Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x
Author Message
Duke
Regular
Regular


Joined: Jan 09, 2006
Posts: 56
Location: Under your bed

PostPosted: Mon May 15, 2006 11:15 pm Reply with quote

I'm getting new members from raph.us and angelacrosby.com (I believe). I believe their bots because all they do is register in order to try and spam my comments areas (which are all de-activated anyway).

Not that they can do much other than register and pad my memberslist but I'd rather that they can't register at all. I've tried banning via the last part of the e-mail they use such as:

*raph.us* in all variations, but it never seems to work.

This isn't to say that I'm not a complete tard when it comes to banning via e-mail but does someone here have a suggestion on how to make it harder for these bots/tards/kiddies/whatever to not be able to register?

BTW, I'd rather not have to confirm new member activation if possible and/or have to block these usernames/IP's/etc., manually each and every time. If I can automate this somehow, that would be great.

Thanks.

Ken
 
View user's profile Send private message Send e-mail Visit poster's website
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Tue May 16, 2006 7:36 am Reply with quote

Do they use the same IP or IP's in the same range? If so you can ban the IP's or the range of IP's easily in Sentinel. If not maybe you could look in the logs and see if they use a common user agent (as I believe many bots do) and ban it thru the Harvester settings in Sentinel. The risk here is that you might ban legitimate users.
 
View user's profile Send private message Visit poster's website
Duke
PostPosted: Tue May 16, 2006 10:47 am Reply with quote

fkelly wrote:
Do they use the same IP or IP's in the same range? If so you can ban the IP's or the range of IP's easily in Sentinel. If not maybe you could look in the logs and see if they use a common user agent (as I believe many bots do) and ban it thru the Harvester settings in Sentinel. The risk here is that you might ban legitimate users.


I've seen as many as 18 different IP's, not too sure about the range but I'm guessing it's pretty large considering the IP's come through different countries or at least, are identified by Sentinal with numerous country flags per user.

As you mentioned above, I am worried about banning legitimate users but I'll do some more checking into the user agent angle.

Thanks.
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Wed May 17, 2006 6:21 am Reply with quote

You may also want to try the String blocker in Sentinel. I haven't done this, so not 100% certain it will work, but just make sure you use enough of the string so that you don't inadvertantly ban "regular folks".

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
fkelly
PostPosted: Wed May 17, 2006 7:10 am Reply with quote

Montego, I looked at the help screen for string blockers and it seems to imply that we are talking about strings inside of queries. So I didn't think that a partial match for an email address would necessarily be in there. Maybe one of the Sentinel experts could clarify this?
 
montego
PostPosted: Wed May 17, 2006 7:42 am Reply with quote

What I am thinking is that these will show up in the strings (GET/POST) when the bot tries to register since they have to provide their email address.
 
fkelly
PostPosted: Wed May 17, 2006 7:52 am Reply with quote

Oh darn, that's right Montego. I didn't think of that! But I do have an idea for your problem of block code within a span that I'll be testing out whenever I can put a couple of hours together Smile Not to change the subject of course.

Of course getting back to the topic if they can change IP's so freely they can also get other email addresses and there's no absolute way to keep them out. What we really need is an Approve Membership light that doesn't change the users table structure or have any effect on Forum code and that could be built into the core of a future version of RN. And even that is not foolproof.
 
Duke
PostPosted: Wed May 17, 2006 11:11 am Reply with quote

montego wrote:
You may also want to try the String blocker in Sentinel. I haven't done this, so not 100% certain it will work, but just make sure you use enough of the string so that you don't inadvertantly ban "regular folks".


That never ocurred to me either but I'll definately give it a try. There's nothing more painful than having to monitor all user IP activity over the past week to ensure everyone is on the up and up. Confused
 
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Thu May 18, 2006 2:06 pm Reply with quote

ok this may seem like a n00b statement but what about the gfx_chk to activate function...wouldnt that stop the bots from registering?

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Duke
PostPosted: Fri May 19, 2006 12:01 am Reply with quote

I'm using it and it hasn't seemed to make any difference unless there's 1000 tards from raph.us and angelacrosby.net with nothing to do but register at my site and attempt to spam the comments areas with malicious links.

As soon as I see either of these e-mail extensions, their accounts are locked, usernames, IP's, blocked/banned, etc.
 
montego
PostPosted: Fri May 19, 2006 5:46 am Reply with quote

Duke wrote:
That never ocurred to me either but I'll definately give it a try. There's nothing more painful than having to monitor all user IP activity over the past week to ensure everyone is on the up and up. Confused


Duke, definitely let us know if this worked. Would be very useful information to all. Wink

Thanks!
 
gregexp
PostPosted: Fri May 19, 2006 1:40 pm Reply with quote

CNBYa has a configuration setting within it that will block ne user trying to use an e-mail extension...u could use that and apply the e-mail extension to that blocker...just a thought
 
dirtbag
Regular
Regular


Joined: Nov 09, 2003
Posts: 73

PostPosted: Sun Jun 04, 2006 6:44 pm Reply with quote

i am having the same problem i just noticed as all these names are being registered that last 2 days?? like 500 plus a day... they have spanish email address endings most of them and the ip range is giant....

any ideas on how to block this .. i read above but did you ever figure something out..
 
View user's profile Send private message
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Mon Jun 05, 2006 11:48 am Reply with quote

CNB-YA can block registration by domain, and I also posted a change to the standard YA module that allows you to use the phpBB ban domain list for the same purpose.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
dirtbag
PostPosted: Tue Jun 06, 2006 1:33 am Reply with quote

sorry if i ask a dumb question.. but i dont know what CNB-YA is??? is it s a modified Your Account Module...

Anyways i did searches in my nuke_user and nuke_user_temp and deleted all the members with a % wilcard search as they were using a series of email addresses ending with the same server name... all seemed quiet for a day but now i see its happening again..

muchaho1199
myhouse3614
muchaho5149
myhouse4179
drakula4963
drakula1798

these are some names above where the numbers are just different at the end

and the emails are ending like this
Only registered users can see links on this board! Get registered or login! Only registered users can see links on this board! Get registered or login! Only registered users can see links on this board! Get registered or login! Only registered users can see links on this board! Get registered or login! Only registered users can see links on this board! Get registered or login!

anyway to ban these... any help appreciated..
 
kguske
PostPosted: Tue Jun 06, 2006 4:21 am Reply with quote

Yes, it's a modified YA module. If you search the forums here you can find a link, or you can also find a link of a post I wrote that shows how to modify the standard YA to use phpBB's ban control table to do the same thing.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©