massive spam attack - banning does not remove posts

[musikBear]

Had to happen :/ From 04 Apr 2015, 11:46 to 04 Apr 2015, 16:36 90+ spambots has joined the forum, and posted 5 identical topics I have banned a handful, but adding them to the ban-list, does not remove their posts :/ Are there any 'smart' way to ban and cascade remove all posts of these attackers in one go? -Or is that only possible with a script on the server? We need capcha as part of joining the community

[tresf]

Yes, the admin area of the forums has a place to delete all posts as part of the banning process. I'll do some cleanup.

We need capcha as part of joining the community

We have it. (technically reCapcha) Probably something else happening.

[tresf]

For phpBB admins:

1. Browse forum with spam, click username
2. At top of profile, click Administer user
3. Scroll to bottom of page, click delete posts in the delete user area, click Submit.

(I often ban the IP as well if they become a repeat offender)

[musikBear]

I only see Username: feelingera06525 [ Banning ] No [administer user|

[tresf]

You must not be a forum administrator (just a moderator)

[Umcaruje]

I'm deleting all of the accounts and IP banning them. Thanks for the report @musikBear

[musikBear]

@Umcaruje goodie - wonder how they got past chapta ... :/ @tresf different 'class' .. i understand :p

[Umcaruje]

Deleted all the spammers using the 'Prune Users' feature in ACP

Deleted all users that joined after april 4th.

Double checked if there were some real people there, but there weren't.

[tresf]

@Umcaruje great work, thanks, although we may lose the ability to see the IP addresses now. I've banned most of the IPs, but the spammer seemed to use a range and I was going through one by one.

[tresf]

Just saw the part about you banning IPs too. Looks like we were both working on the same issue. :+1:

[Umcaruje]

:+1:

[musikBear]

@Umcaruje @tresf Guys.. he is back :/ How does 'he' get pass the chapta ?

[Umcaruje]

no idea

[Umcaruje]

deleted the acc

[musikBear]

If you can add me, i will help of cause - There is a new small attack here monday' ...

edit Unfortunately it just continue. now there are 3 different bots active - Looks like the spammer just has an auto creator running, and one that cant be cought by chapta, so it is a real hack - perhaps even writing directly in the db..

[musikBear]

@Umcaruje - will you post a heads-up on face-book about the maintenance 7-9 apr? I think a lot of users wont see the thread in forum, because it simple is buried under +300 spam pieces..

on a different note - could all those sancrit a.o. Chinese letter symbols, be used for some kind of filter-setting? I remember some options for include / exclude in a business-inbox program i worked on, where something like that was possible -could even flag the users, who used these symbols .. -just a thought

[Umcaruje]

@musikBear when I do the maintenance I'll implement more spam filters ( #2 ).

The thread is global and it will appear over all posts, so no need to write a FB post tbh.

[Umcaruje]

The account registration is on manual mode now, which means all new accounts have to be approved by admins. This is just an interim solution to the spam problem.

[tresf]

Ok. I just deleted a bunch that came in. Hopefully this update to the new phpBB offers us more in terms of preventing this stuff...

[musikBear]

If this administrator approval is still in action, then the forum has been hacked for real! Spam arrives as i write this- The user subscribed TODAY! How is that possible? I cant do anything, but report it to you @tresf @Umcaruje B.r.

[tresf]

I've cleaned them up for now.

[musikBear]

woow! that was fast :dancer:

[Umcaruje]

I turned the registations back on to test up a anti-spam plugin. Guess it doesen't work as good as they advertise it

[Umcaruje]

Ok, I installed a new sortables captcha which looks like this:

I think this should hold the spammers off

[Umcaruje]

Oh and @tresf @musikBear Its pointless to ban the IP for this spammer, since the spammer most probably uses tor and some IP reset script. I think its better to ban emails, since he seems to reuse them.

[musikBear]

sad to tell, that right now, spams are arriving Is this jerk dumb enough to actually create handmade accounts ?! I cant believe he got pass @Umcaruje latest effort How ? if not manually creating real accounts Then WHY !? ://

[tresf]

It is likely because phpBB stinks in this regard. Captcha only helps if it is a firewall before the php pages that actually register. This is why @eagles051387 recommended another plugin which AFAIK obfuscated the registration URL, but he never implemented it for us.

[Umcaruje]

Well there were only 2 spam accounts since I added the new captcha. I'll set up that newly registered accounts (ones under 2-3 posts) can't post without a moderator approval. That should bring our spammer friend down.

[tresf]

I'll soon set up that newly registered accounts (ones under 2-3 posts) can't post without a moderator approval. That should bring our spammer friend down.

Please do not. We want to know when accounts are getting created, and if we moderate them, we'll have hundreds of accounts that we won't even know exist. If we fix this, we shouldn't do it reactively, we shouldn't punish those trying to use our boards.

[Umcaruje]

and if we moderate them, we'll have hundreds of accounts that we won't even know exist.

But any admin/moderator will get a notification when there is a new post that needs approval. If we just moderate the first ever post of a user, that can be really reasonable in terms of preventing spam.

[tresf]

People usually register so they can post and you're stopping them mid-thought. It's a terrible idea always. We want to steer people to our forums for questions. If we make it more difficult than it already is, they'll flock to facebook and GitHub and then we'll just have more Reaper10's making dozens of bug reports just to get a conversation started. Please don't do this. :)

[musikBear]

agrees with tresf. it will be annoying not to be able to post, right after signing-up. However some forums has a 'you now only have to click in a link in the mail we just send to you' Eg the user has to make a second active human response, before the account is active. Does that kind of option exists in phpBB ?

[tresf]

However some forums has a 'you now only have to click in a link in the mail we just send to you' Eg the user has to make a second active human response, before the account is active. Does that kind of option exists in phpBB ?

Yes and it is enabled.

[Umcaruje]

agrees with tresf. it will be annoying not to be able to post, right after signing-up. However some forums has a 'you now only have to click in a link in the mail we just send to you' Eg the user has to make a second active human response, before the account is active. Does that kind of option exists in phpBB ?

Yeah that is enabled on our forums, but almost every spambot is 'smart' enough to check its inbox and activate the account...

[musikBear]

but almost every spambot is 'smart' enough to check its inbox and activate the account...

Oo .. :cactus:

Does that incidentally mean. that we can see what mail provider, this creep has! Then we can act..

[Umcaruje]

I think this issue can be closed. The new captcha does its job well and there is maybe 1 or 2 spambots that get through. We can easily handle that by blocking emails and deleting the users and their posts.

@musikBear @tresf if you feel that this issue wasn't fixed, please reopen.