Forum spammers are back

Here you may share your feedback on any of the online services we provide, or report technical issues that you may have encountered.

Moderator: Staff

User avatar
Roots
Dictator
Posts: 8666
Joined: Wed Jun 16, 2004 6:07 pm
Location: Austin TX
Contact:

Forum spammers are back

Postby Roots » Mon Feb 02, 2009 8:23 pm

They've returned :axe:

A newly registered forum member just posted explicit sexual photographs in a new thread in the programming forum. Worse yet I actually opened the post at work, but I don't think anyone saw it thankfully. I promptly deleted both the user and the post. I've been noticing that we seem to have an odd influx of new forum members over the past week and I've grown suspicious about it and this damn near confirms it. I guess phpBB3's captcha system has been cracked? Or maybe its just because we're slightly out of date.


Raul, would you care to learn how to upgrade the forums? I can grant you administrator privileges and be with you on IRC while you go through the process in case you need any help. Hopefully this is a short term problem and we won't get a bunch of spam again...
Image
User avatar
gorzuate
Developer
Posts: 2575
Joined: Thu Jun 17, 2004 3:03 am
Location: Hermosa Beach, CA
Contact:

Re: Forum spammers are back

Postby gorzuate » Mon Feb 02, 2009 8:54 pm

:ohnoes:
Image
marcos
Newbie
Posts: 4
Joined: Thu May 17, 2007 7:21 pm
Location: Braço do Norte, SC, Brazil
Contact:

Re: Forum spammers are back

Postby marcos » Mon Feb 02, 2009 8:59 pm

I also had noticed that the newest user was strange... it did state "xRumer" as its location, which, as http://en.wikipedia.org/wiki/XRumer states, is a spambot able to bypass Hotmail and Gmail's captchas. Maybe this one too, sadly :|
(aka marcavis @ #allacrost)
User avatar
Roots
Dictator
Posts: 8666
Joined: Wed Jun 16, 2004 6:07 pm
Location: Austin TX
Contact:

Re: Forum spammers are back

Postby Roots » Mon Feb 02, 2009 9:07 pm

Thanks for pointing that out marcos, that's good information to know.
Image
User avatar
Roots
Dictator
Posts: 8666
Joined: Wed Jun 16, 2004 6:07 pm
Location: Austin TX
Contact:

Re: Forum spammers are back

Postby Roots » Mon Feb 02, 2009 10:06 pm

Just deleted another one. Yup, they're back. This latest one had a gmail account.
Image
marcos
Newbie
Posts: 4
Joined: Thu May 17, 2007 7:21 pm
Location: Braço do Norte, SC, Brazil
Contact:

Re: Forum spammers are back

Postby marcos » Mon Feb 02, 2009 10:14 pm

Do they give out good EXP? :D
(aka marcavis @ #allacrost)
Raul23
Newbie
Posts: 18
Joined: Mon Nov 24, 2008 6:05 pm

Re: Forum spammers are back

Postby Raul23 » Tue Feb 03, 2009 6:29 am

AWESOME exp. I just took out two with assists by marcavis_--a few more and I may level up.
Winter Knight
Contributor
Posts: 304
Joined: Fri Sep 21, 2007 12:35 pm
Contact:

Re: Forum spammers are back

Postby Winter Knight » Tue Feb 03, 2009 4:36 pm

Here's another one: viewtopic.php?f=2&t=2112
User avatar
Roots
Dictator
Posts: 8666
Joined: Wed Jun 16, 2004 6:07 pm
Location: Austin TX
Contact:

Re: Forum spammers are back

Postby Roots » Wed Feb 04, 2009 6:30 pm

Here's an update on what's going on with the spam battle.

* Raul23 and I are working together to find a solution.

* First we need to update the forums to the latest version to see if that fixes the problem. Unfortunately phpbb's website was attacked recently (on a completely unrelated security vulnerability) and they are still recovering. I'm not sure if the patch that we need is available or not right now, so we're kind of waiting.

* If the update fails to stop the problem, we may need to install additional security plug-ins to the forums. Raul23 is looking into this in advance to see if other phpbb3 forums have been under attack.

* I think I've deleted a total of 10 users in the past 48 hours. Other new users are questionable.

* I've been considering disabling new forum registrations until we have this problem under control. And I might go ahead and delete all of our most recent new members who have not yet made a post just to be on the safe side. If I do this, I'll send an e-mail giving notice of this in advance so any valid people will have an opportunity to protest their deletion before it happens.

* I'll update our website with news about this and other things later today.
Image
Raul23
Newbie
Posts: 18
Joined: Mon Nov 24, 2008 6:05 pm

Re: Forum spammers are back

Postby Raul23 » Thu Feb 05, 2009 6:39 am

Ok, here's what I've got (some pastings from IRC):

#phpbb
<Raul23> another question, we're currently under intense forum spamming--will updating to 3.0.4 solve this issue or are updated forums experiencing this as well?
<cs278> Raul23, we have observed increasing spam problems
<Raul23> ah
<Raul23> so updating to 3.0.4 won't necessarily stop that then?
<cs278> In 3.0.4 you can set all posts from users with less than x number of posts to be placed on the moderation queue
<Raul23> ah
<cs278> and you should really upgrade anyway ;)
<Raul23> yeah, I'm planning to


#allacrost
<Raul23> the automatic update files are still online at the back up site, but I just found this thread: http://72.14.235.132/search?q=cache:ElK ... =clnk&cd=2
<Raul23> apparently, you can't update from 3.0 to 3.0.4 automatically
<Raul23> it seems that we don't need to wait for the php site to come back online, but I'm not yet sure how exactly to proceed
<Raul23> stevemaury wrote:Do you have any MODs? If not, just upload the full version of 3.0.4 EXCEPT the config.php file. Then browse to install/database-update.php and then delete the install folder.
<Raul23> just to correct these directions, the address to browse to after copying files is: install/database_update.php
<Raul23> that's from that thread I linked to
<Raul23> so, do we have any mods that we need to worry about?
<Raul23> even so, I'm guessing it won't be a big deal to reinstall the ones, if any, that we have, rather than going through three different forum updates
<rujasu> As for forum mods, I don't think we have any, unless the custom forum skin counts.
<rujasu> (In which case, we should make sure we know how to reinstall it, because it was set up by our previous team manager.)


So, we can get going as soon as we want to on installing the update (basically a full install of 3.0.4) as soon as we're sure we won't cause any serious problems with our current settings and configurations. If there will be too many problems caused by a full install, then we can perform three different automatic updates (i.e., 3.0 to 3.0.2, 3.0.2 to 3.0.3, 3.0.3 to 3.0.4).

So, let's decide how best to proceed. And, can I get a FTP account so I can access our server to update the files?
User avatar
gorzuate
Developer
Posts: 2575
Joined: Thu Jun 17, 2004 3:03 am
Location: Hermosa Beach, CA
Contact:

Re: Forum spammers are back

Postby gorzuate » Thu Feb 05, 2009 6:49 pm

I could have sworn we had a bunch of forum mods, including one for the captcha system (though I might be thinking of an older version of the forum software), but I can't think of them off the top of my head :huh:
Image
User avatar
Roots
Dictator
Posts: 8666
Joined: Wed Jun 16, 2004 6:07 pm
Location: Austin TX
Contact:

Re: Forum spammers are back

Postby Roots » Thu Feb 05, 2009 7:50 pm

I thought phpbb3 had a captcha system installed by default.

I'll try to hop on sometime tonight Raul so we can get going with this, and I'll get you a FTP account and anything else you may need. But I might not have time tonight so we may have to do it tomorrow.
Image
User avatar
Roots
Dictator
Posts: 8666
Joined: Wed Jun 16, 2004 6:07 pm
Location: Austin TX
Contact:

Re: Forum spammers are back

Postby Roots » Fri Feb 06, 2009 7:44 pm

FYI, I just went through and deleted all newly registered spam accounts as I said I would. Hopefully this weekend we'll fix the forums and re-enable registration again.
Image
User avatar
Drakkoon
Developer
Posts: 173
Joined: Thu Jan 11, 2007 12:54 am
Location: Montréal, Qc

Re: Forum spammers are back

Postby Drakkoon » Mon Feb 09, 2009 7:00 am

What version of phpbb3 are we running at the moment? I could try to re-write my old anti-spam modification for phpbb3. It shouldn't be too hard and it fools most bots. (They could easily beat it with some thinkering, but just to beat a custom anti-spam filter? From a random forum -- I'm assuming this bot attacks all phpbb3 forums)
Raul23
Newbie
Posts: 18
Joined: Mon Nov 24, 2008 6:05 pm

Re: Forum spammers are back

Postby Raul23 » Mon Feb 09, 2009 7:56 am

Hey, we've got 3.0 right now, but we're defo going to be updating to 3.0.4 anyway. Also, from this article marcavis posted in IRC http://www.theregister.co.uk/2008/10/03/captcha_break/ it seems that it could be human sweatshops involved in the breaking of the captchas.

It's a good idea, but only if you want to update it for each new phpbb release.
Raul23
Newbie
Posts: 18
Joined: Mon Nov 24, 2008 6:05 pm

Re: Forum spammers are back

Postby Raul23 » Fri Feb 13, 2009 9:03 pm

Hey, all. I'm now in charge of upgrading the forum and I'll be setting aside Sunday to get down to business on it and will hopefully be able to get it done then.

Gorzuate, I understand that you have some experience in this area, so if you have any advice, suggestions, or info for me, please feel free to share. Thanks.
User avatar
gorzuate
Developer
Posts: 2575
Joined: Thu Jun 17, 2004 3:03 am
Location: Hermosa Beach, CA
Contact:

Re: Forum spammers are back

Postby gorzuate » Sun Feb 15, 2009 9:59 pm

I think last time I did it was about 2 years ago, so I don't remember much about it :| Good luck though (and I hope you have a fast internet connection).
Image
Raul23
Newbie
Posts: 18
Joined: Mon Nov 24, 2008 6:05 pm

Re: Forum spammers are back

Postby Raul23 » Mon Feb 16, 2009 10:34 am

Hey, Gorzuate. All right. Cool.

Ok. I'm going to backup and update the forum now, so it will be down for a little bit.
Raul23
Newbie
Posts: 18
Joined: Mon Nov 24, 2008 6:05 pm

Re: Forum spammers are back

Postby Raul23 » Mon Feb 16, 2009 12:54 pm

Okey dokey. I've updated the forum and re-enabled new user registrations and everything seems to be fine. Users with a post count of less than one will now have their posts qeued, pending moderation.

If the spammers are originating from Indian sweatshops, I'm not sure what we can do about that, aside from help raise their standard of living.
User avatar
Roots
Dictator
Posts: 8666
Joined: Wed Jun 16, 2004 6:07 pm
Location: Austin TX
Contact:

Re: Forum spammers are back

Postby Roots » Tue Feb 17, 2009 3:50 am

Awesome! I'm very happy to have updated forums :bow: The new policy of reviewing the first post of each new member is a good idea as well. :approve:


I don't think our problems are over just yet though. The e-mail account serving as our forum's send/receive address has been getting a few "Mail delivery failed: returning message to sender" e-mails since this morning. So it looks like spammers are still trying to register, but they are failing. This isn't a huge problem right now, but it is cluttering up the team e-mail address with these messages. We either need to figure out how to better prevent registrations from happening or figure out how to direct all incoming e-mail of the nature I described directly to trash.
Image

Return to “Online Services”

Who is online

Users browsing this forum: No registered users and 1 guest