41
seventhseal
Re: To Admin - Spammer Targeting Xoops sites

First off - if they are bots, that's easy - use my XOOP-Stats and block the bots.

However, I have been monitoring traffic by placing my servers nic in promiscuous mode and running snort. I ran snort because they can't spoof their connection. I then placed all comments in admin approval for my XOOPS site, and waited. Sure enough, crap starting coming in with spoofed IP's. I then went to my snort logs and matched all of the posts to the IP detected by snort. Voila - 203.79.69.91 - now, remember, you can't block this in xoops, because the IP the XOOPS sees will be spoofed. You must block at the firewall if you have control. I blocked the range 203.79.69.0/24

Good luck!
John Horne - a.k.a. - VelocityWebDev, Seventhseal, CreepingDeath
**********************************
VelocityWebDev Tech BLOG
VelocityWebHost Hosting and Design

42
Chishiki
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/6/2 12:41

  • Chishiki

  • Just popping in

  • Posts: 1

  • Since: 2006/4/28


Thanks all for getting on this so quick. I found this thread very helpful, and very timely. He (she, they, it... whatever) just hit my sites last week and has been liberally using the comment feature. Thanks again!

(i also just got a crash course in regex)

43
BDW
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/6/2 20:32

  • BDW

  • Quite a regular

  • Posts: 280

  • Since: 2002/9/28


Ive an idea.

How about creating a question on the registration page that the administrator asks.

Such as, "wot is my favorite meal?" and tell them where to find the answer. That way only a HUMAN can answer thus preventing bot sign-ups.

44
davidl2
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/6/2 20:36

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


Perhaps possible with formulize?

45
BDW
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/6/2 20:39

  • BDW

  • Quite a regular

  • Posts: 280

  • Since: 2002/9/28


I was thinking it should be part of the XOOPS core.

46
BDW
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/6/4 11:38

  • BDW

  • Quite a regular

  • Posts: 280

  • Since: 2002/9/28


Another suggestion for Protector users is to install the RBL plugin that comes with Protector (read the PDF docs of Protectors Download page).

This will ban any spam comming from banned IP's listed in the RBL.

47
robstockley
Re: To Admin - Spammer Targeting Xoops sites

Quote:

BDW wrote:
Did you set anti-SPAM: URLs for normal users to 5 within preferences?

Where did you set this? If the answer is within Protector, which version?
Rob

48
jdseymour
Re: To Admin - Spammer Targeting Xoops sites

Version 3.02, 3.03 is current. You can always find the latest at Peak XOOPS Support site.

49
robstockley
Re: To Admin - Spammer Targeting Xoops sites

Can you point me to a guide to updating Protector from v2.57 to v3.x. Is it a directory overwrite or a uninstall/reinstall type affair?

Update: The module comes with clear instructions - thanks.
Update: Worked a treat. 2.57-3.03 as per instructions without a hitch.

50
exbanious
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/6/18 2:02

  • exbanious

  • Not too shy to talk

  • Posts: 113

  • Since: 2004/5/30


This gets even more strange.
I installed captcha on 2.2.* and it seems to work fine. along with protector, it even kept out most register.php spam attempts, as viewed through the protector logs, however, the other day i noticed one registration was completed even with the captcha in place.

they did not activate the account, but it seems odd that they were able to get that far. it was the same username characteristics that have been hitting XOOPS sites lately. new ip sets, of course.


anybody else have this happen?

Login

Who's Online

68 user(s) are online (41 user(s) are browsing Support Forums)


Members: 0


Guests: 68


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Aug 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits