Page Index Toggle Pages: [1] 2 
Topic Tools
Very Hot Topic (More than 25 Replies) Fake Users Already? (Read 8,618 times)
UVT
YaBB Newcomer
*
Offline



Posts: 11
Location: USA
Fake Users Already?
Mar 22nd, 2012 at 9:25pm
Post Tools
Hi, we have not yet exposed the board to the public, nor to the search engines and our board it is only accessable via our member-only area of a new community just started this weekend.

Yet we are already getting people trying to fake us into approving them as a member.

Does anyone know how and why this might be? is there a security flaw in yabb?

Thank you.
  
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Online



Posts: 1,726
Location: Los Angeles

YaBB 2.4
Re: Fake Users Already?
Reply #1 - Mar 23rd, 2012 at 1:09am
Post Tools
I don't believe this is a security flaw in YaBB. Instead, I'm pretty sure that spammers look for standard forum names, and the YaBB.pl file is easy to find.

Thankfully, it's pretty easy to keep spammers from registering. †Smiley

Edited:
By the way, your forum looks very nice.  Wink
« Last Edit: Mar 23rd, 2012 at 1:14am by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Online



Posts: 2,476
Location: Earth

YaBB 2.6.1
Re: Fake Users Already?
Reply #2 - Mar 23rd, 2012 at 3:06am
Post Tools
There aren't that many forum software packages - so all they have to do is look for the main file name associated with that forum.
I have one site that has only two inbound links and the moment those links went up my forum got hit with 200+spam registration attempts a day. (I have all the anti-spam stuff already in place so that takes care of a lot of it, but I'm still looking at 200+ attempts to register with bad info every day.)

I was getting 50 attempts a day before the site even got those links. (what mystifies me is technically it was an 'orphan directory'- unattached to anything else on the internet and they still found it.
« Last Edit: Mar 23rd, 2012 at 3:09am by Dandello »  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
westwegoman
Ex Member
**




YaBB 2.5.2
Re: Fake Users Already?
Reply #3 - Mar 23rd, 2012 at 6:11am
Post Tools
I would strongly recommend the spam fruits mod or the Anti-Spam Question V0.2 for YaBB 2.5.

Since Iíve installed the Anti-Spam question mod with a question on my local area, it has stopped them in their tracks. Before that, I was ready to give up. They were driving me nuts.
  
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Online



Posts: 1,726
Location: Los Angeles

YaBB 2.4
Re: Fake Users Already?
Reply #4 - Mar 23rd, 2012 at 6:22am
Post Tools
If you're using YaBB 2.4 as I am, you can easily stop spammers without installing any mods by following these instructions.

We're now averaging around 500 attempted spam registrations about every hour or so, and not a single spammer has been able to successfully register.
Edited:
The same here. The number of spam registration attempts that show up in my error log do not show up in the registration log.
Dandello wrote on Mar 23rd, 2012 at 2:50pm:
I should add that the number of spam registration attempts in the 'orphan site' is what shows up in my error log, not the registration log.
...

Sweet!Smiley

To those of you who are working on the next version of YaBB, I'm hoping you'll incorporate the anti-spam mods that seem to be working for YaBB 2.5; you know; provide us with those options in the Admin Center.

Edited:
More accurately, the approximately 500 spam registration attempts made each hour of the day or so are repeated attempts by much fewer spam-bots, i.e., each respective spam-bot makes repeated attempts that fail each time.

Human bots, or "hu-bots" as I think JonB coined the term in this post (the first time I've known anybody to use that terminology), are easily stopped by implementing admin approval for registrations.

« Last Edit: Mar 23rd, 2012 at 4:24pm by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
BloodyRue
Junior Member
**
Offline



Posts: 83

None
Re: Fake Users Already?
Reply #5 - Mar 23rd, 2012 at 12:32pm
Post Tools
Within a few days of my initial setup I was getting spammers.

Most of  that seemed to be coming from Yandex with people searching for "Powered by YaBB"

  

† †
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Online



Posts: 2,476
Location: Earth

YaBB 2.6.1
Re: Fake Users Already?
Reply #6 - Mar 23rd, 2012 at 2:50pm
Post Tools
I should add that the number of spam registration attempts in the 'orphan site' is what shows up in my error log, not the registration log. One gets through to admin approval about once a month - which is about the same for my other sites. Between stopforumspam and the antispam quiz with custom questions, not many get through to need my attention.
  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
BloodyRue
Junior Member
**
Offline



Posts: 83

None
Re: Fake Users Already?
Reply #7 - Mar 23rd, 2012 at 8:48pm
Post Tools
If you make YAMMS a registration requirement it definitely knocks them off your board.

StopForum Spam mod by Derek will nix almost all of them if you don't do the above.

The Xcapban mod I am working on kills a huge pile of xrumer users.

Placing: KKman and Xpymep in the admin guardian harvester ban section works great also.

The most effective thing I found  was adding an entire set of China, and Russia IP blocks to my htaccess file.

I have 8 other spammers that actually registered manually and attempted to spam my board but were stopped by YaBB's speed  posting admin settings.

I have yet to see an actual spam message placed on my boards since installing YaBB, whereas, my wwwboard setups had thousands posted.

I don't need anything else probably, but I know spamfruits and the other anti-spam mods will work also.
  

† †
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Online



Posts: 1,726
Location: Los Angeles

YaBB 2.4
Re: Fake Users Already?
Reply #8 - Mar 24th, 2012 at 2:25am
Post Tools
Obviously depending on how much legitimate traffic from China you may want to have on your site (& in your forum), even from Russia, you may want to be careful about banning entire blocks of IP addresses.

In the entertainment industry, for instance, China is the fastest growing market out there, and potentially very lucrative.

The irony about banning IP addresses is that they are virtually limitless, so as long as you implement effective spam blocking, what's the real point of banning IP addresses en masse?
  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
BloodyRue
Junior Member
**
Offline



Posts: 83

None
Re: Fake Users Already?
Reply #9 - Mar 24th, 2012 at 2:28am
Post Tools
Pointless bandwidth and efforts on my part vetting them all.
  

† †
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Online



Posts: 1,726
Location: Los Angeles

YaBB 2.4
Re: Fake Users Already?
Reply #10 - Mar 24th, 2012 at 2:51am
Post Tools
That's the great thing about YaBB's spam blocking mods, or however else you automatically stop the spam, there's virtually no vetting to do. But unless it's automated, attending to IP addresses takes a lot of vetting, which I prefer not to do.

As for bandwidth, I believe this is dependent on the amount of spam attempts that hit your forum. Whether or not spam is blocked, the bandwidth should roughly be the same. Spammers will still generate bandwidth.

But what do I know?  Roll Eyes

The only thing I know for sure with our forum is that banning IP addresses did virtually nothing to stop spammers from attempting to register.

Sure, banned IP addresses as I once entered them by the dozens each and every day blocked them from registering, but these same spammers simply used other IP addresses, which are virtually limitless for them.

But after we implemented some easy-to-edit anti-spam captcha changes, we no longer had to ban IP addresses, not did we have to clear them from our registration log.
  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
UVT
YaBB Newcomer
*
Offline



Posts: 11
Location: USA
Re: Fake Users Already?
Reply #11 - Apr 6th, 2012 at 12:13am
Post Tools
Many thanks Bill. Followed your spam hack below to the T and after upload we no longer could access our board.

Placed back our saved copies and forum is back live. Any idea why your changes killed the YaBB.pl access?

  
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Online



Posts: 1,726
Location: Los Angeles

YaBB 2.4
Re: Fake Users Already?
Reply #12 - Apr 6th, 2012 at 3:30am
Post Tools
UVT wrote on Apr 6th, 2012 at 12:13am:
Many thanks Bill. Followed your spam hack below to the T and after upload we no longer could access our board.

Placed back our saved copies and forum is back live. Any idea why your changes killed the YaBB.pl access?


Just to be clear, credit for this anti-spam hack should go to ggn (referenced here). I'm simply a big supporter of it because of how well it's worked for me.

Edited:
Edited to input the correct address for the full, and more accurate instructions for implementing ggn's anti-spam hack to stop spam bots cold!

Evidently it only takes one mistake to mess up a forum. I'm only guessing, but maybe there was an error in the text that you changed. Or maybe the uploading of the edited files were uploaded in ASCII text. I think that's how those files are supposed to be uploaded.

Edited:
Yes, those edited files should be uploaded in ASCII - no binary.

In any case, maybe you can just edit the Register.lng file, and see how that works. If that works, then one file at the time until all are uploaded.

For future reference, ideally, I think one of the anti-spam mods is the best way to go if you know how to install mods, which I haven't yet learned.

By the way, I'm really glad that you had backups available to use. Very wise!
« Last Edit: Apr 6th, 2012 at 7:31am by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Online



Posts: 1,726
Location: Los Angeles

YaBB 2.4
Re: Fake Users Already?
Reply #13 - Apr 6th, 2012 at 4:52am
Post Tools
Regarding the possible editing mistake that you may have made, my gut is telling me that instead of typing <br /> you may have typed <br/> without the necessary space between r and /. This would be an error that could cause your forum to stop working.

Unfortunately, this forum doesn't allow us to make corrections or updates to our posts, so I'm not able to more correctly describe in this post what might help to make things more clear.

Edited:
Edited to update a post address here in this forum that has better information.

As such, please make a careful note of the following code so that you can duplicate it exactly as it should be written:

Code
Select All
'casewarning' => 'Please type exactly what text appears in the image.<br />The characters must be typed in the same order,<br />and they are case-sensitive.',

Change to:

'casewarning' => 'Please type exactly what text appears in the image,<br />without the first two and last two characters.<br />The characters must be typed in the same order,<br />and they are case-sensitive.',
 


By the way, subsequent to the editing that I did with this anti-spam hack, I decided I wanted to add bold type to without the first two and last two characters. I did this so people could see this important instruction better.

If you want bold to show up, then the following text is what you'll want to use:

Code
Select All
'casewarning' => 'Please type exactly what text appears in the image,<br /><strong>without the first two and last two characters.</strong><br />The characters must be typed in the same order,<br />and they are case-sensitive.',
 


The result of the code below will be as follows on the registration page:

Your Verification Code is:
Please type exactly what text appears in the image,
without the first two and last two characters.
The characters must be typed in the same order,
and they are case-sensitive.

Good luck.

Edited:
Edited to add an update code with an explanation.
« Last Edit: Apr 6th, 2012 at 5:23pm by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
UVT
YaBB Newcomer
*
Offline



Posts: 11
Location: USA
Re: Fake Users Already?
Reply #14 - Apr 6th, 2012 at 2:25pm
Post Tools
Hi Bill, thanks again. Ok so we tried just the Register.lng and added the code just as it is...this is the error we got...

Untrapped Error :
syntax error at ./Languages/English/Register.lng line 180, near ");" Compilation failed in require at ./Sources/Subs.pl line 1660. Compilation failed in require at YaBB.pl line 147.

Sorry to be a pain but this seems to not work for some reason.

  
Back to top
 
IP Logged
 
Page Index Toggle Pages: [1] 2 
Topic Tools