Announcement

Collapse
No announcement yet.

MASSIVE Spam Problems! Server Being Shut Down Daily - HELP!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] MASSIVE Spam Problems! Server Being Shut Down Daily - HELP!

    One of my websites has been getting bombarded with spam bots to the point that my hosting provider suspends my account. This has happened 3 times this week alone!

    I have banned IP addresses and now have begun banning IP ranges on the COUNTRY level, including China, Vietnam and Japan

    When I look at the "Who's Online" feature I see mostly the same IP address logged on hundreds of times.

    Does anyone know how to stop this once and for all?

    Maybe a script that limits the amount of logins per IP address?

    All ideas very appreciated!

    Thanks!!
    NHTourGuide.com

  • #2
    If you're having spam trouble try the following-

    We have determined the most effective "Human Verification" currently built into vBulletin is "Question and Answer" verification.

    To enable this go to your Admin CP -> Settings -> Human Verification Manager. (In VB 3.x it is Admin CP -> vBulletin Options -> Human Verification Manager)

    Click on this link.

    On the new page choose the option for "Question & Answer Verification."

    If this is the first time you are using it you will need to add one or more questions and answers. To add your first question click on the "Add New Question" near the bottom center of the page.

    On the next page enter a question. Do not make this a math question (what is 2+2?)- Math questions are absolutely worthless. If your forum is about a specific topic try to make the question something someone interested in your niche would likely know. If not still make a question that requires a human to answer- creativity helps here.

    An example question would be: If there are three people in a room how many total toes are likely in the room?

    Leave the box for "Regular Expression" blank. Use it only if you understand Regular Expressions.

    Hit "Save"

    On the next page there will now be a button "Add New Answer" - Press It.

    The next page is one simple box marked "Answer." Enter the answer to the question. Questions can have multiple correct answers.

    Answers are NOT case sensitive so if you put "thirty" in as an answer both "Thirty" and "THIRTY" will also work.

    Enter "thirty" as the answer (without quotes.)

    Save.

    Now you will be back on the page where you can press the "Add New Answer" again, press it.

    This time add the answer: 30
    And hit "Save" again.

    If your forum is multi-lingual you may want to continue adding answers to cover the word "thirty" in different languages.

    When you believe you have set every possible correct answer you can click on the Admin CP Menu to go back to "Human Verification Manager" and repeat the process to add additional questions.

    The more questions you have the better you will be- five is a good minimum, 10 or more is better.

    We have found forums that implement good Q&A questions stop nearly all "bot" spam. (We have documented drops of a 90% reduction in registrations, all of which were spammers.) There will always be spam created by humans though who cannot be blocked by easy questions. If you feel you still have too much spam to handle please check out various "anti-spam" mods available on vBulletin.org:

    Glowhost Spam-o-Matic
    KeyCaptcha
    vB Bad Behavior.

    Please note like all vBulletin modifications we do not provide official support for 3rd party mods, you will need to ask for help in the threads of the mod in question if you need help installing, configuring, or using the mod.

    Overall the best defense against spam is to have an active and vigilant moderator staff able to find and delete spam quickly. Educate forum users on how to use the "Report Post" button to report spam. Do not let the forum run without a moderator or administrator making regular visits to keep an eye on things.
    Last edited by Mark.B; Fri 14 Dec '12, 1:05pm.
    MARK.B | vBULLETIN SUPPORT

    TalkNewsUK - My vBulletin 5.6.3 Demo
    AdminAmmo - My Cloud Demo

    Comment


    • #3
      Helpful info here - http://www.vbulletin.org/forum/showthread.php?t=276547


      Former vBulletin Support Staff
      Hacked recently? See my blog post "Recovering a Hacked vBulletin Site".
      Thinking outside the box? Need modification support? Visit www.vBulletin.org and have at it!

      Comment


      • #4
        Thank you both for the information. A few things I neglected to mention...

        First, I have already implemented a Q & A finding it works way better than any CAPTCHA code.

        Second, The problem isn't with these bots logging in to the forum, the issue is that I have THOUSANDS of connections from the same IP's roaming the forum as "Unregistered", many of which are hitting the register.php page over and over again. It is this drain of server resources that has my web host company shutting me down.

        Thanks!
        Matt

        Also, I am using 4.1.1 - The solutions above don't seem to be used for 4.1.1 or are methods I have used.
        NHTourGuide.com

        Comment


        • #5
          I would suggest these two out of my suggestions in that case:

          Glowhost Spam-o-Matic
          vB Bad Behavior.

          Both should work with 4.1.1. You have a problem with spam bots, these should help cut them right down.

          With Spam-O-Matic, configure it NOT to check usernames - I find this blocks too many genuine users.
          Last edited by Mark.B; Fri 14 Dec '12, 1:05pm.
          MARK.B | vBULLETIN SUPPORT

          TalkNewsUK - My vBulletin 5.6.3 Demo
          AdminAmmo - My Cloud Demo

          Comment


          • #6
            Originally posted by Mark.B View Post
            I would suggest these two out of my suggestions in that case:

            Glowhost Spam-o-Matic
            vB Bad Behavior.

            Both should work with 4.1.1. You have a problem with spam bots, these should help cut them right down.

            With Spam-O-Matic, configure it NOT to check usernames - I find this blocks too many genuine users.
            Thanks Mark, but the Glowhost is to prevent registrations from known spammers and rhe Vb Bad Behavior links to some post about moderators having the ability to edit signature lines.
            NHTourGuide.com

            Comment


            • #7
              Originally posted by NHTourGuide View Post
              Thanks Mark, but the Glowhost is to prevent registrations from known spammers and rhe Vb Bad Behavior links to some post about moderators having the ability to edit signature lines.
              Oops there was a digit missing off my link somehow...try the links again, I have fixed them.
              MARK.B | vBULLETIN SUPPORT

              TalkNewsUK - My vBulletin 5.6.3 Demo
              AdminAmmo - My Cloud Demo

              Comment


              • #8
                Another really good one for bots is this:
                http://www.vbulletin.org/forum/showthread.php?t=289463
                You set it to detect how quickly they are registering and if it's inhumanly fast, they get blocked.
                I have a pretty small site and it has prevented 7,000 bot registrations in the last month and a half.
                I also have Glowhost, and simple questions / answers and I get an email for each new account. I look at them all the day the register, then about a week later.
                Spammers are vile people, I work hard to keep my site clean.
                Cliff
                PathLabTalk
                Square Wheels Cycling

                Comment


                • #9
                  Originally posted by Mark.B View Post
                  Oops there was a digit missing off my link somehow...try the links again, I have fixed them.
                  Thanks Mark. When I download the Bad Behavior mod I see files that look like its for WordPress and I don't find the Upload" folder as part of the download. I'm sure im doing something wrong but can't seem to figure it out.

                  Thanks!

                  - - - Updated - - -

                  Originally posted by dilbert View Post
                  Another really good one for bots is this:
                  http://www.vbulletin.org/forum/showthread.php?t=289463
                  You set it to detect how quickly they are registering and if it's inhumanly fast, they get blocked.
                  I have a pretty small site and it has prevented 7,000 bot registrations in the last month and a half.
                  I also have Glowhost, and simple questions / answers and I get an email for each new account. I look at them all the day the register, then about a week later.
                  Spammers are vile people, I work hard to keep my site clean.
                  Thanks! I looked for the download but can't find it. Not having much luck. lol

                  I work hard to prevent spam on my forums also, lately it seems like a never ending battle. I find myself watchign the "Who's Online" page questioning every IP.
                  NHTourGuide.com

                  Comment


                  • #10
                    Originally posted by NHTourGuide View Post

                    Thanks! I looked for the download but can't find it. Not having much luck. lol
                    Not sure what you mean you can't find the download, it's in the link I posted.
                    http://www.vbulletin.org/forum/showthread.php?t=289463
                    Have you registered on that site? You need to register with the same info you registered here and you'll be able to download modifications.
                    Cliff
                    PathLabTalk
                    Square Wheels Cycling

                    Comment


                    • #11
                      Originally posted by dilbert View Post
                      Not sure what you mean you can't find the download, it's in the link I posted.
                      http://www.vbulletin.org/forum/showthread.php?t=289463
                      Have you registered on that site? You need to register with the same info you registered here and you'll be able to download modifications.
                      That's what it was, I didn't realize I had to register on that site. It sure is a busy page! I will post how it goes.

                      Thanks again!
                      NHTourGuide.com

                      Comment


                      • #12
                        Originally posted by NHTourGuide View Post
                        The problem isn't with these bots logging in to the forum, the issue is that I have THOUSANDS of connections from the same IP's roaming the forum as "Unregistered", many of which are hitting the register.php page over and over again.
                        Sounds like you're getting a DDoS attack..
                        -- Web Developer for hire
                        ---Online Marketing Tools and Articles

                        Comment


                        • #13
                          Originally posted by NHTourGuide View Post
                          TSecond, The problem isn't with these bots logging in to the forum, the issue is that I have THOUSANDS of connections from the same IP's roaming the forum as "Unregistered", many of which are hitting the register.php page over and over again. It is this drain of server resources that has my web host company shutting me down..
                          As said above, this sounds like a Denial of Service attack, not spam. Unless you allow unregistered users to post on your site.

                          First thing to do is to work with your hosting provider and have them ban these IP addresses at the router. Ban entire continents if you have to. Once things start leveling off you can re-open those bans. If it is all the same IP address, ban them at the server level. You can then use tools like mod_security to limit their access based on their activity so instead of getting through, if there are too many requests the server will start denying them access.

                          Can be very frustrating to work through a DOS attack but if you have a competent hosting provider, they can help.
                          Translations provided by Google.

                          Wayne Luke
                          The Rabid Badger - a vBulletin Cloud demonstration site.
                          vBulletin 5 API

                          Comment


                          • #14
                            Originally posted by dilbert View Post
                            Not sure what you mean you can't find the download, it's in the link I posted.
                            http://www.vbulletin.org/forum/showthread.php?t=289463
                            Have you registered on that site? You need to register with the same info you registered here and you'll be able to download modifications.
                            That mod is very nice! Works sweet!!

                            - - - Updated - - -

                            Originally posted by Wayne Luke View Post
                            As said above, this sounds like a Denial of Service attack, not spam. Unless you allow unregistered users to post on your site.

                            First thing to do is to work with your hosting provider and have them ban these IP addresses at the router. Ban entire continents if you have to. Once things start leveling off you can re-open those bans. If it is all the same IP address, ban them at the server level. You can then use tools like mod_security to limit their access based on their activity so instead of getting through, if there are too many requests the server will start denying them access.

                            Can be very frustrating to work through a DOS attack but if you have a competent hosting provider, they can help.
                            That makes sense. I was getting spam mixed in and thought it was all connected. I banned many IP addresses and countries in the htaccess and added the sweet mod "Dilbert" sent me the link for here: http://www.vbulletin.org/forum/showthread.php?t=289463. I also added security questions.

                            Spam? What spam?

                            Problem solved! Thank you everyone!!!!!
                            Merry Christmas!!
                            NHTourGuide.com

                            Comment

                            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                            Working...
                            X