| Author |
Message |
kolla
Hangin' Around
Joined: Apr 20, 2008
Posts: 29
|
 Posted:
Wed Mar 25, 2009 10:38 pm |
 
|
Hi guys,
I have Nuke Sentinel 2.5.17 installed in my phpnuke site and
lately I've been having so many strange user registrations in the
site spamming the forums with various ads. (drugs, porn etc.)
I suspect these maybe automated scripts ??
These IPs are mostly from countries such as Ukraine & Russia
where I normally don't expect any legitimate members..
To combat this I have installed and activated an Approve Membership
module to the site. (I also have captcha)
All user registrations come thru this system and I look at each one
and approve as needed.
What happened today is worrying. I have a new user spamming the
forums... and it never went thru the approve membership module !!
Registered today.
Is this a known issue ? If so how can I combat this ?
I apologize my ignorance about many of these security holes.. |
|
|
|
|
slackervaara
Worker
Joined: Aug 26, 2007
Posts: 234
|
| Posted:
Thu Mar 26, 2009 12:20 am |
|
I have installed bbantispam or Advanced Textual Confirmation and it stopped all spam including Feedback, Chat, Forum etc. To get full protection put the installation code in config.php. bbantispam introduces a question that must be answered correctly, but one only gets it the first time.
|
|
|
|
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3028
Location: United Kingdom
|
| Posted:
Thu Mar 26, 2009 1:06 am |
|
Your NS version is very old and you really should upgrade to the latest.
If you check through your logs are you able to see how they did it?
Also have you posted at the authors site? |
|
|
|
|
|
slackervaara
Worker
Joined: Aug 26, 2007
Posts: 234
|
| Posted:
Thu Mar 26, 2009 1:26 am |
|
I have noticed in 7.6 without Approve Membership that, if registering a member through forum directly activates this member without need of activation mail. It is easy for you to test, if this can be the cause. |
Last edited by slackervaara on Thu Mar 26, 2009 1:42 am; edited 1 time in total |
|
|
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3028
Location: United Kingdom
|
| Posted:
Thu Mar 26, 2009 1:35 am |
|
In the forums configuration I believe Enable Account Activation should be set to "none".
Can you check this is the case? |
|
|
|
|
|
kolla
Hangin' Around
Joined: Apr 20, 2008
Posts: 29
|
| Posted:
Thu Mar 26, 2009 5:13 pm |
|
| jakec wrote: | In the forums configuration I believe Enable Account Activation should be set to "none".
Can you check this is the case? |
Yes it's set to "None". (3 choices, None, User & Admin) |
|
|
|
|
|
kolla
Hangin' Around
Joined: Apr 20, 2008
Posts: 29
|
| Posted:
Thu Mar 26, 2009 5:19 pm |
|
| jakec wrote: | Your NS version is very old and you really should upgrade to the latest.
If you check through your logs are you able to see how they did it?
Also have you posted at the authors site? |
Yes I'll try to upgrade to the latest.. (hopefully it won't break anything)
Which logs are u refering to ?
I checked Tracked IP Menu/Display Tracked Users/ and the view log
for the user.. but it doesn't seem to show how the user registered.. 
I didn't understand your last question ?? which authors site did u mean ?
Thanks |
|
|
|
|
|
kolla
Hangin' Around
Joined: Apr 20, 2008
Posts: 29
|
| Posted:
Thu Mar 26, 2009 5:20 pm |
|
| slackervaara wrote: | I have installed bbantispam or Advanced Textual Confirmation and it stopped all spam including Feedback, Chat, Forum etc. To get full protection put the installation code in config.php. bbantispam introduces a question that must be answered correctly, but one only gets it the first time.
|
Thanks I'll check this out....
 |
|
|
|
|
|
kolla
Hangin' Around
Joined: Apr 20, 2008
Posts: 29
|
| Posted:
Thu Mar 26, 2009 5:23 pm |
|
| slackervaara wrote: | | I have noticed in 7.6 without Approve Membership that, if registering a member through forum directly activates this member without need of activation mail. It is easy for you to test, if this can be the cause. |
hmmm... not sure what exactly u mean ? Do u mean thru the
forum administration area ? |
|
|
|
|
|
slackervaara
Worker
Joined: Aug 26, 2007
Posts: 234
|
| Posted:
Thu Mar 26, 2009 9:53 pm |
|
No. When you are not logged in and view a topic in the forum you will find the alternative register available at the top. It is possible to register as a member through the forum. |
|
|
|
|
|
kolla
Hangin' Around
Joined: Apr 20, 2008
Posts: 29
|
| Posted:
Fri Mar 27, 2009 12:23 am |
|
| slackervaara wrote: | | No. When you are not logged in and view a topic in the forum you will find the alternative register available at the top. It is possible to register as a member through the forum. |
For now my site forums are open to registered members only..
so what you mention won't apply right ? |
|
|
|
|
|
slackervaara
Worker
Joined: Aug 26, 2007
Posts: 234
|
| Posted:
Fri Mar 27, 2009 12:28 am |
|
If guests can't read or access the forum they should not be able to register through it. |
|
|
|
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3028
Location: United Kingdom
|
| Posted:
Fri Mar 27, 2009 1:10 am |
|
If you are using the Approve Membership module then this is the authors site: |
|
|
|
|
|
kolla
Hangin' Around
Joined: Apr 20, 2008
Posts: 29
|
| Posted:
Fri Mar 27, 2009 12:02 pm |
|
| jakec wrote: | | If you are using the Approve Membership module then this is the authors site: |
oh yes.. I'll try that also... but those forums don't seem to be very active..
BTW, another new member I see today again bypassing the AM  |
|
|
|
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3028
Location: United Kingdom
|
| Posted:
Fri Mar 27, 2009 1:17 pm |
|
If you know their IP address you should be ble to track them through NukeSentinel and see the strings they are using. |
|
|
|
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3028
Location: United Kingdom
|
| Posted:
Fri Mar 27, 2009 1:19 pm |
|
Can you provide a URL, if you don't want to post it send me a PM. |
|
|
|
|
|
kolla
Hangin' Around
Joined: Apr 20, 2008
Posts: 29
|
| Posted:
Fri Mar 27, 2009 2:56 pm |
|
Jake I sent you a detailed PM. |
|
|
|
|
|
kolla
Hangin' Around
Joined: Apr 20, 2008
Posts: 29
|
| Posted:
Tue Apr 07, 2009 6:22 pm |
|
| slackervaara wrote: | I have installed bbantispam or Advanced Textual Confirmation and it stopped all spam including Feedback, Chat, Forum etc. To get full protection put the installation code in config.php. bbantispam introduces a question that must be answered correctly, but one only gets it the first time.
|
I installed this bbantispam (on top of the APM I already have)
and for few days it was ok.. but today I noticed 2 new users
getting into the system bypassing the APM (and thru the ATC also)
No IPs recorded for these 2 users.. they didn't post anything also..
I'm puzzled... |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::