| Author |
Message |
viper18
New Member
Joined: Oct 05, 2007
Posts: 5
|
 Posted:
Tue Dec 11, 2007 10:39 am |
 
|
Hello,
my security code/security image work on CNB Your Account 4.4.2.When you reigster it displays the code and work fine but the spam bots can register and they post on my bbtonuke forum spam messages.
What can i do against this? |
|
|
|
|
jakec
Moderator
Joined: Feb 06, 2006
Posts: 1637
Location: United Kingdom
|
| Posted:
Tue Dec 11, 2007 12:09 pm |
|
What version of Nuke are you using?
Are you sure they are not getting in through a hole elsewhere? |
|
|
|
|
|
viper18
New Member
Joined: Oct 05, 2007
Posts: 5
|
| Posted:
Tue Dec 11, 2007 12:57 pm |
|
Nuke 7.9
bbtonuke 2.0.21
And in bbtonuke you can only post messages if you are a reigstred member and how can they register itself? |
|
|
|
|
|
jakec
Moderator
Joined: Feb 06, 2006
Posts: 1637
Location: United Kingdom
|
| Posted:
Tue Dec 11, 2007 2:55 pm |
|
Unfortunately versions of Nuke after 7.6 are known to contain security holes, which is why RavenNuke is taken from 7.6 as a base and then built upon to make it even more secure.
A number of questions need answering.
Are you running the latest patched files
Are you using Sentinel?
What additional modules, blocks, hacks are you running?
Also check your logs to see if you can find out how they are bypassing the captcha. It is possible to get through the captcha with the right tools, which is why RN uses a new and improved version.
I good way stop bots from getting through is to add an additional registration field. The bots are simply plugging in the information into the fields it expects, if you add in an additional field, it should trip them up, because it won't be expecting it. As you are you CNB that should be easy, but I suspect they may be bypassing this process all together. |
|
|
|
|
|
evaders99
Moderator
Joined: Apr 30, 2004
Posts: 2758
|
| Posted:
Tue Dec 11, 2007 5:20 pm |
|
Disable the Forums registration. That's probably where all your bots are going.
(There is a simple code hack hehe) |
|
|
|
|
viper18
New Member
Joined: Oct 05, 2007
Posts: 5
|
| Posted:
Wed Dec 12, 2007 12:33 am |
|
| jakec wrote: | Unfortunately versions of Nuke after 7.6 are known to contain security holes, which is why RavenNuke is taken from 7.6 as a base and then built upon to make it even more secure.
A number of questions need answering.
Are you running the latest patched files
Are you using Sentinel?
What additional modules, blocks, hacks are you running?
Also check your logs to see if you can find out how they are bypassing the captcha. It is possible to get through the captcha with the right tools, which is why RN uses a new and improved version.
I good way stop bots from getting through is to add an additional registration field. The bots are simply plugging in the information into the fields it expects, if you add in an additional field, it should trip them up, because it won't be expecting it. As you are you CNB that should be easy, but I suspect they may be bypassing this process all together. |
hello I'm using sentinel 2.5.14 i dont now what patch i using for nuke 7.9 i only using bbtonuke forum and the modul friendfinder.
How can i see how the bots are bypassing the captcha?
and where should i put a new field?
My member can only register with Your account. I
In my bbtonuke forum there is no option to disable the registration via board. |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 7264
Location: Arizona
|
| Posted:
Wed Dec 12, 2007 7:03 am |
|
"How can i see how the bots are bypassing the captcha?"
If your Forums permissions (the permissions on each Forum) are set to allow anonymous posting, then these "bots" are posting this spam without any need for being a registered user.
"My member can only register with Your account"
This is how it should be due to how phpBB forums were integrated in with PHP-Nuke.
"In my bbtonuke forum there is no option to disable the registration via board"
What jakec and evaders is talking about are your forum permissions. If you change them so that only registered users can post, it will cut out most of these spam issues.
However, unfortunately, the spammers are getting more and more sophisticated and even the core PHP-Nuke captcha may not stop them. However, so far, the captcha that is in RavenNuke 2.10.x has not yet been by-passed. |
|
|
|
|
|
viper18
New Member
Joined: Oct 05, 2007
Posts: 5
|
| Posted:
Wed Dec 12, 2007 11:24 am |
|
| montego wrote: | "How can i see how the bots are bypassing the captcha?"
If your Forums permissions (the permissions on each Forum) are set to allow anonymous posting, then these "bots" are posting this spam without any need for being a registered user.
"My member can only register with Your account"
This is how it should be due to how phpBB forums were integrated in with PHP-Nuke.
"In my bbtonuke forum there is no option to disable the registration via board"
What jakec and evaders is talking about are your forum permissions. If you change them so that only registered users can post, it will cut out most of these spam issues.
However, unfortunately, the spammers are getting more and more sophisticated and even the core PHP-Nuke captcha may not stop them. However, so far, the captcha that is in RavenNuke 2.10.x has not yet been by-passed. |
i check all subforum topics and there is always set that only registered members are allowed to do posts.
In some phpBB forum you can only post a URL or image only if you more than 2 day a member and have more than 2 posts. This addon i will need for my site too, but there is nothing like that. |
|
|
|
|
|
Susann
Spouse Contemplates Divorce
Joined: Dec 19, 2004
Posts: 2113
Location: Germany:Moderator German NukeSentinel Support
|
| Posted:
Thu Dec 13, 2007 7:07 pm |
|
Beneed all these tips you could also try out Trubar (for Nuke) or Trubar silent (donīt know if its already ported to PHP Nuke) wich is an anti-spam-tool a catcha for your forum from
Btw:Show your memberlist only to admins otherwise you will get more spam.
And mail.ru addresses etc. to your string blocker. |
|
|
|
|
|
viper18
New Member
Joined: Oct 05, 2007
Posts: 5
|
| Posted:
Fri Dec 14, 2007 5:18 am |
|
| Susann wrote: | Beneed all these tips you could also try out Trubar (for Nuke) or Trubar silent (donīt know if its already ported to PHP Nuke) wich is an anti-spam-tool a catcha for your forum from
Btw:Show your memberlist only to admins otherwise you will get more spam.
And mail.ru addresses etc. to your string blocker. |
Tnx it supports.
Which options i have to enable in nuke sentinel 2.5.14??
i mean what settings i have to set. |
|
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 4578
Location: Slovakia - working my way around Eastern Europe
|
| Posted:
Fri Dec 14, 2007 5:45 am |
|
Make sure your forums are up to date. There were some important fixes in the last two versions to plug many of these holes |
|
|
|
|
Susann
Spouse Contemplates Divorce
Joined: Dec 19, 2004
Posts: 2113
Location: Germany:Moderator German NukeSentinel Support
|
| Posted:
Fri Dec 14, 2007 5:59 am |
|
viper Spammers use often proxies.Is your Proxy blocker activated ? Beneed this the string blocker is very agressive you can add there many words like "phentermine" etc. and also e-mail-addresses like @mail.ru etc.
But you have somewhere a hole. |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
