MyBB Community Forums
Questions about hacks/spam/spambots - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: 1.8 Support (https://community.mybb.com/forum-175.html)
+--- Forum: Security Management and Support (https://community.mybb.com/forum-179.html)
+--- Thread: Questions about hacks/spam/spambots (/thread-173633.html)



Questions about hacks/spam/spambots - gadgetadmin - 2015-07-28

We're just putting our new forum site online, and somehow, 3 times over the past month or so, with there being no public access to the domain (its a subdomain off of our main site), the forum/threads have been filled to capacity with junk posts and junk accounts.

I've cleaned the databases, and we've gone to the toughest account creation methods. But its the third time I had to do surgery on the thing, and we're not even live yet.

The forums here are helpful, but I have some questions.

1) Is there something specific about MyBB that makes it so prone to hack attacks, and how can I combat them
2) I know all community forums get attacked from time to time, is there any way to insulate from the attacks
3) Are there specific plugins I should be using to prevent or rapidly fix the problems when they occur.
4) I'm systematically wildcard blocking the domains that are doing most of the mischief. Is there a database somewhere that lists these per chance?

So far, the software is great to work with. But the constant attacks are a growing a little tiring. I assume that no forum software package is immune, so


RE: Questions about hacks/spam/spambots - Torengo - 2015-07-28

(2015-07-28, 01:27 AM)gadgetadmin Wrote: We're just putting our new forum site online, and somehow, 3 times over the past month or so, with there being no public access to the domain (its a subdomain off of our main site), the forum/threads have been filled to capacity with junk posts and junk accounts.

I've cleaned the databases, and we've gone to the toughest account creation methods.  But its the third time I had to do surgery on the thing, and we're not even live yet.

The forums here are helpful, but I have some questions.

1) Is there something specific about MyBB that makes it so prone to hack attacks, and how can I combat them
2) I know all community forums get attacked from time to time, is there any way to insulate from the attacks
3) Are there specific plugins I should be using to prevent or rapidly fix the problems when they occur.
4) I'm systematically wildcard blocking the domains that are doing most of the mischief.  Is there a database somewhere that lists these per chance?

So far, the software is great to work with.  But the constant attacks are a growing a little tiring.  I assume that no forum software package is immune, so

Use CloudFlare
Use BotScout for MyBB plugin
Use Akismet plugin
Use Javascript Bot Protection plugin
Install ZB Block http://www.spambotsecurity.com/zbblock_download.php
Search for .htaccess mods to block spammers, spamming User-Agents
Have ReCaptcha enabled

Also, just disable registrations until you go live.

Forgive me if that came off as terse.


RE: Questions about hacks/spam/spambots - gadgetadmin - 2015-07-28

(2015-07-28, 02:37 AM)Torengo Wrote:
(2015-07-28, 01:27 AM)gadgetadmin Wrote: We're just putting our new forum site online, and somehow, 3 times over the past month or so, with there being no public access to the domain (its a subdomain off of our main site), the forum/threads have been filled to capacity with junk posts and junk accounts.

I've cleaned the databases, and we've gone to the toughest account creation methods.  But its the third time I had to do surgery on the thing, and we're not even live yet.

The forums here are helpful, but I have some questions.

1) Is there something specific about MyBB that makes it so prone to hack attacks, and how can I combat them
2) I know all community forums get attacked from time to time, is there any way to insulate from the attacks
3) Are there specific plugins I should be using to prevent or rapidly fix the problems when they occur.
4) I'm systematically wildcard blocking the domains that are doing most of the mischief.  Is there a database somewhere that lists these per chance?

So far, the software is great to work with.  But the constant attacks are a growing a little tiring.  I assume that no forum software package is immune, so

Use CloudFlare
Use BotScout for MyBB plugin
Use Akismet plugin
Use Javascript Bot Protection plugin
Install ZB Block http://www.spambotsecurity.com/zbblock_download.php
Search for .htaccess mods to block spammers, spamming User-Agents
Have ReCaptcha enabled

Also, just disable registrations until you go live.

Forgive me if that came off as terse.

Not terse at all! Instructive and clear


RE: Questions about hacks/spam/spambots - Josh H. - 2015-07-29

Quote:1) Is there something specific about MyBB that makes it so prone to hack attacks, and how can I combat them
Nope, as much as it might seem so to some people. Make sure you've got reCaptcha or the noCaptcha captcha running, as well as the plugins mentioned above. If you do those things right, it should be pretty unlikely for any spammers to get in. If they do, the Purge Spammer tool is amazingly useful.

Also, add some customized Security Questions to your registration page from the ACP. Custom questions take down pretty much all non-human spammers.
Quote:2) I know all community forums get attacked from time to time, is there any way to insulate from the attacks
The plugins listed by the previous poster are a solid list and should pretty much end the spam.
Quote:3) Are there specific plugins I should be using to prevent or rapidly fix the problems when they occur.
Take advantage of the Purge Spammer tool when they do occur. The previous poster also listed some good plugins.
Quote:4) I'm systematically wildcard blocking the domains that are doing most of the mischief. Is there a database somewhere that lists these per chance?
StopForumSpam is a great resource, and is integrated into the MyBB core, so that *should* already be happening for the most part, but you never know.


RE: Questions about hacks/spam/spambots - laie_techie - 2015-07-29

(2015-07-28, 01:27 AM)gadgetadmin Wrote: 4) I'm systematically wildcard blocking the domains that are doing most of the mischief.  Is there a database somewhere that lists these per chance?

Check out the Downloads at StopForumSpam. I wrote some custom tasks which download the weekly archives for IPs, emails, and usernames (though IPs catch more than username or email) once per day. It then grabs each record above a certain threshold and sees if it's already banned; if not it bans the email / ip / username using the "last seen" field of the files from StopFormSpam as the "date added" for the ban filters. Don't forget to update the banned_ip and banned_email caches after you are finished!

This task caused my banfilters table to get too big, so I created a different task which will prune filters at least 2 weeks old but haven't been triggered in the last 2 weeks. Again you need to update your cache.


RE: Questions about hacks/spam/spambots - Torengo - 2015-08-25

(2015-07-29, 08:24 PM)laie_techie Wrote:
(2015-07-28, 01:27 AM)gadgetadmin Wrote: 4) I'm systematically wildcard blocking the domains that are doing most of the mischief.  Is there a database somewhere that lists these per chance?

Check out the Downloads at StopForumSpam. I wrote some custom tasks which download the weekly archives for IPs, emails, and usernames (though IPs catch more than username or email) once per day. It then grabs each record above a certain threshold and sees if it's already banned; if not it bans the email / ip / username using the "last seen" field of the files from StopFormSpam as the "date added" for the ban filters. Don't forget to update the banned_ip and banned_email caches after you are finished!

This task caused my banfilters table to get too big, so I created a different task which will prune filters at least 2 weeks old but haven't been triggered in the last 2 weeks. Again you need to update your cache.

Share, please


RE: Questions about hacks/spam/spambots - Euan T - 2015-08-25

(2015-08-25, 03:06 PM)Torengo Wrote:
(2015-07-29, 08:24 PM)laie_techie Wrote:
(2015-07-28, 01:27 AM)gadgetadmin Wrote: 4) I'm systematically wildcard blocking the domains that are doing most of the mischief.  Is there a database somewhere that lists these per chance?

Check out the Downloads at StopForumSpam. I wrote some custom tasks which download the weekly archives for IPs, emails, and usernames (though IPs catch more than username or email) once per day. It then grabs each record above a certain threshold and sees if it's already banned; if not it bans the email / ip / username using the "last seen" field of the files from StopFormSpam as the "date added" for the ban filters. Don't forget to update the banned_ip and banned_email caches after you are finished!

This task caused my banfilters table to get too big, so I created a different task which will prune filters at least 2 weeks old but haven't been triggered in the last 2 weeks. Again you need to update your cache.

Share, please

That kind of thing's far better done at the web server level (or even better, the firewall level). I used to use a cron job to automatically fetch the spamhaus IP drop list every so often and block those IPs from Nginx automatically: http://www.mybbstuff.com/showthread.php?tid=61