hammered by newly registered members

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Anti-Spam Guide
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
User avatar
Lumpy Burgertushie
Registered User
Posts: 66727
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: hammered by newly registered members

Post by Lumpy Burgertushie » Sat Nov 17, 2012 2:24 am

panzer max wrote:Yeah, I am wracking my brains for questions that cannot be answered by bots. My two questions before today were:

Suzuki motorcycles are made in _________
google search fourth result
Suzuki motocross bikes are what color?


How a program can solve that is beyond me. :shock:
just fyi they don't have to be questions.

for instance;

question: type the middle two words of this sentence.

answer: two words

or,

put the last four letters in reverse of the following:
motocross

answer: ssor

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: hammered by newly registered members

Post by Pony99CA » Sat Nov 17, 2012 3:31 am

Kevin Clark wrote:
Red90 wrote:
adrian-smith31 wrote:I have four questions.....
As I understand it, more questions reduces security as the user only needs to answer one of them. Am I wrong?
Yes. Essentially, you have no way of knowing which questions are working and which are not.
That reasoning is flawed. Presuming that all Q&As are equally good, if one question is broken, bots will have a 1 in N chance of registering correctly the first time (where N = the number of questions that you use). If N = 1, bots will get in until you change your question.

Similarly, if bots are smart enough to keep trying if the registration fails, it will take roughly N/2 attempts on average to get the broken question. If N/2 is less than your registration attempt limit, there's a good chance that a bot will get in.

Multiple questions doesn't reduce security; it just means that you have to change all of your questions if one is broken.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

vossen
Registered User
Posts: 123
Joined: Thu Aug 21, 2003 9:11 am

Re: hammered by newly registered members

Post by vossen » Sat Nov 17, 2012 3:37 am

same here, hammerd with newly registerd members. on my populare board.
have Q&A to for registration.

my small board is still clean.

seems like, it does not matter what Q&A you have. my guess is they bypass it.

any idea how to stop this spam would be nice.

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: hammered by newly registered members

Post by Pony99CA » Sat Nov 17, 2012 3:40 am

Here's some more data, for what it's worth.

Most importantly, I have had zero spam registrations in the last two or three days. You might say my board wasn't targeted, but...

In the last 3-7 days, I did get 5-7 spammers who activated accounts, mostly from Chinese IP addresses (and several with 163.com E-mail addresses, which I have now banned), some of which posted (mostly pushing Louis Vuitton). I also had a similar number of inactive registrations. I changed my Q&A from a Yes/No answer to one a little more difficult (pick one word out of three) and, as noted, haven't had spam since.

I have seen a jump in visitors. Checking my error log showed several URLs like the following:

Code: Select all

[Fri Nov 16 16:28:48 2012] [error] [client 80.252.155.87] File does not exist: /home/pocketpc/public_html/discuss/index.php+++++++++++++++++++++++Result:+text+captcha+decoded+wrong;+chosen+nickname+"SesCrergy";+registered+(registering+only+mode+is+ON);+e-mail+address+or+server+is+banned;, referer: http://www.svpocketpc.com/discuss/index.php+++++++++++++++++++++++Result:+text+captcha+decoded+wrong;+chosen+nickname+%22SesCrergy%22;+registered+%28registering+only+mode+is+ON%29;+e-mail+address+or+server+is+banned;
Note the reference to "text captcha" in there.

The above was for my main board. My test board hasn't had any spam activity at all lately (although it has in the past).

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
wmtipton
Registered User
Posts: 564
Joined: Thu Apr 26, 2007 8:16 pm
Contact:

Re: hammered by newly registered members

Post by wmtipton » Sat Nov 17, 2012 3:50 am

Im going to try to change my Q&A to something like asking to describe something about the website graphically that isnt in the text anywhere....
mysql database backup software - mysql Workbench

User avatar
Blue Blood
Registered User
Posts: 763
Joined: Sat Apr 11, 2009 7:09 am
Location: U§A
Name: Blue Blood
Contact:

Re: hammered by newly registered members

Post by Blue Blood » Sat Nov 17, 2012 5:49 am

OK after starting this topic last night I see I'm not the only one!!

After reading the whole thread I have made the suggested changes.
Changed Registration attempts from 5 to 3
Changed the A&Q to a single question.
Here is my question:
What is the 1st, 10th and 3rd letters in the sites logo?

I figured this would be good asking for more then just one letter.
One of the letters is a number too!!

So I enabled the registration and went to get some food.
I was gone for about 30 mins.
Got back, checked it out and had NO NEW ACCOUNTS!!

But there are 10 or more bots trying to register a new account at any given time.
Not sure what this will do the the speed of my forum...

User avatar
Blackwolf_Oz
Registered User
Posts: 264
Joined: Sat Jan 02, 2010 5:15 am
Location: Melbourne Australia
Name: Nick
Contact:

Re: hammered by newly registered members

Post by Blackwolf_Oz » Sat Nov 17, 2012 6:14 am

Off Topic but Blue Blood ......I registered on your site months ago & have now been banned due to being a spammer...have sent 3-4 emails asking to be unbanned but no reply.

I can assure you I am no spammer.
You have been permanently banned from this board.

Please contact the Board Administrator for more information.

Reason given for ban: Spam

A ban has been issued on your username.
I use Blackwolf on your site.
Last edited by Blackwolf_Oz on Sat Nov 17, 2012 6:20 am, edited 1 time in total.
We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.

Ultimate Edition, Ultimate Edition Oz, Oz Unity

User avatar
John P
Registered User
Posts: 1237
Joined: Mon Jan 21, 2008 3:55 pm
Location: Netherlands
Name: John
Contact:

Re: hammered by newly registered members

Post by John P » Sat Nov 17, 2012 6:16 am

Why can't we log which question is answered right by a spammer, so you know the broken question
Image
Webhosting, Custom MODs, Technical management, MOD installation and Webdesign

User avatar
Blue Blood
Registered User
Posts: 763
Joined: Sat Apr 11, 2009 7:09 am
Location: U§A
Name: Blue Blood
Contact:

Re: hammered by newly registered members

Post by Blue Blood » Sat Nov 17, 2012 6:31 am

Blackwolf_Oz wrote:Off Topic but Blue Blood ......I registered on your site months ago & have now been banned due to being a spammer...have sent 3-4 emails asking to be unbanned but no reply.
Sorry I don't check my admin email very often..
I guess I got ban happy, your IP counrty is AU
I have had a lot of spam accounts from AU

You are good to go now!
Stef775 wrote:Why can't we log which question is answered right by a spammer, so you know the broken question
Plus 1

I still have never understood why all the broken captcha's are still an option...
Why not remove these next release!!

brononi
Registered User
Posts: 28
Joined: Fri Nov 21, 2003 4:52 pm

Re: hammered by newly registered members

Post by brononi » Sat Nov 17, 2012 7:25 am

Since a week or 2, i'm having the same issue. The forum runs for several years, and never had an issue.
And now, i've got almost each 15 minutes a new user. For the moment, i added the option that an administrator needs to activate it. I already changed the Q&A to something else. But the registrations keep on going.

My Q&A? "MAG is de belangenvereniging voor?" > Motoren
So really no idea who this can be 'hacked' this fast, in about 10 minutes?
So i think that this way of registration isn't going through the Q&A part...

Any suggestions are more then welcome!

stanhilliard
Registered User
Posts: 173
Joined: Tue May 10, 2005 7:53 pm
Location: North St Paul, Minnesota
Contact:

Re: hammered by newly registered members

Post by stanhilliard » Sat Nov 17, 2012 7:35 am

In approximately 24 hours on November 15 & 16 2012, 219 bot-usernames posted 654 messages. Most were from three names. Many had usernames had one or zero posts. But active ones posted at essentially no delay between posts.

My Q & A question was an instruction to spell SNOWMAN backwards. It had worked perfectly for months.

I changed the Q & A to ask the user to identify the middle character of a 7 character nonsense string. No bots have posted since -- about 12 hours. I made the change while 7 bots were on line and posting. One new username appeared seconds before my Q & A change.

I have since deleted all 219 usernames and their 654 posts.

My board is version 3.0.10

User avatar
Blue Blood
Registered User
Posts: 763
Joined: Sat Apr 11, 2009 7:09 am
Location: U§A
Name: Blue Blood
Contact:

Re: hammered by newly registered members

Post by Blue Blood » Sat Nov 17, 2012 7:39 am

Question??
Dose VB, IPB or any of the paid forums have this problem??

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21564
Joined: Fri Aug 29, 2008 9:49 am
Location: Caerdydd

Re: hammered by newly registered members

Post by Mick » Sat Nov 17, 2012 8:20 am

Blue Blood wrote:Dose VB, IPB or any of the paid forums have this problem??
As far as I'm aware yes as do many many other sites, if you have a Google around you will see it's a global epidemic.
Stef775 wrote:Why can't we log which question is answered right by a spammer, so you know the broken question
Having several Q&A's for one language has never been recommended, if you have just one you will know immediately which question has been defeated.

I have personally been doing some tests over the last few weeks and it seems using the upper and lower case thing has been busted and asking the new registrant to type the first four letters of a particular word etc. doesn't seem too safe either. The typing of a displayed random character string still seems to be holding and asking for certain letters in an image in the header seems good for now. This problem isn't going to go away any time soon, the financial rewards are too great for the protagonists, so we all have to be on the ball.
"The more connected we get the more alone we become" - Kyle Broflovski

Paljas
Registered User
Posts: 4
Joined: Thu Aug 20, 2009 11:22 am

Re: hammered by newly registered members

Post by Paljas » Sat Nov 17, 2012 8:25 am

Tip for cleaning: use the prune users option from the admin panel. You can specify by date, so you can remove all users that were registered in a specific period including their posts in one go. Easy.

By the way. This forum also uses fairly weak check of giving only cap chars from a random string..

MarkHoward
Registered User
Posts: 292
Joined: Mon Jun 30, 2008 3:39 am
Location: New Zealand
Contact:

Re: hammered by newly registered members

Post by MarkHoward » Sat Nov 17, 2012 8:35 am

I've had the same problems.
Initially changed the 4 questions that I had - no difference - heaps of spam registrations.
I then disabled new registrations.

That stopped them.

I have now made the following changes:
Only one Q&A question requiring inspection of home page graphics.
Reduced registration tries to 2.
Requires Admin confirmation.
Re-enabled registration.

Going to bed now and will report the result in the morning.

Locked

Return to “[3.0.x] Support Forum”