Warlords TBS Series
Spin-off Projects
Home Forum
Welcome,
Guest
|
|
TOPIC: Whats going on here??
Whats going on here?? 7 years, 10 months ago #1581
How and why do we get to read so many spam Crap here since a couple of days??
How can we get rid of such stupidty? |
|
|
Re: Whats going on here?? 7 years, 10 months ago #1583
Maybe some spam filter/registration check got reset when KGB renewed the site?
|
|
|
Re: Whats going on here?? 7 years, 10 months ago #1623
Seems that some strict measures should be taken...
It feeds, it grows, it clouds all that you will know (c) Metallica |
|
Last Edit: 7 years, 10 months ago by Flagris.
|
Re: Whats going on here?? 7 years, 9 months ago #2091
10 pages of spam today! Maybe manual verification of new users should be implemented... (I'm assuming there's already CAPTCHA in place while registering).
|
|
|
Re: Whats going on here?? 7 years, 9 months ago #2267
There is a CAPTCHA in place for signing up.
I also get an email notifying me of every new user. I am getting no more than 1 new user a week, maybe 2 users. However it says right now there are 35 users online and another 100 guests. Those 35 users are all new today! The software that runs this site is old (5+ years old now) and I know there are unpatched vulnerabilities in it. I suspect the bots are somehow using those to post the spam by registering somehow via an exploit. It seems its all related to me renewing the site because prior to that there hasn't been problems in years. So the renewal must have been pushed around the web and attracted the bots thinking it was a new site. All I can do it delete them as they occur. However it seems they only post X number of messages before they stop because I just deleted 10 pages worth and the newest post was well over an hour old. As soon as I finished deleting them they started appearing again as if something triggered it to start up. KGB |
|
Last Edit: 7 years, 9 months ago by KGB.
|
Re: Whats going on here?? 7 years, 9 months ago #2706
22 pages today!
Is there a setting that can prevent new users from posting immediately? Is that email notification just that, a notification, or are you supposed to approve the user manually (which is what I thought I said in my above email - manual verification). |
|
|
Re: Whats going on here?? 7 years, 9 months ago #2865
They aren't registering on the site in the normal way. The bots are just auto-inserting new users into the user database as already successfully registered. I logged into the site in admin mode tonight and saw that about 1300 new users have been added in the past few days. I've only gotten about 3-4 actual emails so the rest were direct inserts using an exploit of the site code (it's 5+ years old now).
Anyway I hand deleted them all. While I was deleting them new ones were being added. However and a certain point that stopped so I assume I got the master account that was used to initially crack into the site. So now I don't see dozens of bot accounts logged in. Was hoping this might fix it but now an hour later its started again sigh. Gotta try something else. KGB P.S. I just changed a setting in the user accounts that turns off 'auto creation of users'. That may have been what was being used. I hope that users can still manually be created. Can one of you guys try creating a new user and see if it still works. |
|
Last Edit: 7 years, 9 months ago by KGB.
|
Re: Whats going on here?? 7 years, 9 months ago #3148
Ah, okay. There was 13 pages of spam when I just logged in, but not sure when the last was posted. I'll try creating a new user.
|
|
|
Re: Whats going on here?? 7 years, 9 months ago #3156
Okay, I just through the creation process for a new user and successfully logged in.
Unfortunately, while I was doing that, 7 new spam posts were created. Not sure if they're from existing bot users before you changed that setting or not; if there's "Account created" setting on their account, that would tell you. But it's still going on |
|
|
Re: Whats going on here?? 7 years, 9 months ago #3162
Thanks for checking on the user creation.
I did some more reading late last night about this problem on this version of Joomla. It appears it's the work of 'script kiddies'. They've managed to upload a php script to the site that is auto running. The IP address lookup of all the posts indicates it's coming from Ukraine. Either that's the origin and/or that's where the bot net is located. I'll have to go into the virtual machine on GoDaddy tonight and search for the script. Shouldn't be too hard to find because files don't change often on this site so a date/time search should find it pretty fast. What's weird to me is the purpose of doing it. There is no way anyone's clicking on any of these posts or the random links inside so there's no chance to infect a machine or get advertising dollars etc. KGB |
|
|
|
Time to create page: 0.56 seconds