41
preachur
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2009/12/16 14:22

  • preachur

  • Just can't stay away

  • Posts: 525

  • Since: 2006/2/4 4


To see what happens when a bot scans your XOOPS directories click here:

http://earthcrest.org/unitedpagans/modules

NOTE: Clicking that link will ban you from my test site. (There's nothing happening there right now anyway.)

42
ghia
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2009/12/16 14:36

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Nice link for quickly loosing all your XOOPS friends! (62.235.x.x)

I find it overkill, the least you give away to spammers and hackers the better. A blank page will be sufficient for most cases and is also the most efficient in resources spent.

43
preachur
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2009/12/16 14:43

  • preachur

  • Just can't stay away

  • Posts: 525

  • Since: 2006/2/4 4


Sorry, have been up all night.... I also put that same line in register.php

require_once XOOPS_ROOT_PATH.'/includes/secret.php';

The same place I put it in index.php. I think THAT is what stopped the bot registrations. I did all this 2 weeks ago and I had to go back over it all this morning to remember how I made it work.

Originally I had that line in header.php but for some reason you could still view the site after getting banned. This way it blocks bots from the XOOPS directories that only bots would scan, the main site page and registration page. I imagine adding that line to the index.php in the contact module would do the same thing. Once a bot does it's scan it can no longer access your registration, main page or contact form. GOOD bots will exclude the disallow folders so it only catches those bad bots.

I may work more on the whole thing later, but like I said.... for now it stopped those pesky automatic registrations that were somehow making it past the captchas.

44
ghia
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2009/12/16 14:52

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


From the observed patterns, the bots don't pass at robots.txt or any 'forbidden' files, so your method won't catch them.
Recaptcha seems up to now quite effective.

45
vamptrix
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2009/12/16 15:24

  • vamptrix

  • Theme Designer

  • Posts: 424

  • Since: 2008/5/3 1


Indeed ghia, the standard XOOPS captcha was cracked before it was in the XOOPS core...

46
preachur
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2009/12/16 15:27

  • preachur

  • Just can't stay away

  • Posts: 525

  • Since: 2006/2/4 4


Also, it takes a complete re-write to get this IP trap to work for the contact form module. (I just tested it and changed things around until it worked.)

However, Recaptcha doesn't work for me and when it came to those registrations on my live site this DID stop them. Blocked quite a few IPs so they were obviously scanning some of those directories.

I thought it might be useful to people with the same problem.

PLUS the bots that bypassed my captcha and registered over and over actually logged in and posted a single porn spam comment on a news story each time they registered. According to the "observed patterns" above it doesn't do anything besides register and attempt login.

47
barryc
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2009/12/16 15:33

  • barryc

  • Just can't stay away

  • Posts: 480

  • Since: 2004/3/20


Quote:

barryc wrote:
For the record, I have seen one more spurious registration with the Google URL since incorporating reCaptcha.


Also for the record, I was mistaken in this and have posted a comment to that effect in another thread. My site had reverted back to the standard XOOPS captcha when I upgraded to 2.4.2 because I did not realize that class/captcha/config.php and xoopscaptcha.php had been overwritten, losing the modifications.

I agree that recaptcha seems to be effective. I wanted to undo any impression I might have given that it was not.

barryc

48
ghia
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2009/12/16 15:45

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Quote:
Recaptcha doesn't work for me
Why not?
Quote:
Indeed ghia, the standard XOOPS captcha was cracked before it was in the XOOPS core
No, don't exagerate! The automated registrations that bypass the regular captcha is only a phenomem dating from a few months ago.
The captcha is dating from mid 2007.

49
Peekay
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2009/12/16 22:45

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


Quote:

robstockley wrote:
// pk block access without referer

This hack will break the self activation process for new users.

No it won't. The email activation makes a request of a different file to activate the account.

50
robstockley
Re: Mass user registrations.... bots perhaps? Anyone else getting these?

Quote:
No it won't. The email activation makes a request of a different file to activate the account.

But the activation request comes after the referrer check. A user clicking though from the registration email will have no referrer. I must be missing something obvious here :(

Login

Who's Online

287 user(s) are online (174 user(s) are browsing Support Forums)


Members: 0


Guests: 287


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits