IntegraMOD

Spam Account mod?

2007-01-25T14:20:37-07:00

Upgrade to 141 and you won't see any spam accounts. I can vouche for that. I used to get one new spammer every 2 hours all day long (so about 12/day) and since upgrading to 1.4.1 on the day they released it (I think a week ago) I have had ZERO spam accounts.

Zac

Statistics: Posted Author: ZacFields — Thu Jan 25, 2007 2:20 pm

Re: Spam Account mod?

2007-01-25T13:39:47-07:00

maybe this have something to do with it? open lang_main.php around line 548:

$lang['PS_security_force'] = 'Sorry, it appears this is your first visit since we added the security questions to accounts. You will only be able to view your profile until you update it and add a question and answer. Thanks!

Click here to goto your profile.';

Statistics: Posted Author: Skywalker — Thu Jan 25, 2007 1:39 pm

Spam Account mod?

2006-11-29T06:34:47-07:00

"ZacFields";p="17924" wrote:
I have the visual code thing enabled on the forum. I'm not sure if these are real people or if they're getting around it somewhere. If it were an SQL injection, wouldn't PHPBB Security catch that?

Take a look at your Users database. (You can do this through phpmyadmin in the Admin / General section. It is called phpbb_users.) If you find registered users without a security question, and you have required that they have one (this is the defaul), then it is probably an SQL injection. The checks for these fields are pretty well hard coded in the user profile code.

Also, does anyone have any suggestions? My forums are based locally in the US so I have banned the email providers of the people (all from foreign email providers like mail.ru and web.de) and I think that will stop about half of them, but the other half I am clueless about...and why is it that I've been targeted with this?

Zac

You were most likely targeted because they have triggered off of phpBB or Integramod on your pages.

My steps to help with this are band-aides, but here they are.
- turn on admin approval for registration
- turn on approval for all open forums
- when a new user is created, check for the security question. If it isn't there, delete the user (you could try banning instead)
- when in doubt, I run the new user's name through a Google search. If I get a lot of hits from other forums (like > 1000), I get really suspicious.

Statistics: Posted Author: jwernerny — Wed Nov 29, 2006 6:34 am

Spam Account mod?

2006-11-28T23:33:45-07:00

Also, wasn't there talk once about creating a public blacklist of spammers and hackers' IP addresses? I think this would be an effective way of preventing a lot of this.

Zac

Statistics: Posted Author: ZacFields — Tue Nov 28, 2006 11:33 pm

Spam Account mod?

2006-11-28T23:32:28-07:00

i had to bring this topic back up.

I'm having a horrible problem with spammers on my forum. Like 5-10 spammers join the site everyday and about 3-4 of them post some junk spam crap on the forums.

I have the visual code thing enabled on the forum. I'm not sure if these are real people or if they're getting around it somewhere. If it were an SQL injection, wouldn't PHPBB Security catch that?

Also, does anyone have any suggestions? My forums are based locally in the US so I have banned the email providers of the people (all from foreign email providers like mail.ru and web.de) and I think that will stop about half of them, but the other half I am clueless about...and why is it that I've been targeted with this?

Zac

Statistics: Posted Author: ZacFields — Tue Nov 28, 2006 11:32 pm

Spam Account mod?

2006-09-26T06:16:10-07:00

"jwernerny";p="15865" wrote:
On my site, I still get a message to approve them, but no one else sees them.

The bypass they are using also seems to bypass the security question.

For the other people who are having this problem -- did you previously have a plain phpBB site? I did, and I keep wondering if there is some old file hanging around that they are using.

- John

Nope.. I did a fresh install of IM 1.4.0

Statistics: Posted Author: Dioncecht — Tue Sep 26, 2006 6:16 am

Spam Account mod?

2006-09-26T04:31:14-07:00

On my site, I still get a message to approve them, but no one else sees them.

The bypass they are using also seems to bypass the security question.

For the other people who are having this problem -- did you previously have a plain phpBB site? I did, and I keep wondering if there is some old file hanging around that they are using.

- John

Statistics: Posted Author: jwernerny — Tue Sep 26, 2006 4:31 am

Re: Spam Account mod?

2006-09-24T17:41:24-07:00

so are they registering via sql injection to bypass the profilcp images?

you could set registration to Admin Aproval to see if they get past that

Statistics: Posted Author: Helter — Sun Sep 24, 2006 5:41 pm

Re: Spam Account mod?

2006-09-24T17:22:32-07:00

"This modification integrates the phpBB visual confirmation system with posting to require newly registered members to enter a code before their post is entered in your database."

None of them actually post anything, they just create accounts which displays in the Newest Members area

Statistics: Posted Author: Dioncecht — Sun Sep 24, 2006 5:22 pm

Re: Spam Account mod?

2006-09-23T14:33:06-07:00

try this...looks like an easy install
It is called, Visual Confirmation on Posting

Statistics: Posted Author: Helter — Sat Sep 23, 2006 2:33 pm

Spam Account mod?

2006-09-23T13:28:44-07:00

I have .21 and the patches and getting same issue. The account names are starting to get quite colorful to. Already offended one of my members...

Statistics: Posted Author: Dioncecht — Sat Sep 23, 2006 1:28 pm

Spam Account mod?

2006-09-20T06:55:25-07:00

I have the latest security fixes installed, but I don't have 2.0.21 in there yet, just 2.0.20. I have been waiting for IM 141.

I may try putting 2.0.21 in tonight and see if it solves anything.

Statistics: Posted Author: jwernerny — Wed Sep 20, 2006 6:55 am

Re: Spam Account mod?

2006-09-20T06:55:29-07:00

sounds like a type of SQL injection.

Have you updated to the latest patch release of 2.0.21 and installed the latest Security Fixes?

patches - http://integramod.com/forum/dload.php?a ... &cat_id=29

Security Fixes - http://integramod.com/forum/viewtopic.php?p=14453

Statistics: Posted Author: Dragonsys — Wed Sep 20, 2006 6:52 am

Re: Spam Account mod?

2006-09-15T05:44:59-07:00

Okay, I did some more research and found some interesting things.

1. All of the bogus users have no security question.

2. From my logs, it looks like they are doing an end-around insertion

Line number On/Off | Expand/Contract | Select all

211.191.97.246 - - [15/Sep/2006] "GET /forum/profile.php?mode=register&agreed=true HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" ***MARK***211.191.97.246 - - [15/Sep/2006:00:05:06 -0400] "POST /forum/profile.php HTTP/1.1" 302 - "http://snowtire.info/forum/profile.php?mode=register&agreed=true" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

I think this issue really needs to be moved into a bug. Since it is a "hack" against IM, I will log this also in the Security forum.

Statistics: Posted Author: jwernerny — Fri Sep 15, 2006 5:44 am

Spam Account mod?

2006-09-15T04:53:45-07:00

Nope, the profilcp images are still there. (see http://www.snowtire.info/forum/profile. ... efer&mod=0)

That means they are either doing them by hand (which seems unlikely, because of the speed they hit so many sites), or that they have found a way around them. Maybe it is time to look at my logs again....

- John

Statistics: Posted Author: jwernerny — Fri Sep 15, 2006 4:53 am