Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
Reload this Page Registration Denial of Service Attack
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 01-24-2013, 10:02 PM
meissenation meissenation is offline
 
Join Date: Apr 2005
Posts: 476
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Registration Denial of Service Attack
I've been seeing what appears to be a denial of service attack by flooding my website with registrations. The vbStopForumSpam log shows a bot doing "allowed registration" every 3 seconds.

Are there any products out there which can block people from trying to flood registrations?

And if not, are there any products out there that can block e-mail domains from attempting to register? I know this is a weak countermeasure since all they have to do is change the domain they're attempting to register with but thus far the bot they're using appears to only use one domain for the registration e-mail address.
Reply With Quote
  #2  
Old 01-24-2013, 10:04 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Are they always coming from the same ip, so that you could ban it?
Reply With Quote
  #3  
Old 01-24-2013, 10:39 PM
meissenation meissenation is offline
 
Join Date: Apr 2005
Posts: 476
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Yes and no - the flood of registrations every 3 seconds is under the same IP address and I just IP banned the most recent flood, but about 12 hours ago they flooded the site and had a different IP address.

Unfortunately they also appear to be using clean e-mail addresses and IP addresses as the StopForumSpam database is showing "Allowed registration" for each of the thousands of attempts.. They're not actually registering an account, so I'm guessing they're cancelling the registration right before the "Submit" function.
Reply With Quote
  #4  
Old 01-24-2013, 11:00 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
There are a couple of mods that would block automatic registrations based on time taken to fill out the form, but if they're not actually registering then i don't see what good it would do for you. Isn't the registration only one page? So if SFS is being consulted wouldn't that mean they would have submitted the form? Maybe there's some other error that's stopping them from completing registration (like the form is not filled out correctly).
Reply With Quote
  #5  
Old 01-24-2013, 11:07 PM
meissenation meissenation is offline
 
Join Date: Apr 2005
Posts: 476
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Yeah - maybe they're leaving something blank or failing the captcha? SFS is querying to see if their information is in the SFS database so they must be getting so far in the registration process.

As a fix for now, I IP banned a little over 22 "spammer" countries so hopefully that should help.
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 01:38 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03462 seconds
  • Memory Usage 2,192KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (5)post_thanks_box
  • (5)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit_info
  • (5)postbit
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete