Thu Aug 08, 2019 8:27 am

tellmethis wrote:
Thu Aug 08, 2019 5:57 am
  1. User registers on 6 Jul 2018. Based on information I see in ACP > Maintenance > Admin log, the Username is Anonymous, IP is 122.110.139.137, and in the Action column it states "Added new members to usergroup Registered OneAll users - kevin.smith". The user's email address is with domain @example.com
Can anybody tell me whether this a problem to address from within phpBB, or is this a problem that I need to raise with OneAll Social Login ?
This is probably a problem with OneAll Social Login. Have you tried disabling that extension and seeing if the problem persists?
Kailey Truscott - Community Team

User avatar
Lumpy Burgertushie
Registered User
Posts: 66490
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Repeating spam user registrations

Post by Lumpy Burgertushie » Thu Aug 08, 2019 1:48 pm

and, the GD image was broken years ago. the bots can get past it instantly. change your anti spam to the Q&A with a good question that can not be googled and you will stop this.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

tellmethis
Registered User
Posts: 97
Joined: Sun Feb 14, 2010 7:02 pm
Contact:

Re: Repeating spam user registrations

Post by tellmethis » Fri Aug 09, 2019 11:17 am

kinerity wrote:
Thu Aug 08, 2019 8:27 am
This is probably a problem with OneAll Social Login. Have you tried disabling that extension and seeing if the problem persists?
I've not tried disabling the extension at this stage, Kailey, as I guess that'd defeat the purpose of having installed it. However I'll raise the issue with OneAll Social Login if Robert's suggestion doesn't do the job.
Lumpy Burgertushie wrote:
Thu Aug 08, 2019 1:48 pm
change your anti spam to the Q&A with a good question that can not be googled and you will stop this.
Thanks Robert. A simple enough change. I'll try that and report back if ineffective.

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21333
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket - definitely

Re: Repeating spam user registrations

Post by Mick » Fri Aug 09, 2019 2:50 pm

And you can disable the extension very easily to test, two seconds to re-enable it afterwards.
"The more connected we get the more alone we become" - Kyle Broflovski

tellmethis
Registered User
Posts: 97
Joined: Sun Feb 14, 2010 7:02 pm
Contact:

Re: Repeating spam user registrations

Post by tellmethis » Sat Aug 10, 2019 1:22 pm

Mick wrote:
Fri Aug 09, 2019 2:50 pm
And you can disable the extension very easily to test, two seconds to re-enable it afterwards.
Thanks for the suggestion, Mick. Trouble is, although I could disable OneAll Social Login, I don't know how long the dodgy user or spambot or whatever it is will take to attempt re-register. I won't even know if there is another attempt to re-register, therefore won't know if disabling OneAll Social Login was the culprit. I can only assume it is, because in all cases, the registration has come via that pathway.

Nevertheless, changing the spambot countermeasures from GD Image to Q&A appears to have prevented any re-registrations so far. Touch wood.

tellmethis
Registered User
Posts: 97
Joined: Sun Feb 14, 2010 7:02 pm
Contact:

Re: Repeating spam user registrations

Post by tellmethis » Mon Aug 12, 2019 8:25 pm

Unfortunately the change from GD Image to Q&A hasn't fixed the problem. Relentless user kevin.smith registered without approval again on Monday Aug 12, 2019 5:43 pm (UTC+10).

I'll take this problem to OneAll, see if any suggestions from there.

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69239
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Repeating spam user registrations

Post by KevC » Tue Aug 13, 2019 8:35 am

Have you logged out to see if you can replicate what's happening?

Certainly isn't possible to register and approve yourself with the default phpBB installation.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

tellmethis
Registered User
Posts: 97
Joined: Sun Feb 14, 2010 7:02 pm
Contact:

Re: Repeating spam user registrations

Post by tellmethis » Tue Aug 13, 2019 9:00 am

KevC wrote:
Tue Aug 13, 2019 8:35 am
Have you logged out to see if you can replicate what's happening?
If I log out of the forum, then click an option under Connect with your social network account, eg. facebook, I'm presented with a pop up window which asks me to confirm that I want to login via Facebook. After proceeding, phpBB presents me with:
The account has been created. However, the forum settings require account activation by an administrator.
An email has been sent to the administrators and you will be informed by email once your account has been activated.
If I log into the forum again, I see in the list of members a OneAll generated user name accompanied by Inactive in parentheses. This registration request then needs admin approval to become active.

With this repetitive scam user, the need for admin approval of the registration request is bypassed. Then scam user somehow becomes an active user account immediately.

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69239
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Repeating spam user registrations

Post by KevC » Tue Aug 13, 2019 9:34 am

So that suggests access from facebook is ok. I wonder then if it's from the google or linkedin access. Worth trying if you can access those as well.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

tellmethis
Registered User
Posts: 97
Joined: Sun Feb 14, 2010 7:02 pm
Contact:

Re: Repeating spam user registrations

Post by tellmethis » Tue Aug 13, 2019 10:50 am

I thought that was a very good point, KevC. I hadn't pondered the possibility that the problem may lie with a particular social media service.

So, I tried registering via a Google account. No problem there. My registration request at the forum was inactive, awaiting admin approval.

I then tried with LinkedIn. This test raised a completely different problem it seems. I was presented with:
An error has occured while processing the request

[aaaforum] Scope not approved by LinkedIn

The scope/permissions that this Site is requesting have not been approved by LinkedIn. If you are the owner of this website then please enable less permissions or ask LinkedIn to grant your app the usage of additional scopes.
Access the LinkedIn Configuration

Additional Information
Unauthorized scope: r_liteprofile
I then logged into my account with OneAll, and accessed the User Explorer menu. This showed me that the scam user or spambot, Kevin Smith, registered via Facebook. It also shows me that Kevin Smith has logged in 156 times, with first login on 6 Jul 2018 at 11:55 (time zone not stated) and last login 13 Aug 2019 at 12:18.

Still in OneAll > User Explorer, I click on user Kevin Smith, which takes me to more detail, including a Connections tab. Within the Connections tab I can see a bunch of data under the headings Used Browsers and Used IP Addresses. The most recent couple of samples are:
  • 13.08.2019 12:18 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
  • 12.08.2019 9:43 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
Then there's an API Data tab with swag of info including Identity Token, Raw Identity Data, Parent User Token, Linked Identity Tokens, etc.

tellmethis
Registered User
Posts: 97
Joined: Sun Feb 14, 2010 7:02 pm
Contact:

Re: Repeating spam user registrations

Post by tellmethis » Tue Aug 13, 2019 11:11 am

Just found a response to my ticket raised with OneAll Support:
Support Team commented:

Hi <name>

Is your problem coming from users with an "example.com" email address ? If yes, there are generated when we can't get email from providers : the provider don't give the user email address, user refuse to share it's address when asking permissions etc...

The problem will be to recognize the user without an email address or create an account for some CMS, that's why we need to generate a random one. Maybe you can block the code doing that in helper.php file and block user creation if they don't have an email address.

best regards
So far as I recall, when a user requests registration with the forum, providing an email address is a mandatory requirement.

Based on the answer from OneAll Support, I assume it is OneAll generating the ***@example.com email address.

Does this and the last post of mine give anybody a clue as to how I might fix this problem, other than disabling OneAll altogether?

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21333
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket - definitely

Re: Repeating spam user registrations

Post by Mick » Tue Aug 13, 2019 11:35 am

It would seem the issue is coming from oneall. That being to case you need t speak to the extension author as they’re responsible for their software.
"The more connected we get the more alone we become" - Kyle Broflovski

Post Reply

Return to “[3.2.x] Support Forum”