vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Huge Spike in Guests on Board (https://vborg.vbsupport.ru/showthread.php?t=284435)

hunter22375 06-14-2012 11:28 PM
Huge Spike in Guests on Board
 
I have WAY more guests on my board than usual. I normally run about 600+ and right now I am at over 3800!!!!!! Also, I am receiving about 500 undeliverable emails a day in my inbox as if people attempted to sign up with a bogus email and could not confirm it. Neither the board or my third party member management system show all these failed sign ups and I have human verification turned on using Captcha. Has anyone had this happen to them? Is it some sort of an attack to overwhelm my board?

Bluemax712 06-15-2012 02:58 PM
One thing to check is make sure your MySQL server isn't exposed or at least limit outside connections to it.
There is a relatively new vulnerability that is trivial to pull off if your server hasn't been patched yet.

http://www.h-online.com/open/news/it...e-1614990.html

hunter22375 06-15-2012 03:59 PM
I read the article and, for the most part, have an idea of what I had an idea of what it was saying. What my question then becomes is, why aren't all these new fake members showing up in vB or my third party member management system? Because regardless if a member fails to confirm their email because they provided a bogus one, their screen name still shows up and they get added to the total member amount.....which has not changed along with the hundreds of undeliverable emails I have been receiving.

Bluemax712 06-15-2012 04:08 PM
I only mentioned the MySQL vulnerability thinking if it is open to outside connections
it could be attracting people looking to break in.

Do you use Glowhost Spam-O-Matic (highly recommended)
https://vborg.vbsupport.ru/showthrea...t=Spam-O-Matic

It will block a lot of bots and has a good logging system telling you what it's doing

hunter22375 06-15-2012 11:40 PM
Thanks, I don't pretend to know alot about server management so I appreciate the help. I'm not even sure if how I described the issue made sense...lol. I will look into that. Thanks again.

Andy 06-15-2012 11:51 PM
Quote:
Originally Posted by hunter22375 (Post 2339640)
I have human verification turned on using Captcha.
Which captcha are you using? The Question & Answers or the one that requires entering in a few characters?

hunter22375 06-16-2012 12:32 AM
Quote:
Originally Posted by Andy (Post 2339931)
Which captcha are you using? The Question & Answers or the one that requires entering in a few characters?
The one that requires entering characters.

Andy 06-16-2012 12:50 AM
Quote:
Originally Posted by hunter22375 (Post 2339941)
The one that requires entering characters.
That's the problem. It's been cracked years ago. Here's what I suggest you do.

https://www.vbulletin.com/forum/show...-on-your-forum

CAG CheechDogg 06-16-2012 03:23 AM
Quote:
Originally Posted by Andy (Post 2339945)
That's the problem. It's been cracked years ago. Here's what I suggest you do.

https://www.vbulletin.com/forum/show...-on-your-forum
I disagree with you Andy, if that was the problem I would have it on my site as well. I only use the reCaptcha with characters and I have had no problems with it.

He has to make sure his Publick and Private Keys are valid first of all.

I don't even know where you got that it got cracked years ago, lol.

hunter22375 if you need further assistance with this contact me via pm buddy, there are other ways to stop this from happening in your forums.

Andy 06-16-2012 10:53 AM
Quote:
Originally Posted by CAG CheechDogg (Post 2339967)
I disagree with you Andy, if that was the problem I would have it on my site as well. I only use the reCaptcha with characters and I have had no problems with it.

He has to make sure his Publick and Private Keys are valid first of all.

I don't even know where you got that it got cracked years ago, lol.
Please type this into google.com

reCaptcha cracked site:vbulletin.com

Bluemax712 06-16-2012 06:24 PM
Any system will eventually be cracked and then patched
http://arstechnica.com/security/2012...-to-its-knees/

I am wondering if VBulletin Recapture ever needs updating manually
or is all the code maintained at google and automatically updated to the latest
without intervention on our part?

I find the best way is combination:
1) use promotion system to limit permissions of newbies until a certain number of posts
2) use Glowhost Spam-O-Matic (except dont' use the username verification)

hunter22375 06-18-2012 06:45 PM
I made some changes...we'll see what happens. If they worked, my "most users online ever" amount will be way off. I looked for a place to edit that number and came up empty handed. Does anyone know where I can edit it?

CAG CheechDogg 06-28-2012 09:46 AM
I have been using reCaptcha for over 3 years now and not once have I had any problems, I have used it on joomla, kunena, wordpress and many other applications that take it.

--------------- Added [DATE]1340880394[/DATE] at [TIME]1340880394[/TIME] ---------------

Quote:
Originally Posted by hunter22375 (Post 2340802)
I made some changes...we'll see what happens. If they worked, my "most users online ever" amount will be way off. I looked for a place to edit that number and came up empty handed. Does anyone know where I can edit it?
You might be able to find that record using phpMyAdmin from you cPanel

NathanJT 06-28-2012 10:30 AM
Quote:
Originally Posted by hunter22375 (Post 2339837)
I read the article and, for the most part, have an idea of what I had an idea of what it was saying. What my question then becomes is, why aren't all these new fake members showing up in vB or my third party member management system? Because regardless if a member fails to confirm their email because they provided a bogus one, their screen name still shows up and they get added to the total member amount.....which has not changed along with the hundreds of undeliverable emails I have been receiving.
I have the same issue. New user email notifications being sent to me and then when I go into admincp to search for them they don't exist. Mine is small scale compared to yours but of the dozen new user emails I received last night I can only find 4 in the DB.

[edit] What I have noticed though, in the main, is that the IP's these sign ups are coming from are COLOs. Now it could be that the ISP in question has a POP there but it seems odd that all of a sudden it's servers doing this rather than rooted PC's.


All times are GMT. The time now is 04:41 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01179 seconds
  • Memory Usage 1,753KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (7)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (14)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete