Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Reload this Page Recently Was Spammed With Porn
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 04-07-2009, 09:03 PM
NGU Matt NGU Matt is offline
 
Join Date: Feb 2009
Posts: 10
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Recently Was Spammed With Porn
Heres the crazy part.

The user registered with the same IP every time and managed to exploit our inferno shoutbox to shout in there without the 10 post requirement.

He was also able to register in less than 10 seconds each time, which is pretty impossible.

I have no idea how they did it, but it's definitely a vunerability in 3.8.1 forums so keep an eye out.

This is the IP, I even wildcarded it but banning it did nothing. I had to close registrations temporarily.
96.229.139.22
Reply With Quote
  #2  
Old 04-07-2009, 09:19 PM
Brandon Sheley's Avatar
Brandon Sheley Brandon Sheley is offline
 
Join Date: Mar 2005
Location: Google Kansas
Posts: 4,678
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
You should add some no spam mods
the 10 sec registration is done with a program
Reply With Quote
  #3  
Old 04-07-2009, 09:21 PM
Swampfox Swampfox is offline
 
Join Date: Aug 2006
Posts: 119
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Its not impossible for a bot, they auto fill in the forms, there is a mod available here (Isbot) that blocks registrations that are too fast.

the IP ban should work, but bots usually use different IP's, so IP banning is futile

vbulletin has some built in human verification options, captcha is useless, I suggest switching to the question/answer feature
Reply With Quote
  #4  
Old 04-07-2009, 09:24 PM
dekaybrown's Avatar
dekaybrown dekaybrown is offline
 
Join Date: Mar 2009
Location: Upstate NY
Posts: 59
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I used a question answer verification, all bot registrations halted......

Also I'd suggest that you set all registrants to a moderator hold for the first few posts, That way if the applicant has nothing to offer your forum, you can delete the posts before your members even see them, and ban the user right away.
Reply With Quote
  #5  
Old 04-08-2009, 10:22 AM
NGU Matt NGU Matt is offline
 
Join Date: Feb 2009
Posts: 10
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
But I don't think it could have been a bot though because when they registered, the user was a real person because of how they bypassed the shoutbox post restriction and was talking to us in the shoutbox, where I just banned them from there, but it wasn't even 10 seconds after, that was just an example. It was more like 5-10, and all the names were custom each time.
Reply With Quote
  #6  
Old 04-08-2009, 03:33 PM
BlueNinjaGo's Avatar
BlueNinjaGo BlueNinjaGo is offline
 
Join Date: Mar 2009
Posts: 668
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Bots are sophisticated now adays.... just add one of the mods they mentioned and you won't have a problem... we have a question and it solved everything.

"What is the fifth word in this question?"

Any human can do that, but no bots have.
Reply With Quote
  #7  
Old 04-09-2009, 04:50 AM
dekaybrown's Avatar
dekaybrown dekaybrown is offline
 
Join Date: Mar 2009
Location: Upstate NY
Posts: 59
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Mine is a simple one too ;-)

Who is on the front of a US one dollar bill.

Never had another "bot" register again since.

Once they defeat that, I'll use another question.

It really does work!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 06:16 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03707 seconds
  • Memory Usage 2,209KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete