101
trabis
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/25 17:41

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


Quote:

barryc wrote:
trabis,

could you write up how you added stopforumspam into Protector?



Protector new version will be released with xoops 2.5.2 very soon

102
trabis
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/27 19:53

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


Stopforumspam is very effective but still does not solve 100% the registration spam.
Spammers that are not reported in their database still make their way in.
I'm now testing a preload based on HTTP_REFERER as sugested by peekay/barryc.
I'll let you know how it goes :)

103
barryc
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/27 21:40

  • barryc

  • Just can't stay away

  • Posts: 480

  • Since: 2004/3/20


Wouldn't you know it, after saying the other day that I was still not getting any spam registrations, I got one this morning. Because my site does not get that many genuine registrations, I have it set up such that I have to approve new registrations. It is usually not too difficult to spot the spam. The one this morning gave an address in NSW, Australia, but the country was actually in Chinese characters, plus the email address was in China. I didn't approve that one. It was an exception and I can still say I get very few registration notifications that are not genuine.

I guess the moral of the story is that nothing is perfect. I suspect the one I got this morning was from a human but I haven't checked the logs to see if it looks like a bot.

barryC

104
trabis
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/27 22:05

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


@barryc,
can you please enter the spammer email/IP/Name in the top search box:
http://www.stopforumspam.com/

This way you can tell if it would be blocked by sfs. If so, using new protector module would be good addition for you.

Btw, the preload has already blocked one registration attempt that was not reported by sfs. Actually, 4 but from same IP.

105
barryc
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/27 22:53

  • barryc

  • Just can't stay away

  • Posts: 480

  • Since: 2004/3/20


@trabis,

yes, it is there, got 8 hits as a matter of fact, all with different IP addresses but with the same email. Even the user ID was the same (for 7 of them) as was used on my site.

Will the new version of Protector only run on Xoops 2.5.2? I'm still using 2.4.4, mainly because I'm afraid of breaking some of the modules on my site if I update.

barryC

106
trabis
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/27 23:01

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


@Barry, you should wait for 2.5.2 Final before update your website.

I've now realized that this version of protector requires 2.5.x because it has a new admin menu.

107
engelseboer
Fake registrations.... bots perhaps! Please Help
  • 2011/10/26 23:06

  • engelseboer

  • Just popping in

  • Posts: 1

  • Since: 2011/10/26


Hi Dante,

How did you accomplish the 2 part registration

I (and others) are being inundated with Bot registraitions
We run databases (AnimalPedigree) that use xoops (mine runs xoops 2.4.5)

These people are perpetually registering (10 times a day) as loan or credit or cash .... accounts/usernames

Listing usernames as not allowed that contain these words has failed and are still registered

I have tried forcing the requirement for admin authorization, but this is bypassed too

they are authorized before i ever get to see the e-mail request

I'd like some system of preventing such things

hope you or someone can help please
I am NOT xoops literate and only mildly PC literate

Regards
Malcolm

108
wishcraft
Re: Fake registrations.... bots perhaps! Please Help

Just install Xortify, it will stop the spammers and spammer bots as well as harvester.

Make sure you are using http://xortify.chronolabs.coop it is the primary in the multi node honeypot. You will have to use this one before registering.

It will change this when the cron runs. You might also want to put the cron time up the services are quiet stable now.
Resized Image
www.ohloh.net/accounts/226400

Follow, Like & Read:-

twitter.com/SimonXaies
github.com/Chronolabs-Cooperative
facebook.com/SimonSXaies

109
Dante7237
Re: Fake registrations.... bots perhaps! Please Help
  • 2011/10/27 14:32

  • Dante7237

  • Friend of XOOPS

  • Posts: 294

  • Since: 2008/5/28


The 2 part registration is enabled by allowing the "complimentary" form in preferences.

Also, in your php.ini file located "usually" 1 directory above your html folder you need to be sure that these items are set as so:
register_globals Off
allow_url_fopen Off

This helps prevent exploits like remote file inclusion.
If you don't have access to php.ini then contact your hosting provider and they should be more than happy to correct that.

Note: All these things are fine, but a human in a shop in India can still register if he comes in on a clean IP.

The more I know, the more I know that I really didn't wanna know.

Login

Who's Online

47 user(s) are online (34 user(s) are browsing Support Forums)


Members: 0


Guests: 47


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Oct 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits