vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Spammers Registering Even After I Turned Registration Off ... How ? (https://vborg.vbsupport.ru/showthread.php?t=298781)

DougCooper 06-06-2013 08:13 AM
Spammers Registering Even After I Turned Registration Off ... How ?
 
Hi guys,

I've been getting spammed with new registrations alot even though I have the normal processes in place to stop them (the popular anti spam plugs etc). However what's really weird now is even if I turn off registration in the VB Admin, spammers are still registering to the site.

How is that even possible ?

Simon Lloyd 06-06-2013 01:13 PM
When you turn registration off is it really going off? have you tried to register yourself after turning it off?

Have you installed all the latest security patches?

DougCooper 06-07-2013 06:41 AM
Yes tested it and I can't register atm. I have latest securitys patches installed. Baffled !

Simon Lloyd 06-07-2013 08:33 AM
PM me a link and i'll have a quick look later today when im at home.

kh99 06-07-2013 01:18 PM
Do you have facebook connect enabled? I'm not sure if disabling registrations stops people from linking to a facebook account.

DougCooper 06-09-2013 02:15 PM
simom PM sent.

kh99 they Ive disabled facebook connect to see if that helps.

DougCooper 06-18-2013 09:37 AM
bump

TNCclubman 06-18-2013 11:35 AM
ive long said something is up. My Q&A questions cant be guessed by a bot and they always get in. For years people have said "Oh a human must enter your answer" ya right.

kh99 06-18-2013 11:46 AM
Quote:
Originally Posted by DougCooper (Post 2426086)
even if I turn off registration in the VB Admin, spammers are still registering to the site.
Have you checked the web server logs to see if they're doing it through register.php, or if there's anything strange in the logs?

Maybe you could try this and see if it helps: https://vborg.vbsupport.ru/showthread.php?t=297834

DougCooper 06-18-2013 04:54 PM
which logs are you refering too ? vbulletin or server ?

Lynne 06-18-2013 06:05 PM
Kevin is talking about your server access_logs. If you don't know where they are, ask your host.

Are you sure these users registered after you turned it off and they aren't simply spammers that registered a few days ago and are now spamming the site?

DougCooper 06-18-2013 06:11 PM
k I'll take a look at the server log. They are registering now and constantly. I've just installed the rename reg page plugin and turned reg back on.

Will report back. but still confused as to how spammers were/are able to register ever after I turn reg off in admincp

kh99 06-18-2013 06:40 PM
Yeah, like Lynne says, if you haven't already, make sure that they are new registrations on not old ones that never posted. As for the logs (assuming they are new registrations), I was thinking get the registration ip of one of them, and then search the web server access logs to see which scripts they accessed.

ETA: Also if you haven't already you might try disabling all plugins. Maybe an addon is inadvertently allowing registration even though you have it turned off.

DougCooper 06-18-2013 06:54 PM
They are new reg's I'm getting constant email alerts.

I'm looking at the log now and trying to make sense of it.

They are obv using proxies to register as each reg has a new IP.

--------------- Added [DATE]1371585348[/DATE] at [TIME]1371585348[/TIME] ---------------

It's stange because they are able to register even with filling in custom required reg fields that I've set as required.

I've just disabled all plugins to see the resuts - good idea.

skol 06-18-2013 07:21 PM
Do you have any primary Users Awaiting Email Confirmation..

DougCooper 06-18-2013 07:32 PM
90725

Bluemax712 06-18-2013 10:58 PM
I would check if your mysql server is exposed either directly via port 3306
or do you have any web- based management tools like Webmin/ Cpanel or PhpAdmin installed?

af1racing 06-20-2013 02:30 PM
Has any solution been found for this? We just received 4500 registrations yesterday, all spammers. They have found a weakness. We turned off the registrations now but we are trying to find out how they are getting by the verification system.

Thanks

ForceHSS 06-20-2013 02:52 PM
Quote:
Originally Posted by af1racing (Post 2429330)
Has any solution been found for this? We just received 4500 registrations yesterday, all spammers. They have found a weakness. We turned off the registrations now but we are trying to find out how they are getting by the verification system.

Thanks
Have you installed any plugins to stop spammers if not then you should

DougCooper 06-20-2013 02:53 PM
My issue was I had a lot of spammers registrations that signed up in dec 2012. They didn't activate their accounts until recently via the email confirmation. So have a look at your 'Users Awaiting Confirmation' group and if necessary clean/dump it. This is what happened to me and I was so confused as I'd turn off registations yet they were still registering, but they wern't actually registering at that point, they were simply activating accounts that they registered in the past. Take a look at the signup date of some of the new accounts as look at the registration date.

--------------- Added [DATE]1371744162[/DATE] at [TIME]1371744162[/TIME] ---------------

BTW thanks to everyone who chipped in on this post to help really cool. One question tho, I want to either mass move all the 90000 spammers from 'Users Awaiting Email Confirmation' to either 'Banned by Moderators' group or just delete them. THe problem is in the prune users option in the backend it only seems to do it in around 1000 at a time. Then I have to do it again. This is really time consuming is there a better way ? I've heard running direct database commands is risky.

af1 racing 06-20-2013 03:03 PM
Quote:
Originally Posted by ForceHSS (Post 2429335)
Have you installed any plugins to stop spammers if not then you should
Yes, spam-o-matic is moderating nearly all of their threads but we can't find how to easily delete over 6000 spammers that have registered in the last 2 days.

Quote:
Originally Posted by DougCooper (Post 2429336)
My issue was I had a lot of spammers registrations that signed up in dec 2012. They didn't activate their accounts until recently via the email confirmation. So have a look at your 'Users Awaiting Confirmation' group and if necessary clean/dump it. This is what happened to me and I was so confused as I'd turn off registations yet they were still registering, but they wern't actually registering at that point, they were simply activating accounts that they registered in the past. Take a look at the signup date of some of the new accounts as look at the registration date.
Can't prune/move more than 1000 users at a time in the admincp. The "users awaiting email confirmation" usergroup has more than 6000 new users from the past 2 days. No way to get that log under 1000 and no way to manually tick 1000 checkboxes without modifying code with javascript.

Lynne 06-20-2013 03:48 PM
Quote:
Originally Posted by DougCooper (Post 2429336)
BTW thanks to everyone who chipped in on this post to help really cool. One question tho, I want to either mass move all the 90000 spammers from 'Users Awaiting Email Confirmation' to either 'Banned by Moderators' group or just delete them. THe problem is in the prune users option in the backend it only seems to do it in around 1000 at a time. Then I have to do it again. This is really time consuming is there a better way ? I've heard running direct database commands is risky.
You would need access to your php.ini file in order to change max_input_vars to something larger than 1000.

af1 racing 06-20-2013 04:42 PM
I edited admincp/user.php to change the "Join Date is Before" parameter for do=prune to search after a certain date so I can limit the results to those from 2 days ago until now. With the help of a macro to tick 999 checkboxes at a time, over 10k accounts now banned and things are back under control.


All times are GMT. The time now is 05:54 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02618 seconds
  • Memory Usage 1,764KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (23)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete