MyBB Community Forums

Full Version: Questions about hacks/spam/spambots
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
We're just putting our new forum site online, and somehow, 3 times over the past month or so, with there being no public access to the domain (its a subdomain off of our main site), the forum/threads have been filled to capacity with junk posts and junk accounts.

I've cleaned the databases, and we've gone to the toughest account creation methods. But its the third time I had to do surgery on the thing, and we're not even live yet.

The forums here are helpful, but I have some questions.

1) Is there something specific about MyBB that makes it so prone to hack attacks, and how can I combat them
2) I know all community forums get attacked from time to time, is there any way to insulate from the attacks
3) Are there specific plugins I should be using to prevent or rapidly fix the problems when they occur.
4) I'm systematically wildcard blocking the domains that are doing most of the mischief. Is there a database somewhere that lists these per chance?

So far, the software is great to work with. But the constant attacks are a growing a little tiring. I assume that no forum software package is immune, so
(2015-07-28, 01:27 AM)gadgetadmin Wrote: [ -> ]We're just putting our new forum site online, and somehow, 3 times over the past month or so, with there being no public access to the domain (its a subdomain off of our main site), the forum/threads have been filled to capacity with junk posts and junk accounts.

I've cleaned the databases, and we've gone to the toughest account creation methods.  But its the third time I had to do surgery on the thing, and we're not even live yet.

The forums here are helpful, but I have some questions.

1) Is there something specific about MyBB that makes it so prone to hack attacks, and how can I combat them
2) I know all community forums get attacked from time to time, is there any way to insulate from the attacks
3) Are there specific plugins I should be using to prevent or rapidly fix the problems when they occur.
4) I'm systematically wildcard blocking the domains that are doing most of the mischief.  Is there a database somewhere that lists these per chance?

So far, the software is great to work with.  But the constant attacks are a growing a little tiring.  I assume that no forum software package is immune, so

Use CloudFlare
Use BotScout for MyBB plugin
Use Akismet plugin
Use Javascript Bot Protection plugin
Install ZB Block http://www.spambotsecurity.com/zbblock_download.php
Search for .htaccess mods to block spammers, spamming User-Agents
Have ReCaptcha enabled

Also, just disable registrations until you go live.

Forgive me if that came off as terse.
(2015-07-28, 02:37 AM)Torengo Wrote: [ -> ]
(2015-07-28, 01:27 AM)gadgetadmin Wrote: [ -> ]We're just putting our new forum site online, and somehow, 3 times over the past month or so, with there being no public access to the domain (its a subdomain off of our main site), the forum/threads have been filled to capacity with junk posts and junk accounts.

I've cleaned the databases, and we've gone to the toughest account creation methods.  But its the third time I had to do surgery on the thing, and we're not even live yet.

The forums here are helpful, but I have some questions.

1) Is there something specific about MyBB that makes it so prone to hack attacks, and how can I combat them
2) I know all community forums get attacked from time to time, is there any way to insulate from the attacks
3) Are there specific plugins I should be using to prevent or rapidly fix the problems when they occur.
4) I'm systematically wildcard blocking the domains that are doing most of the mischief.  Is there a database somewhere that lists these per chance?

So far, the software is great to work with.  But the constant attacks are a growing a little tiring.  I assume that no forum software package is immune, so

Use CloudFlare
Use BotScout for MyBB plugin
Use Akismet plugin
Use Javascript Bot Protection plugin
Install ZB Block http://www.spambotsecurity.com/zbblock_download.php
Search for .htaccess mods to block spammers, spamming User-Agents
Have ReCaptcha enabled

Also, just disable registrations until you go live.

Forgive me if that came off as terse.

Not terse at all! Instructive and clear
Quote:1) Is there something specific about MyBB that makes it so prone to hack attacks, and how can I combat them
Nope, as much as it might seem so to some people. Make sure you've got reCaptcha or the noCaptcha captcha running, as well as the plugins mentioned above. If you do those things right, it should be pretty unlikely for any spammers to get in. If they do, the Purge Spammer tool is amazingly useful.

Also, add some customized Security Questions to your registration page from the ACP. Custom questions take down pretty much all non-human spammers.
Quote:2) I know all community forums get attacked from time to time, is there any way to insulate from the attacks
The plugins listed by the previous poster are a solid list and should pretty much end the spam.
Quote:3) Are there specific plugins I should be using to prevent or rapidly fix the problems when they occur.
Take advantage of the Purge Spammer tool when they do occur. The previous poster also listed some good plugins.
Quote:4) I'm systematically wildcard blocking the domains that are doing most of the mischief. Is there a database somewhere that lists these per chance?
StopForumSpam is a great resource, and is integrated into the MyBB core, so that *should* already be happening for the most part, but you never know.
(2015-07-28, 01:27 AM)gadgetadmin Wrote: [ -> ]4) I'm systematically wildcard blocking the domains that are doing most of the mischief.  Is there a database somewhere that lists these per chance?

Check out the Downloads at StopForumSpam. I wrote some custom tasks which download the weekly archives for IPs, emails, and usernames (though IPs catch more than username or email) once per day. It then grabs each record above a certain threshold and sees if it's already banned; if not it bans the email / ip / username using the "last seen" field of the files from StopFormSpam as the "date added" for the ban filters. Don't forget to update the banned_ip and banned_email caches after you are finished!

This task caused my banfilters table to get too big, so I created a different task which will prune filters at least 2 weeks old but haven't been triggered in the last 2 weeks. Again you need to update your cache.
(2015-07-29, 08:24 PM)laie_techie Wrote: [ -> ]
(2015-07-28, 01:27 AM)gadgetadmin Wrote: [ -> ]4) I'm systematically wildcard blocking the domains that are doing most of the mischief.  Is there a database somewhere that lists these per chance?

Check out the Downloads at StopForumSpam. I wrote some custom tasks which download the weekly archives for IPs, emails, and usernames (though IPs catch more than username or email) once per day. It then grabs each record above a certain threshold and sees if it's already banned; if not it bans the email / ip / username using the "last seen" field of the files from StopFormSpam as the "date added" for the ban filters. Don't forget to update the banned_ip and banned_email caches after you are finished!

This task caused my banfilters table to get too big, so I created a different task which will prune filters at least 2 weeks old but haven't been triggered in the last 2 weeks. Again you need to update your cache.

Share, please
(2015-08-25, 03:06 PM)Torengo Wrote: [ -> ]
(2015-07-29, 08:24 PM)laie_techie Wrote: [ -> ]
(2015-07-28, 01:27 AM)gadgetadmin Wrote: [ -> ]4) I'm systematically wildcard blocking the domains that are doing most of the mischief.  Is there a database somewhere that lists these per chance?

Check out the Downloads at StopForumSpam. I wrote some custom tasks which download the weekly archives for IPs, emails, and usernames (though IPs catch more than username or email) once per day. It then grabs each record above a certain threshold and sees if it's already banned; if not it bans the email / ip / username using the "last seen" field of the files from StopFormSpam as the "date added" for the ban filters. Don't forget to update the banned_ip and banned_email caches after you are finished!

This task caused my banfilters table to get too big, so I created a different task which will prune filters at least 2 weeks old but haven't been triggered in the last 2 weeks. Again you need to update your cache.

Share, please

That kind of thing's far better done at the web server level (or even better, the firewall level). I used to use a cron job to automatically fetch the spamhaus IP drop list every so often and block those IPs from Nginx automatically: http://www.mybbstuff.com/showthread.php?tid=61