The Arcive of Official vBulletin Modifications Site.

fjeans1 · #1 08-01-2013, 04:13 PM

just curious and will let to hear what you guy used to prevent spam and hack attempt
for spam attempt i find a few good one here like spam o matic but for hack the only few i knew is cloudflare then recently found zb block seem to work with php script not yet tryed so far

Andy.H · #2 08-02-2013, 03:15 PM

KeyCAPTCHA and Spam-o-matic for us...

The first one stops 99.5% of them at registration. For the .5% that do get through, we have Spam-o-matic with it's handy Quick Cleanup option to wipe out the spammer and all its posts, pm's, etc. with a couple of clicks

fjeans1 · #3 08-02-2013, 08:03 PM

yes same here i just added them today as well using the free version one keycaptcha
for spam o matic i just started using but i did see it blocking some spam post which was good

some update regard the zb block i just installed finally manage to install it today ,well it does block alot so maybe it include some inoccent user i didnt yet to knew to config it fully but for those who looking some free script firewall i think it a good alt for dnp firewall as zb block still updating often

rhody401 · #4 08-02-2013, 09:58 PM

We use these:

A series of 6 random Q&A Human Verification Options (industry related to forum purpose)
VB Bad Behavior (checks for mischievous scripts)
Spambot Stopper (if a bot fills it out too fast, it will reject)
Glowhost Spam-O-Matic (Checks email and IP against known spammer blacklists. Make sure you DONT have the username checking enabled)
Mandatory custom fields (industry related, for verification)
Once email verified, they're moved to a temporary group. Then the mods manually move them to their final security group, and send them a personal welcome email. (based on membership status to our trade org)

The above tools stop 99.9% of them.

However, I'm here tonight looking for info because someone DID get through somehow. They were able to make an account without answering the mandatory profile fields, and I'm baffled at how this was possible. Any ideas? I checked all the files and none were suspect, I repaired/optimized tables, have didnt see anything odd in the server logs. This one has be concerned and puzzled. The IP was from Spain and their email, account name, and ip are not on stopforumspam.com

Simon Lloyd · #5 08-02-2013, 10:26 PM

It has to have been by direct injection then!, you must have a suspect or insecure php script or a query that hasn't been cleaned which has allowed sql injection but it's odd to only have one???

rhody401 · #6 08-02-2013, 11:14 PM

I'm keeping a watchful eye on it, because that's what I'm worried about. Anything I have added is a current version.

Simon Lloyd · #7 08-02-2013, 11:44 PM

That doesn't mean to say that things have been escaped or cleaned properly in the coding!

fjeans1 · #8 08-03-2013, 05:53 AM

Quote:

A series of 6 random Q&A Human Verification Options (industry related to forum purpose)
VB Bad Behavior (checks for mischievous scripts)
Spambot Stopper (if a bot fills it out too fast, it will reject)
Glowhost Spam-O-Matic (Checks email and IP against known spammer blacklists. Make sure you DONT have the username checking enabled)
Mandatory custom fields (industry related, for verification)
Once email verified, they're moved to a temporary group. Then the mods manually move them to their final security group, and send them a personal welcome email. (based on membership status to our trade org)

just my opinion it better to add more random question if you use question alone without captcha ,but that are nice list out there for defend against spam ,well even vbulletin is secure and tested against variety of attack it still better to add one or two defend for hacking attempt as well

Quote:

Mandatory custom fields (industry related, for verification)
Once email verified, they're moved to a temporary group. Then the mods manually move them to their final security group, and send them a personal welcome email. (based on membership status to our trade org)

sound like nice trick that i can consider trying to add to my forum as well i think you did pretty much well on defend against spam but there will still be cases when pple do the spamming manaully by hand for those who didnt have the tool so one or two case of bypass is normal so no worry bro

not sure if it useful but so far i follow some tip in removing forum version as people will check for specific possible attempt on google depend on your version ,and secondly i changes the admin and mod cp path

rhody401 · #9 08-03-2013, 10:45 AM

I thought captcha was beat last year, and no longer used? Did they fix that/improve it?

The rotation of Q&A are industry related to the purpose of the forum. It's unlikely that a spammer would know any of the correct answers.

I havent had any other mysterious accounts yet, from the above concern, but will be keeping an eye on it. There are remnants of a couple old scripts with some files left behind, which I will purge today - just in case one of those is the culprit.

fjeans1 · #10 08-03-2013, 03:41 PM

Quote:

I thought captcha was beat last year, and no longer used? Did they fix that/improve it?

yes i read some news regard it as well but i then i just added it for extra defense

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04661 seconds Memory Usage 2,251KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (3)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (10)post_thanks_box (10)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (10)post_thanks_postbit_info (10)postbit (10)postbit_onlinestatus (10)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!