Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
kolla
Hangin' Around


Joined: Apr 20, 2008
Posts: 29

PostPosted: Wed Mar 25, 2009 10:38 pm Reply with quote

Hi guys,

I have Nuke Sentinel 2.5.17 installed in my phpnuke site and
lately I've been having so many strange user registrations in the
site spamming the forums with various ads. (drugs, porn etc.)
I suspect these maybe automated scripts ??
These IPs are mostly from countries such as Ukraine & Russia
where I normally don't expect any legitimate members..

To combat this I have installed and activated an Approve Membership
module to the site. (I also have captcha)
All user registrations come thru this system and I look at each one
and approve as needed.

What happened today is worrying. I have a new user spamming the
forums... and it never went thru the approve membership module !!
Registered today.


Is this a known issue ? If so how can I combat this ?
I apologize my ignorance about many of these security holes..
 
View user's profile Send private message
slackervaara
Worker
Worker


Joined: Aug 26, 2007
Posts: 236

PostPosted: Thu Mar 26, 2009 12:20 am Reply with quote

I have installed bbantispam or Advanced Textual Confirmation and it stopped all spam including Feedback, Chat, Forum etc. To get full protection put the installation code in config.php. bbantispam introduces a question that must be answered correctly, but one only gets it the first time.
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
jakec
Site Admin


Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Thu Mar 26, 2009 1:06 am Reply with quote

Your NS version is very old and you really should upgrade to the latest.

If you check through your logs are you able to see how they did it?

Also have you posted at the authors site?
 
View user's profile Send private message
slackervaara
PostPosted: Thu Mar 26, 2009 1:26 am Reply with quote

I have noticed in 7.6 without Approve Membership that, if registering a member through forum directly activates this member without need of activation mail. It is easy for you to test, if this can be the cause.


Last edited by slackervaara on Thu Mar 26, 2009 1:42 am; edited 1 time in total 
jakec
PostPosted: Thu Mar 26, 2009 1:35 am Reply with quote

In the forums configuration I believe Enable Account Activation should be set to "none".

Can you check this is the case?
 
kolla
PostPosted: Thu Mar 26, 2009 5:13 pm Reply with quote

jakec wrote:
In the forums configuration I believe Enable Account Activation should be set to "none".

Can you check this is the case?


Yes it's set to "None". (3 choices, None, User & Admin)
 
kolla
PostPosted: Thu Mar 26, 2009 5:19 pm Reply with quote

jakec wrote:
Your NS version is very old and you really should upgrade to the latest.

If you check through your logs are you able to see how they did it?

Also have you posted at the authors site?


Yes I'll try to upgrade to the latest.. (hopefully it won't break anything)

Which logs are u refering to ?
I checked Tracked IP Menu/Display Tracked Users/ and the view log
for the user.. but it doesn't seem to show how the user registered.. Rolling Eyes

I didn't understand your last question ?? which authors site did u mean ?

Thanks
 
kolla
PostPosted: Thu Mar 26, 2009 5:20 pm Reply with quote

slackervaara wrote:
I have installed bbantispam or Advanced Textual Confirmation and it stopped all spam including Feedback, Chat, Forum etc. To get full protection put the installation code in config.php. bbantispam introduces a question that must be answered correctly, but one only gets it the first time.
Only registered users can see links on this board! Get registered or login!


Thanks I'll check this out....
Cool
 
kolla
PostPosted: Thu Mar 26, 2009 5:23 pm Reply with quote

slackervaara wrote:
I have noticed in 7.6 without Approve Membership that, if registering a member through forum directly activates this member without need of activation mail. It is easy for you to test, if this can be the cause.


hmmm... not sure what exactly u mean ? Do u mean thru the
forum administration area ? Rolling Eyes
 
slackervaara
PostPosted: Thu Mar 26, 2009 9:53 pm Reply with quote

No. When you are not logged in and view a topic in the forum you will find the alternative register available at the top. It is possible to register as a member through the forum.
 
kolla
PostPosted: Fri Mar 27, 2009 12:23 am Reply with quote

slackervaara wrote:
No. When you are not logged in and view a topic in the forum you will find the alternative register available at the top. It is possible to register as a member through the forum.


For now my site forums are open to registered members only..
so what you mention won't apply right ?
 
slackervaara
PostPosted: Fri Mar 27, 2009 12:28 am Reply with quote

If guests can't read or access the forum they should not be able to register through it.
 
jakec
PostPosted: Fri Mar 27, 2009 1:10 am Reply with quote

If you are using the Approve Membership module then this is the authors site: Only registered users can see links on this board! Get registered or login!
 
kolla
PostPosted: Fri Mar 27, 2009 12:02 pm Reply with quote

jakec wrote:
If you are using the Approve Membership module then this is the authors site: Only registered users can see links on this board! Get registered or login!


oh yes.. I'll try that also... but those forums don't seem to be very active..

BTW, another new member I see today again bypassing the AM Confused
 
jakec
PostPosted: Fri Mar 27, 2009 1:17 pm Reply with quote

If you know their IP address you should be ble to track them through NukeSentinel and see the strings they are using.
 
jakec
PostPosted: Fri Mar 27, 2009 1:19 pm Reply with quote

Can you provide a URL, if you don't want to post it send me a PM.
 
kolla
PostPosted: Fri Mar 27, 2009 2:56 pm Reply with quote

Jake I sent you a detailed PM.
 
kolla
PostPosted: Tue Apr 07, 2009 6:22 pm Reply with quote

slackervaara wrote:
I have installed bbantispam or Advanced Textual Confirmation and it stopped all spam including Feedback, Chat, Forum etc. To get full protection put the installation code in config.php. bbantispam introduces a question that must be answered correctly, but one only gets it the first time.
Only registered users can see links on this board! Get registered or login!


I installed this bbantispam (on top of the APM I already have)
and for few days it was ok.. but today I noticed 2 new users
getting into the system bypassing the APM (and thru the ATC also)

No IPs recorded for these 2 users.. they didn't post anything also..
I'm puzzled... Confused
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©