You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 337 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - bots register users on my site ? [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
JallaBalla
Captain
Captain


Joined: May 01, 2003
Posts: 310

Location: Oslo, Norway

PostPosted: Wed May 31, 2006 3:18 am Reply with quoteBack to top

I have so many useraccounts created every hour on my site, most of them from same domain. (I delete them)

I don't want fake users! How can I stop people from register on my site without MY approval?

What I have done now:

* New user registration=gfx_check:3 (code)
* In forum admin/cinfigure: Enable Visual Confirmation YES
* Enable account activation: ADMIN (i have tested myself and as a user I still can confirm my registration through the dispatched e-mail with the avtivation code)
* Renamed/moved admin.php
* Latest patches etc

_________________
JallaBalla
...a Paying customer of PHP-Nuke
8.0 / 2.20
Find all posts by JallaBallaView user's profileSend private messageICQ Number
athens101
Sergeant
Sergeant


Joined: Jul 11, 2004
Posts: 104

Location: Athens

PostPosted: Wed May 31, 2006 6:52 am Reply with quoteBack to top

I had a ton of accounts from Raph.us.

I just looked at the real IP of the users and blocked the IP.
Find all posts by athens101View user's profileSend private messageVisit poster's website
arnoldkrg
Major
Major


Joined: Aug 03, 2003
Posts: 936

Location: United Kingdom

PostPosted: Wed May 31, 2006 7:26 am Reply with quoteBack to top

The following might help: http://www.karakas-online.de/forum/viewtopic.php?t=4797

_________________
Image
Find all posts by arnoldkrgView user's profileSend private messageSend e-mailVisit poster's website
jimmo
Corporal
Corporal


Joined: Feb 14, 2004
Posts: 60

Location: Germany

PostPosted: Thu Jun 01, 2006 12:44 am Reply with quoteBack to top

I got hit, too. (using HA Nuke 7.6) Seems to be the exact same pattern. Loads of users with similar names and addresses. Loads of waiting users in nuke_users_temp. All activated in batches.

Once registered they can do lots of damage in terms of spam. I already found tons of comments added to articles with spam.

Obviously there is a way of creating users automatically. Either this is some kind of SQL injection that isn't being caught or maybe the spammers have simply figured out a way to read the random_num in the query strings and what needs to be passed to register and login. In that case, looks like soem major problems. Granted you can ban IP addresses, use the hack on Chris Karakas' site, etc to block specific users/machines, but all they need to do is change them.

_________________
The Linux Knowledge Base and Tutorial project is looking for volunteers: http://www.linux-tutorial.info
Find all posts by jimmoView user's profileSend private messageVisit poster's website
JallaBalla
Captain
Captain


Joined: May 01, 2003
Posts: 310

Location: Oslo, Norway

PostPosted: Thu Jun 01, 2006 1:02 am Reply with quoteBack to top

After blocking 1847 IP addresses (taken from this forum) and blocking these 4 mail domains it seems so far that it have stopped:

*@lipster.net (80.93.58.90)
*@noparara.com (80.93.57.132)
*@wisral.com (80.93.58.9Cool
*@zeppele.com (80.93.58.95)

I will continue to monitor all users and keep banning unwanted addresses.

_________________
JallaBalla
...a Paying customer of PHP-Nuke
8.0 / 2.20
Find all posts by JallaBallaView user's profileSend private messageICQ Number
jimmo
Corporal
Corporal


Joined: Feb 14, 2004
Posts: 60

Location: Germany

PostPosted: Thu Jun 01, 2006 1:44 am Reply with quoteBack to top

Here's my contribution to the domain list:
1stflirt.org
4watcher.com
converged.biz
dro4ers.net
koziavok.net
lovesnake.net
pornoscop.com
strokersclub.net
sweetsnet.com
yamy.net

The last_ip addresses so far do not seem to match.

_________________
The Linux Knowledge Base and Tutorial project is looking for volunteers: http://www.linux-tutorial.info
Find all posts by jimmoView user's profileSend private messageVisit poster's website
JallaBalla
Captain
Captain


Joined: May 01, 2003
Posts: 310

Location: Oslo, Norway

PostPosted: Thu Jun 01, 2006 2:12 am Reply with quoteBack to top

thx, uploaded those aswell.

_________________
JallaBalla
...a Paying customer of PHP-Nuke
8.0 / 2.20
Find all posts by JallaBallaView user's profileSend private messageICQ Number
Astroman
Private
Private


Joined: Jul 05, 2005
Posts: 49


PostPosted: Thu Jun 01, 2006 1:33 pm Reply with quoteBack to top

Would it be possible to add a question in the signup that only a human can answer? I use them on some of my other sites; for instance, 'what color is an orange?' and the user has to type 'orange' or the registration script dies. Or have one of those graphic number thingies?

At least a bot can't signup then.

Oh wait, or are these real people actually doing this? I just checked the planet site in my sig and it seems to have some suspicious sign up names, and that already has a graphic image to sign up with.

Edit: just noticed the post higher up that mentions the circumventing og the graphic numbers. I wonder if the simple question thing might work after all?

_________________
http://www.university.uk.com - http://www.terrypratchettbooks.org -
http://www.seychellesislands.me

Last edited by Astroman on Thu Jun 01, 2006 1:57 pm; edited 1 time in total
Find all posts by AstromanView user's profileSend private messageVisit poster's website
Astroman
Private
Private


Joined: Jul 05, 2005
Posts: 49


PostPosted: Thu Jun 01, 2006 1:42 pm Reply with quoteBack to top

More for the list:

vux.bos.netsolhost.com
206-161-205-187.btnaccess.net

_________________
http://www.university.uk.com - http://www.terrypratchettbooks.org -
http://www.seychellesislands.me
Find all posts by AstromanView user's profileSend private messageVisit poster's website
Black_Spider
Lieutenant
Lieutenant


Joined: Aug 06, 2004
Posts: 285

Location: NW USA

PostPosted: Thu Jun 01, 2006 5:40 pm Reply with quoteBack to top

Could maybe one of you that possibly use sentinel post the tracked ip log for one of those ip's?

_________________
ßlå¢k §ÞîÐèR
Find all posts by Black_SpiderView user's profileSend private messageYahoo MessengerMSN MessengerICQ Number
sqzdog
Sergeant
Sergeant


Joined: Aug 07, 2003
Posts: 134


PostPosted: Sat Jun 03, 2006 4:53 am Reply with quoteBack to top

How do I block a domain? I am running Sentinel 2.4.0
Find all posts by sqzdogView user's profileSend private messageSend e-mail
silvrrwulf
Sergeant
Sergeant


Joined: Mar 03, 2003
Posts: 96


PostPosted: Sat Jun 03, 2006 6:36 am Reply with quoteBack to top

I have the exact same problem. Started yetserday.
I'll look into controlling teh situation later by adding security to the user registration; what I'd like to know now is how to use PHP my admin to remove all these bogus entries.

If anyone has any advice I'd sinserely appreciate it. Looks liek it could help many others as well. I don't want to wait until spam floods all the comments.

I've looked into PHP my admin, but I can;t find a "list" of usernames that I could easily edit, remove, etc. Does such a thing exist?

Thanks!

~SW

_________________
All things are possible... Except skiiing through a revolving door.
Find all posts by silvrrwulfView user's profileSend private messageSend e-mailVisit poster's website
ebiz
Nuke Cadet
Nuke Cadet


Joined: Jun 03, 2006
Posts: 1


PostPosted: Sat Jun 03, 2006 9:59 am Reply with quoteBack to top

silvrrwulf wrote:
I have the exact same problem. Started yetserday.
I'll look into controlling teh situation later by adding security to the user registration; what I'd like to know now is how to use PHP my admin to remove all these bogus entries.

If anyone has any advice I'd sinserely appreciate it. Looks liek it could help many others as well. I don't want to wait until spam floods all the comments.

I've looked into PHP my admin, but I can;t find a "list" of usernames that I could easily edit, remove, etc. Does such a thing exist?

I too have the exact same problem which started a few days ago. I went into phpmyadmin, Browsed the nuke_users table, sorted by reg_date, typed in 400 in the "Show ... row(s) starting from record #1 (as I have about 370 members), checked the boxes for the bogus entries, scrolled to the bottom, and clicked on the 'X' icon to delete the selected entries.

Hope this helps.

Its a real drag to have to do this.

Like sqzdog, I too would like to know how do I block a domain?
Find all posts by ebizView user's profileSend private message
silvrrwulf
Sergeant
Sergeant


Joined: Mar 03, 2003
Posts: 96


PostPosted: Sat Jun 03, 2006 10:29 am Reply with quoteBack to top

Thanks a lot : )! That really helped Smile

~SW

_________________
All things are possible... Except skiiing through a revolving door.
Find all posts by silvrrwulfView user's profileSend private messageSend e-mailVisit poster's website
silvrrwulf
Sergeant
Sergeant


Joined: Mar 03, 2003
Posts: 96


PostPosted: Sat Jun 03, 2006 2:04 pm Reply with quoteBack to top

Now I'm with everyone else... what do I have to do to prevent this? I've just renamed index.php in the your_account module - but that prevents all logins. Any advice? Smile

Thanks again for everyone's help.

~SW

_________________
All things are possible... Except skiiing through a revolving door.
Find all posts by silvrrwulfView user's profileSend private messageSend e-mailVisit poster's website
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.051 Seconds - 109 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::