2
This is the first time I hear of that.
Do you enforce during registration that the user has to confirm his email? If not, you should!
Are these two sharing same or similar IP address? If yes, you could block it
And how do you know that it was a bot, and not a person who first registered with your website, and who is paid for promoting some stuff?
Do you enforce during registration that the user has to confirm his email? If not, you should!
Are these two sharing same or similar IP address? If yes, you could block it
And how do you know that it was a bot, and not a person who first registered with your website, and who is paid for promoting some stuff?
3
Hello,
On my Xoops site, since 1 month or less, i found 2 weird messages posted on the forum. After investigation, they are from bots. The posts are almost legit but they are out of touch.
The anti spamm was very efficient but it seems IA bots found a way to pass through.
Have you already experienced this ? How to preserve ourselves from this plague ?
Thank you in advance.
https://kiffmembers.org << My Xoops Site since 2006 or something.
On my Xoops site, since 1 month or less, i found 2 weird messages posted on the forum. After investigation, they are from bots. The posts are almost legit but they are out of touch.
The anti spamm was very efficient but it seems IA bots found a way to pass through.
Have you already experienced this ? How to preserve ourselves from this plague ?
Thank you in advance.
https://kiffmembers.org << My Xoops Site since 2006 or something.
4
It's a crawler (+https://developers.facebook.com/docs/sharing/webmasters/crawler).
Use htaccess rules to block.
Use htaccess rules to block.
6
Happy holidays,
Just dropping a note that if anyone comes looking for me I can be found over that https://ultranet.domains. Still the same great hosting company, just ditched the .com.
Been a minute since I dropped in on the Xoops crowd. Looks nice over here.
Cheers!
--Terrion
Just dropping a note that if anyone comes looking for me I can be found over that https://ultranet.domains. Still the same great hosting company, just ditched the .com.
Been a minute since I dropped in on the Xoops crowd. Looks nice over here.
Cheers!
--Terrion
7
Quote:Are you sure this is the only IP causing the load? It might be worth checking other IP addresses or request patterns.
goffy wrote:
hi
because I have currently a lot of spam registrations I checked my server access log and found one log very often:
Quote:57.141.0.19 - - 06/Dec/2024:21:33:35 +0100 "GET /modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/newbb/report.php?forum=18&topic_id=12229&post_id=66633 HTTP/1.0" 200 15200 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)"
It seems that someone is using xoops_redirect to burden my system on the site, maybe to make spam registration possible, I dont know.
but my question: how to treat this problem? would it make sense to implement a filter to remove the additional xoops_redirect in order to avoid looping?
what do you think
9
You might limit registrations by forcing them for your approval. Once you see where they are coming from, you can ban the IP or email addresses
You could also add CAPTCHA to registration.
Other ways to consider
1) ModSecurity Rule (if you use ModSecurity):
2) URL Rewriting Solution (Apache):
3) Other possible options:
- Implement rate limiting for requests containing xoops_redirect
- Validate redirect URLs against a whitelist
You could also add CAPTCHA to registration.
Other ways to consider
1) ModSecurity Rule (if you use ModSecurity):
# Detect multiple occurrences of xoops_redirect
SecRule ARGS_NAMES "@streq xoops_redirect" "chain,phase:2,deny,status:403,id:1000"
SecRule &ARGS_NAMES:xoops_redirect "@gt 1" 2) URL Rewriting Solution (Apache):
# Keep only the last xoops_redirect parameter
RewriteCond %{QUERY_STRING} xoops_redirect=([^&]+).*xoops_redirect=([^&]+)
RewriteRule ^(.*)$ $1?xoops_redirect=%2 [R=301,L] 3) Other possible options:
- Implement rate limiting for requests containing xoops_redirect
- Validate redirect URLs against a whitelist
10
It is important to update the following modules as soon as possible
xmnews, xmsocial and xmarticle
Ill-intentioned persons could exploit a security flaw. To avoid any risk, please use version 1.8.0 of xmnews, 2.1.1 of xmsocial and 1.5.2 of xmarticle.
Thanks to mcdruid for informing me of the security flaw.
xmnews, xmsocial and xmarticle
Ill-intentioned persons could exploit a security flaw. To avoid any risk, please use version 1.8.0 of xmnews, 2.1.1 of xmsocial and 1.5.2 of xmarticle.
Thanks to mcdruid for informing me of the security flaw.
Login
Search
Recent Posts
Who's Online
Donat-O-Meter
| Stats | |
| Goal: | $100.00 |
| Due Date: | Jan 31 |
| Gross Amount: | $0.00 |
| Net Balance: | $0.00 |
| Left to go: | $100.00 |
 |
|