MyBB Community Forums

We're going to be moving to MyBB soon... but for right now we're stuck on phpBB. The trouble with that is, there's tons of spam bots out there that *completely defeat* all of phpBB's anti-spam measures. Out of desperation, we're going to start banning and tracking entire ISPs and Netblocks of known networks that do nothing about rogue spam/malicious traffic. This tends to be IPs very heavily concentrated in Asia, Western Europe, and Oceania... particularly China, North Korea, Hong Kong, Taiwan, Malaysia, and Singapore.

The advantage of banning entire ISPs and Netblocks from these countries is that you take care of the overwhelming majority of spam and malicious traffic. The disadvantage is you also ban any legit users who may be in that area. For us, almost all traffic is in the United States... so this isn't a big problem. But for others this could be a massive problem.

So, would there be interest in us publishing our Rogue Network Ban List here, so that you can ban the same IPs on your server / MyBB? Turn away the bad guys at the front door before they even get a chance to take a shot at MyBB's defenses, so to speak. Even after we switch to MyBB, we'll leave phpBB around as a honeypot for spammers so we can further advance our list.

Lemme know if you guys are interested.

Anyone? Bueller?

Well Mybb's security is far more better then phpbb. I never had any issues nor any sort of users your talking about.

rcpalace Wrote:Well Mybb's security is far more better then phpbb. I never had any issues nor any sort of users your talking about.

Of course ; it's just an extra layer of security for those who might like it. Don't even give a chance to networks where the overwhelming majority of malicious/spam traffic comes from.

If you switch to mybb you won't need to bother with that list. That's why you should switch.

I have over 2 dozens mybb sites and I don't get spam bots at all. When I was on phpbb it was 5-10 signups per day easily. With mybb it's ZERO. So far the spammers have been manual and they have been very few...as it should be. Even VB has spam bot problems.

My personal belief is that if you have to waste time creating a honeypot then you are using the wrong software.

Well, right now we *can't* move to MyBB due to performance problems (which are fixed in the current Beta!!). But when we do, we'll probably still ban a large portion of the list, because the spam IPs that show up as spamming our phpBB with bots are the same IPs that show up trying to brute force password crack our SSH login are the same IPs that show up trying to brute force password crack our control panel login etc.

SSH brute force attacks suck. You should setup your SSH for login from certain IPs. That would shut the attempts down cold. Better to have an inclusive list than an exclusive one. Best deal is if you have more than one server or access to an extra dedicated and set your home as well as the extra IP as the only ones allowed in. At least then if you are roaming you have to first login to system A then go to system B.

Interestingly, I've got spammed before by some bots, but then, it really depends on a few factors - almost all spam I've got were in places where Guests could post. Also, the context of my site would sorda attract those types of spam I guess.

Basically, if you don't allow Guest posting, you'll probably never get spam

labrocca Wrote:SSH brute force attacks suck. You should setup your SSH for login from certain IPs. That would shut the attempts down cold. Better to have an inclusive list than an exclusive one. Best deal is if you have more than one server or access to an extra dedicated and set your home as well as the extra IP as the only ones allowed in. At least then if you are roaming you have to first login to system A then go to system B.

No, proper security would be only allowing key based SSH authentication... which is what we do. I do server administration and security for a living

Well trust me, spam bots declined from 20-30 / day to 0 since i switched to MyBB. About SSH, why let anyone access it all? Just set a different port for it or just set it at a different ip address than your website domain's ip.