The Arcive of Official vBulletin Modifications Site.

oO RusH Oo · #1 03-14-2007, 05:23 PM

Hello everyone, :]

I've had quite a few bots attack my sites recently, either posting a whole stream of adverts, or trying every exploit in the book against my sites.

I'm fed up, so i've decided to do something about it!

Their are a few tools which generate these bots, most of them use dynamic usernames, however i don't belive that they dynamically generate passwords.

Even if they are, i can make a list of e-mail addresses/IP's/common proceedures that these bots use, and use it to block out bots in the future.

So basically i'm making a vBulleting Honeypot - but to prevent ligitimate users from signing up, i've made it very clear in the registration letter that the forum is not real, and if they don't verify their e-mail address their password will be deleted within the hour.

Only problem is, it would take ages to decrypt the md5'd passwords in the database of the bots, and if i have four or five bots a day attack my site, it just isn't realistic...

A much better idea is for vBulletin to just compair plaintext passwords, and i could scan through the mySQL DB and spot any similarities that way.

I know older versions of vBulletin didn't use MD5, but reverting back to this is too complicated for me :P

Could anyone give me any pointers?

Cheers guys,

~ John

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.03973 seconds Memory Usage 2,458KB Queries Executed 13 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)bbcode_code (2)bbcode_php (2)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (8)post_thanks_box (8)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (8)post_thanks_postbit_info (8)postbit (8)postbit_onlinestatus (8)postbit_wrapper (1)showthread_list (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_threadedmode.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids_threaded showthread_threaded_construct_link showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!