Announcement

Collapse
No announcement yet.

Suspicious Signups Today - Concerned about Security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Suspicious Signups Today - Concerned about Security

    Hey Gang,

    Over the last 24 hours, I've been getting dozens and dozens of new forum members. I started wondering what was happening, and I've noticed lots of them from the "mail.ru" domain.

    Most of them are with @gmail addresses. The IP's on the signup vary across the board, and are most likely forged.

    I'm concerned about this - wherever all these new signups are coming from, they are definitely up to "no good".

    So far, I don't see anything on the forums to worry about - no spam posts yet, and of the dozens of people who registered today, none of them have posted a welcome message.

    I'm running the latest version,
    3.7.3 Patch Level 1.

    Other than sitting back and wondering when things are go crazy (and praying they don't), what can I do?

    Blocking the IP won't really help, as they're signing up from IPs from all over the place.

    Thanks,
    Fred


  • #2
    I have had the same thing happening!

    But they have spammed.

    Trying to find how to ban by IP but I havent been successfull

    Comment


    • #3
      Hey - one of the signups I just got was something like "[email protected]" - seeing that word "pharmacy" make me KNOW they're up to no good.

      I'm making sure everything is current and patched, and have notified my ISP to make sure they are monitoring the server's outgoing mail queue and processes. Other than that, I don't know what else to do.

      Comment


      • #4
        I've been having the same issue. Had 146 new registrations from spammers today. It's getting ridiculous.

        Comment


        • #5
          Found how to ban by IP.

          Now how can only allow IPs from certain countries?

          Comment


          • #6
            banning by IP doesn't seem to work because the IPs are coming from all over the place.

            For the rest of you - are they sending email spam off your server, or are they spamming your actual message board?

            Comment


            • #7
              I'm getting spammed by mainly porn and some auto insurance posts. Sounds like its the same that are spamming you guys. I've already banned mail.ru email addresses from registering.

              We have been talking about it over at vBulletin.org. Appeartly they have found a way go get by captcha.

              Take a look at the thread:

              http://www.vbulletin.org/forum/showt...28#post1635128

              Comment


              • #8
                I've been getting these all day long on all of my sites. When they're banned, they spam through the contact us link.

                Isn't there a way to disable contact us for the banned members usergroup??
                Peggy
                ~ normal is overrated ~

                One Buzy Mama!

                Comment


                • #9
                  I just banned the email addy mail.ru

                  Sorted.
                  Shot Talk

                  Comment


                  • #10
                    Originally posted by Slingblade61 View Post
                    I just banned the email addy mail.ru

                    Sorted.
                    this will not be enough
                    there are spambots with all kind of addys, also .net and and
                    this is a very good site to check
                    http://www.stopforumspam.com/

                    spam bots found a way to read now the image verifications
                    I been attacked too yesterday
                    then i installed a few mods from vbulleting org
                    and now i watch the spam bots try to register and they cannot anymore

                    http://www.vbulletin.org/forum/showt...e+verification

                    http://www.vbulletin.org/forum/showthread.php?t=183329

                    that one is also very useful and easy
                    http://www.vbulletin.org/forum/showt...27#post1635427

                    Comment


                    • #11
                      Originally posted by fmckinnon View Post
                      [SIZE=2]Other than sitting back and wondering when things are go crazy (and praying they don't), what can I do?
                      Use the Question & Answer Verification.

                      Admin CP -> Human Verification Manager -> Question & Answer Verification

                      Comment


                      • #12
                        Originally posted by Andy View Post
                        Use the Question & Answer Verification.

                        Admin CP -> Human Verification Manager -> Question & Answer Verification
                        This could work, I just need to think of a creative question and answer
                        Website: http://www.SoftDux.com
                        SA WebHosting Talk - Running on vBulletin 3.6.0

                        Comment


                        • #13
                          Yes, never forget the human verification question - no program coded by spammers or hackers can pre-determine an answer to a question you set by yourself.

                          Comment


                          • #14
                            We had this exact issue, getting worse and worse by the day. On Monday I upgraded to 3.7.3 PL1, turned on the human verification - question and answer, put in a few simple questions, (you can have many questions), and so far not a single spammer has got past it, (normal registrations have been unaffected.)

                            Simple questions are...
                            Name a colour beginning with Y?
                            How many legs does a giraffe have?
                            What is ten divided by 2?

                            All easy questions, but they stop the bots dead.

                            Comment


                            • #15
                              the tempoary solution to ban ip range, this is the short term solution but not recommend. or block them from htaccesss. add query string 404 error to mail.ru or .ru

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X