vb.org Archive
Page 8 of 16 « First 67 8 910 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.8 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=235)
-   -   Administrative and Maintenance Tools - vbStopForumSpam (https://vborg.vbsupport.ru/showthread.php?t=222536)

noj75 05-02-2010 03:45 AM
Installed this last night.
Checked the log this morning and 31 spammers had been blocked. I am so very impressed with this mod.

Thank you Pedigree, excellent work!

Nominated for MOTM!

Dunhamzzz 05-04-2010 08:34 AM
I've had this mod for a while now (almost a year), but over the last few days I've had quite a few emails from real people who have been unable to register because the plugin has blocked them, this is happening on all my forums.

I'm temporarily removing it...

DanGarion 05-04-2010 07:17 PM
It appears that the www.StopSpamLinks.com is dead... :(

pforums 05-06-2010 12:08 AM
Thats cause it's http://www.stopforumspam.com/ :o

bobnv 05-09-2010 03:59 PM
Have an interesting issue. We have this installed on two separate forums, all seems to work well a far as programs operation but on one install "Prune vbStopForumSpam Logs" was installed under the log section and on the other forum, it was not installed. The installations were done by two separate people, could it be that something was missed in the uploads on the one missing the prune section?

BTW, have had this mod installed on one forum for about 6-7 weeks and the log is up to 3300+ the only spammers that get through are the ones that have fresh clean emails and IP's, but that's not many.

Zookie 05-10-2010 03:03 PM
REALLY NICE! Just installed to my vBulletin 3.8.5 and looks like a real winner. However...

I was thinking that leaving the User name check enabled would be a problem as I suspected that common user names would get flagged. For instance, if someone tries to use "Fred" they should get flagged according to http://www.stopforumspam.com/api?username=Fred. I tried testing this by registering a new user with the name Fred and it was allowed even though I have User name checking enabled and the above URL suggests that it should have been blocked. So maybe I'm not understanding how this works...

Cindyl10 07-30-2010 05:16 PM
We have been being attacked for the last month and now they have begun to try and hack into our board since they haven't been able to get through our registration blocks to prevent spammers and trolls. I am running vBulletin 3.8.6 Patch Level 1 and I have spoken to our host and they have suggested I contact vbulletin which I'm trying to do but I also thought I should let you all know what's going on too as if they are able to hack me, they can then hack anyone with this mod. Here is all the info I have on it which I gave to my host

Quote:
We've been being spammed a lot and had to install a program that rejects spammers registrations as we were getting something like 100 a day. Well one person who was rejected keeps coming back to the board and when I look to see what he's doing, it says "modifying his profile". I wasn't to worried about it since I didn't think there was anything he could do to cause the site to accept his registration anyway, but each time he does it I get a database error and it looks to me like he is trying to force the board to add him as a member. This is what the error says:

Database error in vBulletin 3.8.6:

Invalid SQL:
SELECT DATEDIFF(NOW(), '2010-07-27 20:18:50') AS DAYS;;

MySQL Error : MySQL server has gone away
Error Number : 2006
Request Date : Tuesday, July 27th 2010 @ 09:56:19 PM
Error Date : Tuesday, July 27th 2010 @ 09:57:14 PM
Script : http://www.fresh-hope.com/forums/reg...p?do=addmember
Referrer : http://www.fresh-hope.com/forums/register.php?
IP Address : 94.23.18.220
Username : Naramoria
Classname : vB_Database
MySQL Version :

***************

In the line that says script is a link and at the end of the link it says: " do=addmember" which is what made me think this... Is this troll a possible hack attempt do you think or am I being paranoid?
Quote:
Hello Cynthia,

Thank you for contacting support.

It does appear that he may be attempting to use SQL Injection, however as long as your forum software is up-to-date and the latest version is installed you should certainly be safe. However, if you would like we can ban 94.23.18.220 from the server, so this way it will ensure he can't access the site or attempt any further malicious injections.

regards,
Melissa

I had them go ahead and do that. But it happened again today:

Quote:
It's happening again I'm afraid. The people who are attacking us seem very stubborn. The biggest problem is that they're pro's and constantly switch their IP's. That's why we had to install the two programs we did to intercept them. We installed them a week ago on July 23rd and since then the programs have rejected 409 registrations as spammers.

This error message is slightly different though. Here is a copy of it:

Database error in vBulletin 3.8.6:

Invalid SQL:
INSERT HIGH_PRIORITY IGNORE INTO vbstopforumspam_remotecache (date, data, spambot, field) VALUES (now(), 'martinkiday', '0', 'username');;

MySQL Error : MySQL server has gone away
Error Number : 2006
Request Date : Friday, July 30th 2010 @ 05:31:02 AM
Error Date : Friday, July 30th 2010 @ 05:32:20 AM
Script : http://www.fresh-hope.com/forums/reg...p?do=addmember
Referrer : http://www.fresh-hope.com/forums/register.php?
IP Address : 89.212.200.113
Username : martinkiday
Classname : vB_Database
MySQL Version :

I meant to add that one thing that concerns me now is that they've obviously figured out what the main program we're using to defeat them is: vbstopforumspam
Quote:
Hello Cynthia,

Thank you for your reply.

From the SQL code, it appears they are attempting to inject into the caching system. Honestly, I would strongly suggest providing those results to vBulletin, as the developers would be the best people to tell you whether you are safe from those specific attacks or not. I know from experience that vBulletin is kept up to date regularly and is protected by these type of attacks, however it certainly doesn't hurt to get a second opinion from the source itself .

Please let us know if there is anything further we may assist you with from here.

regards,
Melissa
Please let me know if perhaps you guys can help me and if my board is safe...

Cindyl10 07-31-2010 09:46 AM
Quote:
Originally Posted by Cindyl10 (Post 2076886)
We have been being attacked for the last month and now they have begun to try and hack into our board since they haven't been able to get through our registration blocks to prevent spammers and trolls. I am running vBulletin 3.8.6 Patch Level 1 and I have spoken to our host and they have suggested I contact vbulletin which I'm trying to do but I also thought I should let you all know what's going on too as if they are able to hack me, they can then hack anyone with this mod. Here is all the info I have on it which I gave to my host

Quote:
We've been being spammed a lot and had to install a program that rejects spammers registrations as we were getting something like 100 a day. Well one person who was rejected keeps coming back to the board and when I look to see what he's doing, it says "modifying his profile". I wasn't to worried about it since I didn't think there was anything he could do to cause the site to accept his registration anyway, but each time he does it I get a database error and it looks to me like he is trying to force the board to add him as a member. This is what the error says:

Database error in vBulletin 3.8.6:

Invalid SQL:
SELECT DATEDIFF(NOW(), '2010-07-27 20:18:50') AS DAYS;;

MySQL Error : MySQL server has gone away
Error Number : 2006
Request Date : Tuesday, July 27th 2010 @ 09:56:19 PM
Error Date : Tuesday, July 27th 2010 @ 09:57:14 PM
Script : http://www.fresh-hope.com/forums/reg...p?do=addmember
Referrer : http://www.fresh-hope.com/forums/register.php?
IP Address : 94.23.18.220
Username : Naramoria
Classname : vB_Database
MySQL Version :

***************

In the line that says script is a link and at the end of the link it says: " do=addmember" which is what made me think this... Is this troll a possible hack attempt do you think or am I being paranoid?
Quote:
Hello Cynthia,

Thank you for contacting support.

It does appear that he may be attempting to use SQL Injection, however as long as your forum software is up-to-date and the latest version is installed you should certainly be safe. However, if you would like we can ban 94.23.18.220 from the server, so this way it will ensure he can't access the site or attempt any further malicious injections.

regards,
Melissa

I had them go ahead and do that. But it happened again today:

Quote:
It's happening again I'm afraid. The people who are attacking us seem very stubborn. The biggest problem is that they're pro's and constantly switch their IP's. That's why we had to install the two programs we did to intercept them. We installed them a week ago on July 23rd and since then the programs have rejected 409 registrations as spammers.

This error message is slightly different though. Here is a copy of it:

Database error in vBulletin 3.8.6:

Invalid SQL:
INSERT HIGH_PRIORITY IGNORE INTO vbstopforumspam_remotecache (date, data, spambot, field) VALUES (now(), 'martinkiday', '0', 'username');;

MySQL Error : MySQL server has gone away
Error Number : 2006
Request Date : Friday, July 30th 2010 @ 05:31:02 AM
Error Date : Friday, July 30th 2010 @ 05:32:20 AM
Script : http://www.fresh-hope.com/forums/reg...p?do=addmember
Referrer : http://www.fresh-hope.com/forums/register.php?
IP Address : 89.212.200.113
Username : martinkiday
Classname : vB_Database
MySQL Version :

I meant to add that one thing that concerns me now is that they've obviously figured out what the main program we're using to defeat them is: vbstopforumspam
Quote:
Hello Cynthia,

Thank you for your reply.

From the SQL code, it appears they are attempting to inject into the caching system. Honestly, I would strongly suggest providing those results to vBulletin, as the developers would be the best people to tell you whether you are safe from those specific attacks or not. I know from experience that vBulletin is kept up to date regularly and is protected by these type of attacks, however it certainly doesn't hurt to get a second opinion from the source itself .

Please let us know if there is anything further we may assist you with from here.

regards,
Melissa
Please let me know if perhaps you guys can help me and if my board is safe...
Just this morning I discovered that I had yet another database error like the above one and when I checked the "member" who had just registered seems to be legit according to everything I can find out about them, so now I am really really confused! I know for a fact that the above two times were spammers/potential hackers but this time this person seems to be a perfectly legit registration and I doubt if they'd know how to do this... I'll share a copy of the error but I'm just very confused and don't understand any of this as this one looks more like the vbstopforumspam program itself might be responsible for these errors....

Database error in vBulletin 3.8.6:

Invalid SQL:
INSERT HIGH_PRIORITY IGNORE INTO vbstopforumspam_remotecache (date, data, spambot, field) VALUES (now(), 'mr_nazarene', '0', 'username');;

MySQL Error : MySQL server has gone away
Error Number : 2006
Request Date : Friday, July 30th 2010 @ 09:32:00 PM
Error Date : Friday, July 30th 2010 @ 09:32:54 PM
Script : http://www.fresh-hope.com/forums/reg...p?do=addmember
Referrer : http://www.fresh-hope.com/forums/reg...hp?do=register
IP Address : 64.134.158.177
Username : mr_nazarene
Classname : vB_Database
MySQL Version :

Please help me to determine if my board is safe and what is causing this database error.

KProjects 07-31-2010 09:59 AM
Have you looked in the logs that vbstopforumspam keeps (bottom of your admincp in statistics and logs) to see if there are others that aren't causing this error?

Are you getting the 'mysql server has gone away' errors for other pages on your site also?

If it let the last one - mr_nazarine - register, try PMing him to see if he's real..

Cindyl10 07-31-2010 11:34 AM
Yes I have looked through the logs. Nothing seems to cause this error. The first two errors were made by a person who's registration was denied (a lot of times lol) and he was obviously trying to bypass it. When I would look to see what he was doing on the board after his registration was denied it would show him "modifying or editing his profile". It would be at that time that I would get those first two error messages I posted.

As for this last error message, the username is shown twice in a row in the log:
Quote:
mr_nazarene 2010-07-30 21:33:59 MDCassens@email.nbc.edu 64.134.158.177 Allowed registration
mr_nazarene 2010-07-30 21:33:09 MDCassens@email.nbc.edu 64.134.158.177 Allowed registration
but only shows up as once in the members list and the new registrations list. I checked them out very thoroughly and can't find anything to indicate that they are trolls or spammers or anything other then a regular person who wants to join us... in fact they appear to be a pastor.

The only other "oddity" that was somewhat like this that I've seen happened yesterday. Again someone registered and seemed "normal". (they have since posted and are fine) This is how their registration shows up in the logs:



What is weird is that the only thing that showed up in my member list or new registrations was the last one; none of the other three did...

It has let through only two that I determined were trolls and banned, but those two were only listed once when on the logs such as:

Quote:
Tanichi 2010-07-28 17:49:29 acneinfo@zenmed.eu 188.153.53.2 Allowed registration
Yet when I looked in new registrations that name isn't there; when I do a search they don't exist. I assumed for lack of a better explanation that when vbStopForumSpam approved them that my other program Auto-Moderate Evading Banned Members caught them and disallowed them... but I have no way of knowing as there are no logs for that program...at least none that I can find... Thank you for your help!


All times are GMT. The time now is 09:34 PM.
Page 8 of 16 « First 67 8 910 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01283 seconds
  • Memory Usage 1,801KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (11)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete