Is there currently some sort of mybb hack or something? Because o my site, I
Keep getting pounded by spam bots and captcha doesn't work, I can't IP ban them because the IP doesn't come up, and upon their sign up, they get placed, or hack their way to there, to the DEFAULT SECTIONAL MODERATOR GROUP!
Without making that group a banned group, how do I stop this and HOW ARE THEY DOING IT?! It's driving me crazy, I had to turn off registrations!
PS: The default group to be placed after signup is "Registered", and they have no permissions to join ANY group!
No 0day exploits to my knowledge.
I'm not quite sure how this is happening. Create a test account for yourself and see if the join group link is showing in the UserCP.
(2011-09-02, 03:12 AM)Siege Wrote: [ -> ]No 0day exploits to my knowledge.
I'm not quite sure how this is happening. Create a test account for yourself and see if the join group link is showing in the UserCP.
No it isn't, there is a "Gold Membership" group, In which all join requests must be approved, and once a user is part of that user group, they have permission to join 5 others freely (Blue Username, Yellow Username, Green Username, Purple Username, Pink Username), and all of those groups have permission to koi eachother only, no moderator group, (Ex: Blue Username can join Yellow username, and vise versa so that they can switch at any time)... So... And other ideas what it could be?
Sorry. But I am out of ideas then.
I EVEN HAVE AN EMAIL CONFIRMATION ON AND THEY STILL BYPASS IT!!!! WTF?
AND THEY POST THE SAME EXACT SPAM MESSAGES AND I HAVE 325 REAL MEMBERS, NOW I HAVE 3455 MEMBERS, and 85% OF THEM ARE BOTS! THEY ARE DESTROYING MY FORUM!
There is no know exploit for MyBB. You are doing something wrong with group membership. Have you edited any of the usergroups like Registered, Moderator, Super moderator, etc?
Also, to prevent bots, install Re-captcha and security questions plugins.
(2011-09-02, 03:25 AM)Mod Wrote: [ -> ]I EVEN HAVE AN EMAIL CONFIRMATION ON AND THEY STILL BYPASS IT!!!! WTF?
AND THEY POST THE SAME EXACT SPAM MESSAGES AND I HAVE 325 REAL MEMBERS, NOW I HAVE 3455 MEMBERS, and 85% OF THEM ARE BOTS! THEY ARE DESTROYING MY FORUM!
BOT'S CAN BYPASS EMAIL CONFIRMATION YOU KNOW
PLEASE STOP YELLING AT US WITH CAPS-LOCK, IT'S NOT OUR FAULT BOT'S TOOK OVER YOUR FORUM.
Is your bot group set to moderators?
Is it possible your site has been compromised and the code modified?
Has a priv account been compromised?
Could your db be getting modified directly?
I'd change all the passwords and check the code for changes.
This will help you
(2011-07-26, 06:22 PM)faviouz Wrote: [ -> ]Well, you can't just "block" bots by enabling a button or something. Unfortunately, that's not how it works. Spam will always be a problem on the internet. And even though nowadays spam is created by real humans instead of bots, there are ways to reduce it. I recommend installing these plugins:
http://mods.mybb.com/view/stopforumspam-com-for-mybb
http://mods.mybb.com/view/fassim-anitspam
http://mods.mybb.com/view/recaptcha
http://mods.mybb.com/view/registration-s...y-question
These should help stop most spammers during registration. But for those who get it in, you can also use these:
http://mods.mybb.com/view/goodbye-spammer
http://yaldaram.com/showthread.php?tid=84
http://mybbhacks.zingaburga.com/showthread.php?tid=356
Those last two are, in my opinion, the best protection you can take against spammers. Why? Spammers usually register with the goal to spam your forum with links to their client's websites. By stopping them from using links in signatures, profiles and posts, they will probably leave and never come back. Who cares about a few nonsense posts, it's free content. At least I know they failed their mission!