Announcement

Collapse
No announcement yet.

Under Attack. Please help.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Under Attack. Please help.

    I run HostingDiscussion.com and it seems like I'm being attacked using some kind of vB exploit (or something else), but here is what it does:

    Hundreds of accounts (around 300) were registered in a matter of minutes, all come from same IP.

    I banned the IP already, but when I try to search for all users using the same IP, software says: No matches for your request.

    It also doesn't list the accounts when I try the prune feature of registered users. It seems like the software does not recognize all these accounts as legitimate and just doesn't work with them.

    Is there a way to (a) delete them all at once? (b) protect myself from further possible attacks (it doesn't stop the nut-case from coming back with another IP).

    Forum is run on 3.0.1 version.

    What can I do now? I would truly appreciate anything you can offer me at this moment. The forum is popular and we need to turn it back on, but NOT with this look.

    Thank you,
    Artashes
    Attached Files

  • #2
    Turn on Image and email verifcation.

    Comment


    • #3
      Close the forum, upgrade to 3.0.3
      Change your admin password.
      And turn on email validation and image verification.

      Comment


      • #4
        What is Image and Email verification? What will they do if I turn them on? I'm sorry to be asking these questions. Our technical person is currently not available, so I'm trying to win some time.

        In your opinion, how did the attacker get me? Through an exploit on 3.0.1 or some other way?

        Thanks to both of you for your suggestions.

        Comment


        • #5
          You can also do a search for users that registered today and then delete them.
          [HOWTO] integrate any vB site into Opera quicksearch

          Comment


          • #6
            Image verification requires that a user type in the characters shown in an image, to prevent bots from registering (can't read the image). The attacker just registered many accounts with random e-mail addresses, using a simple script, not an exploit.

            Comment


            • #7
              Originally posted by Tradjick
              You can also do a search for users that registered today and then delete them.
              vBulletin doesn't recognize these users, thus doesn't display them as users. I've done that first thing. I'm not passionate about the idea of deleting accounts by hand... There are over 300 fake ones.
              Originally posted by ajaspers
              Image verification requires that a user type in the characters shown in an image, to prevent bots from registering (can't read the image). The attacker just registered many accounts with random e-mail addresses, using a simple script, not an exploit.
              I understand what it is now, thank you very much.
              Also, whatever you are saying makes perfect sense as well.

              Comment


              • #8
                Originally posted by Artashes
                vBulletin doesn't recognize these users, thus doesn't display them as users. I've done that first thing. I'm not passionate about the idea of deleting accounts by hand... There are over 300 fake ones.
                You could just prune users that are in the "Users Awaiting Email Confirmation" usergroup.

                Comment


                • #9
                  Good idea, but there are some users who I'd like to contact.

                  Its not really a problem anymore. I found a way to delete them individually but fast. 15 minutes and 170 accounts gone. Just 20-25 minutes more and I'm done.

                  Guys, you are amazing! Thanks for all your help, I really appreciate some advice I got here. Image verification was turned on - God knows why it was disabled before.

                  Best,
                  Artashes

                  Comment


                  • #10
                    Originally posted by Artashes
                    What is Image and Email verification? What will they do if I turn them on? I'm sorry to be asking these questions. Our technical person is currently not available, so I'm trying to win some time.

                    In your opinion, how did the attacker get me? Through an exploit on 3.0.1 or some other way?

                    Thanks to both of you for your suggestions.
                    Email verification means that a valid and working email address is required during registration. The user has to receive an email and click on a link in the email to validate the account. Until he or she does it will be listed under the usergroup 'waiting email validation'

                    Image verification means an image is displayed with letters and numbers in it which is required to be typed over.

                    Both the options are to be turned on/off through the admin control panel > vbulletin options

                    These users search for forums through search engines like yahoo and google.

                    They can mass register if they do not have to validate their email address or don't have to type over letters and numbers from an image.

                    Comment

                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...
                    X