Re: To Admin - Spammer Targeting Xoops sites [XOOPS general usage questions]

41

Re: To Admin - Spammer Targeting Xoops sites

2007/6/2 3:13
seventhseal
Quite a regular
Posts: 253
Since: 2004/8/7 2

First off - if they are bots, that's easy - use my XOOP-Stats and block the bots.

However, I have been monitoring traffic by placing my servers nic in promiscuous mode and running snort. I ran snort because they can't spoof their connection. I then placed all comments in admin approval for my XOOPS site, and waited. Sure enough, crap starting coming in with spoofed IP's. I then went to my snort logs and matched all of the posts to the IP detected by snort. Voila - 203.79.69.91 - now, remember, you can't block this in xoops, because the IP the XOOPS sees will be spoofed. You must block at the firewall if you have control. I blocked the range 203.79.69.0/24

Good luck!

John Horne - a.k.a. - VelocityWebDev, Seventhseal, CreepingDeath
**********************************
VelocityWebDev Tech BLOG
VelocityWebHost Hosting and Design

42

Re: To Admin - Spammer Targeting Xoops sites

2007/6/2 12:41
Chishiki
Just popping in
Posts: 1
Since: 2006/4/28

Thanks all for getting on this so quick. I found this thread very helpful, and very timely. He (she, they, it... whatever) just hit my sites last week and has been liberally using the comment feature. Thanks again!

(i also just got a crash course in regex)

43

Re: To Admin - Spammer Targeting Xoops sites

2007/6/2 20:32
BDW
Quite a regular
Posts: 280
Since: 2002/9/28

Ive an idea.

How about creating a question on the registration page that the administrator asks.

Such as, "wot is my favorite meal?" and tell them where to find the answer. That way only a HUMAN can answer thus preventing bot sign-ups.

44

Re: To Admin - Spammer Targeting Xoops sites

2007/6/2 20:36
davidl2
XOOPS is my life!
Posts: 4843
Since: 2003/5/26

Perhaps possible with formulize?

45

Re: To Admin - Spammer Targeting Xoops sites

2007/6/2 20:39
BDW
Quite a regular
Posts: 280
Since: 2002/9/28

I was thinking it should be part of the XOOPS core.

46

Re: To Admin - Spammer Targeting Xoops sites

2007/6/4 11:38
BDW
Quite a regular
Posts: 280
Since: 2002/9/28

Another suggestion for Protector users is to install the RBL plugin that comes with Protector (read the PDF docs of Protectors Download page).

This will ban any spam comming from banned IP's listed in the RBL.

47

Re: To Admin - Spammer Targeting Xoops sites

2007/6/9 1:00
robstockley
Just popping in
Posts: 44
Since: 2006/11/10

Quote:

BDW wrote:
Did you set anti-SPAM: URLs for normal users to 5 within preferences?

Where did you set this? If the answer is within Protector, which version?
Rob

48

Re: To Admin - Spammer Targeting Xoops sites

2007/6/9 1:09
jdseymour
Friend of XOOPS
Posts: 3782
Since: 2004/11/11

Version 3.02, 3.03 is current. You can always find the latest at Peak XOOPS Support site.

Proactive Support for Sites and Servers

WebServerMasters.com | XOOPS Tutorials

49

Re: To Admin - Spammer Targeting Xoops sites

2007/6/9 1:15
robstockley
Just popping in
Posts: 44
Since: 2006/11/10

Can you point me to a guide to updating Protector from v2.57 to v3.x. Is it a directory overwrite or a uninstall/reinstall type affair?

Update: The module comes with clear instructions - thanks.
Update: Worked a treat. 2.57-3.03 as per instructions without a hitch.

50

Re: To Admin - Spammer Targeting Xoops sites

2007/6/18 2:02
exbanious
Not too shy to talk
Posts: 113
Since: 2004/5/30

This gets even more strange.
I installed captcha on 2.2.* and it seems to work fine. along with protector, it even kept out most register.php spam attempts, as viewed through the protector logs, however, the other day i noticed one registration was completed even with the captcha in place.

they did not activate the account, but it seems odd that they were able to get that far. it was the same username characteristics that have been hitting XOOPS sites lately. new ip sets, of course.

anybody else have this happen?

http://www.customandstock.com

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Re: To Admin - Spammer Targeting Xoops sites

Re: To Admin - Spammer Targeting Xoops sites

Re: To Admin - Spammer Targeting Xoops sites

Re: To Admin - Spammer Targeting Xoops sites

Re: To Admin - Spammer Targeting Xoops sites

Re: To Admin - Spammer Targeting Xoops sites

Re: To Admin - Spammer Targeting Xoops sites

Re: To Admin - Spammer Targeting Xoops sites

Re: To Admin - Spammer Targeting Xoops sites

Re: To Admin - Spammer Targeting Xoops sites

Login

Search

Recent Posts

XOOPS MyMenus 1.54.0 Beta 10

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}