vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Registration Denial of Service Attack (https://vborg.vbsupport.ru/showthread.php?t=294349)

meissenation 01-24-2013 10:02 PM
Registration Denial of Service Attack
 
I've been seeing what appears to be a denial of service attack by flooding my website with registrations. The vbStopForumSpam log shows a bot doing "allowed registration" every 3 seconds.

Are there any products out there which can block people from trying to flood registrations?

And if not, are there any products out there that can block e-mail domains from attempting to register? I know this is a weak countermeasure since all they have to do is change the domain they're attempting to register with but thus far the bot they're using appears to only use one domain for the registration e-mail address.

kh99 01-24-2013 10:04 PM
Are they always coming from the same ip, so that you could ban it?

meissenation 01-24-2013 10:39 PM
Yes and no - the flood of registrations every 3 seconds is under the same IP address and I just IP banned the most recent flood, but about 12 hours ago they flooded the site and had a different IP address.

Unfortunately they also appear to be using clean e-mail addresses and IP addresses as the StopForumSpam database is showing "Allowed registration" for each of the thousands of attempts.. They're not actually registering an account, so I'm guessing they're cancelling the registration right before the "Submit" function.

kh99 01-24-2013 11:00 PM
There are a couple of mods that would block automatic registrations based on time taken to fill out the form, but if they're not actually registering then i don't see what good it would do for you. Isn't the registration only one page? So if SFS is being consulted wouldn't that mean they would have submitted the form? Maybe there's some other error that's stopping them from completing registration (like the form is not filled out correctly).

meissenation 01-24-2013 11:07 PM
Yeah - maybe they're leaving something blank or failing the captcha? SFS is querying to see if their information is in the SFS database so they must be getting so far in the registration process.

As a fix for now, I IP banned a little over 22 "spammer" countries so hopefully that should help.


All times are GMT. The time now is 02:42 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01273 seconds
  • Memory Usage 1,715KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (5)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete