Are you implementing any new spambot protections?

[kazymjir]

I think it's artificial intelligence. It just read this post and spammed all boards!

[hybrid]

Ok, there was also a settings for attempts per IP which we didn't see before. Maybe new, or the value got changed on forum update - but Yoran just reset that and now it seems to work again. And that would make sense as all users have the same IP here.

Ahh, that indeed explains a lot. And yes, works for me now again. Thanks alot.

[kazymjir]

"Attemps per IP" settings will work as long as the spammer(s) will find this and start using more IP addresses. Nowadays obtaining new IP address is as easy as to sign to one of thousands of free hosting services and put PHP file which forwards all HTTP requests.

Ready solutions will not work in many cases, because... spammers knows about them. It's easy to break something if you can freely download it and test your algorithms. Custom solutions are the only solutions. I gave you some ideas with things like CRSF protections and you are still playing with such easy, old and dumb spam "protections" which most geekie 15 years old teenager can break

Instead of guessing, setup some "sniffer" which will be analyzing all traffic that goes through web server and find some common elements that all spammers have. Then, do research how to block them, implement new solution and continue monitoring.

[CuteAlien]

"Attempts per IP" fails here, because of the way SF servers work. And well, our "dumb" spam protections did work rather well over the last months, it's just a few weeks ago that the bots came back so much. And actuallly I still don't know how they break it exactly - customized random questions didn't sound so bad (the idea is to force spammers to have some work as well). Maybe they use wolframalpha to break them.

And complete customized solutions certainly are better. But also are most work - not just once on implementing but also on every forum update, so they are really the last solution you want to try out. There's several more ready spam-protection modules out there, but some of them simply won't work here because the server has some restrictions and some will cause even more work for the admins (like acknowledging each new user manually) or make the registration process for new users really annoying.

[kazymjir]

What are SF servers limitations?

Maybe saying "dumb" is a bad word. These protections are just too much available for everyone. Imagine, that someone wrote super spam protection for PHPBB and releases it. Thousands of forums are starting installing it and it works, because it's something new. But spammers are not sleeping. They can download these protections too, break them and update their scripts. Such public plugin can use thousands of forums, so it's worth to work on breaking it. But if one single forum develops it's own, private protection, who will care about it? Why waste time on such thing, while they can break public plugin which will allow them to break into many sites?

Forum updates is rather no big problem, if you reduce amount of modified core code. For example, HTML can be totally manipulated by one line of code that includes JavaScript. On PHP side, only registration/login pages should be modified. I don't think that every PHPBB software comes with update of these files, so in most cases what will be needed is just to run diff between actual files and these from update.

[hybrid]

SF uses a proxy cascade, which makes the access from outside appear to come from 127.0.0.1. So we don't have any real IP anymore.

[CuteAlien]

Actually just the recent update already broke a one-line modification ;-) (code is using tab-size 8 again, hendu probably is happy ^_^).

[hendu]

Ecstatic.

[kazymjir]

SF uses a proxy cascade, which makes the access from outside appear to come from 127.0.0.1. So we don't have any real IP anymore.

Try this function:

Code: Select all

 
    function getVisitorIP() {
        if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
            return $_SERVER['HTTP_CLIENT_IP'];
        } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
            return $_SERVER['HTTP_X_FORWARDED_FOR'];
        } else {
            return $_SERVER['REMOTE_ADDR'];
        }
    }
 

Actually just the recent update already broke a one-line modification

So this one-liner was wrong!

(code is using tab-size 8 again, hendu probably is happy ^_^)

lol!

[Dareltibus]

Also appened that instead of opening a forum thread/section a totally uncorrelated link opened? (Last time i tried to access "Off-Topic" section I was redirected to a gambling website)

[CuteAlien]

@Dareltibus: No, that never happened to me so far (and I check the forum several times each day). In your case I would rather check your own system with a current virus scanner as redirecting links is pretty typical behaviour for some viruses.

[Dareltibus]

humm, ok thanks