Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / Spam on my forum

Author
Message
Fallout
22
Years of Service
User Offline
Joined: 1st Sep 2002
Location: Basingstoke, England
Posted: 8th Jun 2011 15:52
Link
Every now and then (weekly), some bot will managed to join my Simple Machines Forum, getting passed the human checks and then post a message like this:

2011-06-08_7-36-41 -> 0a96b7aa9f519a51516a775079bef8b0 :: 3d985eb547b8cf796a39551e7ab http://www.hangfiresoftware.com/?3d985eb547b8cf796a39551e7ab,

Anyone any ideas what this is? It doesn't look like injected SQL or anything, so I can't figure out what they're trying to do. If it's dangerous, I want to boost security, but if it's nothing to worry about, I'll just carry on getting rid of them manually.

Any thoughts?

Back to top
Profile PM
The Wilderbeast
19
Years of Service
User Offline
Joined: 14th Nov 2005
Location: UK
Posted: 8th Jun 2011 19:27 Edited at: 8th Jun 2011 19:28
Link
SMF is pretty secure, but just be sure do a Google for Exploits and Vulnerabilities for your version of SMF - as far as I can see most are for 1.1.12/13.

What sort of human checks do you have? Capcha-type checks aren't really enough these days - add a question to the registration too.

I am running SMF too, for a custom question it allows you to use BB codes. Many bots will checks for questions and try an parse them. So questions like What is 2 + 2? do not work. Try and incorporate BB code into it somehow - here's an example on my SMF install:
http://community.devstorm.co.uk/index.php?action=register
Which of these numbers is in bold? - 24 18 74

Simple


Blitzwerks | Indie Development Team
Back to top
Profile PM
Destrugter 1
18
Years of Service
User Offline
Joined: 26th Oct 2006
Location:
Posted: 8th Jun 2011 19:36 Edited at: 8th Jun 2011 19:37
Link
Or it could be something ridiculously difficult.

Take the current speed of the wind, times it by the impact a butterfly has after falling 3000 feet using the same gravitational pull, add all of the days of the week that end in y (lol), and finally, enter 4.

EDIT

I thought with just the above, it wasn't very constructive. I'd do something similar to what The Wilderbeast said. Add a weird question. You could put somewhere in an above part of the form like. Usernaem: and then as the question "What word was mispelled on the form?"

My name is Brian.
Back to top
Profile PM Email Website
Fallout
22
Years of Service
User Offline
Joined: 1st Sep 2002
Location: Basingstoke, England
Posted: 8th Jun 2011 19:39
Link
Cool stuff. Cheers for the tips. I've been quite lazy with my install. I just got it going out of the box and tweaked a few settings, so I only have the Capcha. I'll have a look and see what robustness I could add to stop the bots.

Another thing on the todo list.

Back to top
Profile PM
The Wilderbeast
19
Years of Service
User Offline
Joined: 14th Nov 2005
Location: UK
Posted: 8th Jun 2011 19:46
Link
Quote: "Cool stuff. Cheers for the tips. I've been quite lazy with my install. I just got it going out of the box and tweaked a few settings, so I only have the Capcha. I'll have a look and see what robustness I could add to stop the bots.Another thing on the todo list."

Just checked out your registration. Personally I hate capchas because you can never read what they say. I would say bump the capcha difficulty down a level as any bots that get past that part would probably get past it if it were on its current setting; so in the name of readability and lowering member frustration it seems a fair trade off. Any bots that slip through will be stumped by the question at the end.

One thing to take note of is accessability. Make sure a blind user could answer it with the aid of a narration program (for example Which of these numbers is in bold? - 24 18 74 could be answered because it would put an emphasis on the 18.)

Hope that helps


Blitzwerks | Indie Development Team
Back to top
Profile PM
crispex
17
Years of Service
User Offline
Joined: 22nd Jun 2007
Location:
Posted: 8th Jun 2011 19:46
Link
If you want to secure things, add a security question, a basic math problem is what I use. Also, have a user complete the question or CAPTCHA after every 10 posts or so. reCAPTCHA is a nice thing to have, so if you want to throw that in there, go for it.

I just now realized I've had a typo in my signature for the past 3 years.
Back to top
Profile PM
CoffeeGrunt
17
Years of Service
User Offline
Joined: 5th Oct 2007
Location: England
Posted: 8th Jun 2011 20:12
Link
Bots can crack Captcha? Dear God, they're becoming sentient!

What is all the fuss about anyway?
Back to top
Profile PM Email
Phaelax
DBPro Master
22
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 8th Jun 2011 20:29
Link
Quote: "Bots can crack Captcha? Dear God, they're becoming sentient!"

They have for awhile now. I think it was a few weeks after that hit the news is when MySpace started requiring it to send a freakin email to someone on your own list. Fail!

Back to top
Profile PM Email Website
Daniel wright 2311
User Banned
Posted: 8th Jun 2011 20:38
Link
I had a pretty secsesfull fourms for a while and let me tell you, its not easy to get the spamers out.Spam bots are not the problem,just wait till you get some one mad with a ban then they keep coming on the site with a new ip address and then post over post porn just to make you mad.

What I did was I choose who joined and who did not for a good week,this got them bored trying to join then it stoped. but this here is not much of a problem,I would not worry to much about it.

my signature keeps being erased by a mod So this is my new signature.
Back to top
Profile
Fallout
22
Years of Service
User Offline
Joined: 1st Sep 2002
Location: Basingstoke, England
Posted: 8th Jun 2011 23:04
Link
Yeah, I have considered manually adding users, but the problem isn't big enough yet for that. It's a very low turn over board. Android customers can't even be arsed to email you, let alone visit your forum. Still, I don't want to get hacked.

Back to top
Profile PM
Uncle Sam
19
Years of Service
User Offline
Joined: 23rd Jul 2005
Location: West Coast, USA
Posted: 8th Jun 2011 23:16 Edited at: 8th Jun 2011 23:19
Link
Ugh. I have similar problems. I left my forum for a few months and came back and there were like 1000 new fake users. Fortunately, they all had post approval on.

EDIT: Whadya know, another 2000. Here come the pruning shears.

I will probably love you if you donate here: My KickStarter Project
Back to top
Profile PM Email
Libervurto
18
Years of Service
User Offline
Joined: 30th Jun 2006
Location: On Toast
Posted: 9th Jun 2011 19:17
Link
I can't remember the site but some log in thing had three random pictures and would ask you to choose one (e.g. "Click on the picture of a dog") I thought that was quite clever.


Your memory has been erased by a mod - Your new name is Brian.
Back to top
Profile PM Email
AutoBot
15
Years of Service
User Offline
Joined: 25th Sep 2009
Location: Everywhere
Posted: 9th Jun 2011 23:42
Link
It wasn't me!

Back to top
Profile PM Email
Indicium
16
Years of Service
User Offline
Joined: 26th May 2008
Location:
Posted: 14th Jun 2011 16:03
Link
One of the minecraft forums I visit has a simple question, "What is the name of the game that Notch created in which you mine and craft?"
It's stopped all spam according to the admin.

Back to top
Profile PM
Fallout
22
Years of Service
User Offline
Joined: 1st Sep 2002
Location: Basingstoke, England
Posted: 14th Jun 2011 17:15
Link
Added one of those questions and no spam bots since .... no members since either. Perhaps my question "Tell me what I have tatooed on my left buttock?" was too hard for most people to guess.

Back to top
Profile PM
Neuro Fuzzy
17
Years of Service
User Offline
Joined: 11th Jun 2007
Location:
Posted: 14th Jun 2011 20:09 Edited at: 14th Jun 2011 20:10
Link
is it your avatar?

[edit]

I ask because it was too dark to see last ti-
...uhh...



Why does blue text appear every time you are near?
Back to top
Profile PM Email
xplosys
19
Years of Service
User Offline
Joined: 5th Jan 2006
Playing: FPSC Multiplayer Games
Posted: 14th Jun 2011 20:23 Edited at: 14th Jun 2011 20:24
Link
Go ahead and say it. It's not like he hasn't shown his butt on the forum before.

Sorry, it was just too good of a setup to let pass.

Back to top
Profile PM
Back to top

Login to post a reply

Server time is: 2025-05-21 10:01:48
Your offset time is: 2025-05-21 10:01:48