MyBB Community Forums

MyBB Community Forums > Community > General Discussion > Is 1.8.7 vulnerable?
Full Version: Is 1.8.7 vulnerable?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

alfred702

2016-09-19, 09:04 AM
It seems that with all the spam that is occuring in the General Support column MyBB is under some sort of attack? I don't know but just a question should any of us be aware of this?

s3_gunzel

2016-09-19, 09:40 AM
Spam is not a vulnerability, end of. The only way to stop it is to block access through your servers designated firewall. They're not trying to gain access to the MCP/ACPs.

alfred702

2016-09-19, 09:43 AM
(2016-09-19, 09:40 AM)Ben Cousins Wrote: [ -> ]Spam is not a vulnerability, end of. The only way to stop it is to block access through your servers designated firewall. They're not trying to gain access to the MCP/ACPs.

Why has there been so much traffic here? 400 users in past 15 minutes?  I remember it used to be 10-15 on average.

s3_gunzel

2016-09-19, 09:56 AM
(2016-09-19, 09:43 AM)alfred702 Wrote: [ -> ]Why has there been so much traffic here? 400 users in past 15 minutes?  I remember it used to be 10-15 on average.

Traffic, like spam, is not a vulnerability.

alfred702

2016-09-19, 11:05 AM
(2016-09-19, 09:56 AM)Ben Cousins Wrote: [ -> ]
(2016-09-19, 09:43 AM)alfred702 Wrote: [ -> ]Why has there been so much traffic here? 400 users in past 15 minutes?  I remember it used to be 10-15 on average.

Traffic, like spam, is not a vulnerability.

Was just an off topic question.  I understand that haha.

Matt

2016-09-19, 01:32 PM
We tried asking them but they din't respond Sad

No, it's just bots, we had loads of problems before we started using Clodflare.

alfred702

2016-09-19, 01:34 PM
(2016-09-19, 01:32 PM)Matt Wrote: [ -> ]We tried asking them but they din't respond Sad

No, it's just bots, we had loads of problems before we started using Clodflare.

Interesting.  Which Cloudfare plan are you guys on? Seems expensive.

Cloudfare is very important though; because most hosts don't use VPN's having your real IP exposed is just something you'd rather avoid,.

Josh H.

2016-09-19, 09:38 PM
(2016-09-19, 01:34 PM)alfred702 Wrote: [ -> ]Interesting.  Which Cloudfare plan are you guys on? Seems expensive.

Cloudfare is very important though; because most hosts don't use VPN's having your real IP exposed is just something you'd rather avoid,.

tl;dr: We do what we can to avoid spam and keep our IP private, but it's never enough.

The Pro CF plan AFAIK (so they give us some nice extra things but not everything). We also let SendGrid deal with emails and a Camo server load remote images for us so that our IP isn't divulged by those functions.

There's also an internal antispam plugin we run that tries to unapprove possible spam posts, but I think some more triggers need to be added to it based on the recent type of spam (it changes every few months to something totally different).

I don't _think_ I'm divulging any secrets here. Toungue

alfred702

2016-09-20, 11:31 AM
(2016-09-19, 09:38 PM)Josh H. Wrote: [ -> ]
(2016-09-19, 01:34 PM)alfred702 Wrote: [ -> ]Interesting.  Which Cloudfare plan are you guys on? Seems expensive.

Cloudfare is very important though; because most hosts don't use VPN's having your real IP exposed is just something you'd rather avoid,.

tl;dr: We do what we can to avoid spam and keep our IP private, but it's never enough.

The Pro CF plan AFAIK (so they give us some nice extra things but not everything). We also let SendGrid deal with emails and a Camo server load remote images for us so that our IP isn't divulged by those functions.

There's also an internal antispam plugin we run that tries to unapprove possible spam posts, but I think some more triggers need to be added to it based on the recent type of spam (it changes every few months to something totally different).

I don't _think_ I'm divulging any secrets here. Toungue

Thanks for the info! Helps other people who might have a big forum as well Big Grin

Quote:I don't _think_ I'm divulging any secrets here. Toungue

I don't think you're either.

wommatthew

2016-10-09, 10:18 PM
(2016-09-19, 09:04 AM)alfred702 Wrote: [ -> ]It seems that with all the spam that is occuring in the General Support column MyBB is under some sort of attack?  I don't know but just a question should any of us be aware of this?

Spam is not a vulnerability in the forum software itself but bots acting like real users,

Mybb already provides a lot of spam protection out of the box with stopforumspam intergration and image verification but new bots may still need to be removed manually,

Plug in like Register Time used to exist but i can not find an updated version.


Most of anti-spam in simple adjustment of settings.



If you need any more help from me just reply to me and i will go over it will you in detail.
MyBB Community Forums > Community > General Discussion > Is 1.8.7 vulnerable?