MyBB Community Forums
Spam Bot Targeting MyBB - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: 1.8 Support (https://community.mybb.com/forum-175.html)
+--- Forum: Security Management and Support (https://community.mybb.com/forum-179.html)
+--- Thread: Spam Bot Targeting MyBB (/thread-216077.html)

Pages: 1 2


Spam Bot Targeting MyBB - Jabberwock - 2018-02-25

Hello everyone, I've encountered a really annoying spam bot attack on my forum.


[Image: Ui3sLwM.png]

I currently use reCAPTCHA invisible, and Stop Forum Spam settings are:


[Image: nx4nS9S.png]

I've tried using Security Questions, however I've failed miserably they even answered the question of: If you choke a smurf, what color does it turn to?
I don't think they are humans as my forum is dead nowadays, they are just very smart bots.
Any help will be appreciated, will be glad to see how eveyone got this solved on their own forums.


RE: Spam Bot Targeting MyBB - sarisisop - 2018-02-25

Set Minimum stop forum spam weighting to 0


RE: Spam Bot Targeting MyBB - labrocca - 2018-02-26

Are they are all from the same email provider?


RE: Spam Bot Targeting MyBB - Jabberwock - 2018-02-26

(2018-02-25, 02:36 PM)sarisisop Wrote: Set Minimum stop forum spam weighting to 0

Still the same.

(2018-02-26, 03:08 AM)labrocca Wrote: Are they are all from the same email provider?

No. For example after I did what sarisisop suggested 3 had managed to register. Two with protonmail.com and one with bnuis.com.
Those two with the same email provider have the same IP http://www.stopforumspam.com/ipcheck/27.6.192.58
The other http://www.stopforumspam.com/ipcheck/182.186.218.251

I guess they were reported after they managed to register

[Image: 6k24zfu.png]

As we speak, another one managed to register from Pakistan

Something isn't right... From all the counter-measures they can't stop the bots?!


RE: Spam Bot Targeting MyBB - laie_techie - 2018-02-26

Here are some ideas:

1. Create a newbie user group where all new messages must be approved. Set this as the default group on activating your account.
2. Set up group promotions. Once someone in your newbie group gets 2 posts approved have them automatically promoted to the regular members group. You'll still get spam, but it won't be visible except for moderators and administrators.
3. Disable guest posting
4. Have multiple security questions.
5. Disable Tapatalk


RE: Spam Bot Targeting MyBB - Jabberwock - 2018-02-26

Hi, laie_techie.
It's sad but all what you said I've already tried to no avail.

Some questions:
Can I blacklist email providers?
Can I stop users who have less than 10 posts from posting URLs?
Are there any useful anti-spam plugins for MyBB?


RE: Spam Bot Targeting MyBB - Brian. - 2018-02-26

Try these plugins :
https://community.mybb.com/mods.php?action=view&pid=603
https://mods.mybb.com/view/restrict-email-domains
https://mods.mybb.com/view/auto-website-removal-in-profile
https://mods.mybb.com/view/limiturlposting

See this to update plugin to 1.8 :
https://community.mybb.com/thread-75646.html


RE: Spam Bot Targeting MyBB - Jabberwock - 2018-02-26

Okay, limiturlposting was useful.

Using this code now:
$plugins->add_hook('newthread_do_newthread_start', 'limit_url_posting');
$plugins->add_hook('newreply_do_newreply_start', 'limit_url_posting');
$plugins->add_hook('editpost_do_editpost_start', 'limit_url_posting');
$plugins->add_hook('xmlhttp_edit_post_end', 'limit_url_posting_xml');
$plugins->add_hook('xmlhttp_edit_subject_start', 'limit_url_posting_xml');

function limit_url_posting()
{
    global $mybb, $settings, $lang;
    
    if (!$mybb->user['uid'] || $settings['purgespammerpostlimit'] > $mybb->user['postnum'])
    {
        $url_pattern = "#((http|https|ftp)://(\S*?\.\S*?))(\s|\;|\)|\]|\[|\{|\}|,|\"|'|:|\<|$|\.\s)#ie";
        if (preg_match($url_pattern, $mybb->input['subject']) || preg_match($url_pattern, $mybb->input['message']))
            error($lang->sprintf('You cannot post a URL until you have made {1} posts.', $settings['purgespammerpostlimit']));
    }
}

function limit_url_posting_xml()
{
    global $mybb, $settings, $lang;
    
    if ($settings['purgespammerpostlimit'] > $mybb->user['postnum'] && ($mybb->input['action'] == 'edit_subject' || ($mybb->input['action'] == 'edit_post' && $mybb->input['do'] == 'update_post')))
    {
        $url_pattern = "#((http|https|ftp)://(\S*?\.\S*?))(\s|\;|\)|\]|\[|\{|\}|,|\"|'|:|\<|$|\.\s)#ie";
        if (preg_match($url_pattern, $mybb->input['value']))
            xmlhttp_error($lang->sprintf('You cannot post a URL until you have made {1} posts.', $settings['purgespammerpostlimit']));
    }
}

This won't delete the spammers account but at least it will stop them from posting.


RE: Spam Bot Targeting MyBB - laie_techie - 2018-02-27

(2018-02-26, 04:29 PM)Jabberwock Wrote: Hi, laie_techie.
It's sad but all what you said I've already tried to no avail.

Some questions:
Can I blacklist email providers?
Can I stop users who have less than 10 posts from posting URLs?
Are there any useful anti-spam plugins for MyBB?

You can block email address domains! ACP => Configuration => Banning => Disallowed Email Addresses.*@domain.com will disable anyone from registering using an email from domain.com.

I have a daily task to download CSV files from stopforumspam and automatically ban problem IPs and email addresses. Additionally, my server's firewall is updated daily to block the most dangerous IPs. IOW, they get a connection refused just trying to connect my web server.


RE: Spam Bot Targeting MyBB - Jabberwock - 2018-02-27

Lol, that reminds me. Back in the day I've had a problem of DDoS attacks on my server. Cloudflare refused to protect me unless I pay them 200$ a month,
That's when I started to code my own DDoS protection similar to what they do. The problem was that I used a Windows server and the implementation of PHP on a IIS Windows Server was horrible.
Later I ported my code so it could run on a Linux and then I moved to OVH hosting which have an anti flood protection, they "vacuum" the traffic incoming with the help of some Cisco devices.

That being said, I thought about what you have said. But are you sure that what you coded is a good addition to the already existing Stop Forum Spam code of MyBB? I mean, the existing code covers that. It's already checking the IPs and emails by sending the info upon registeration so your code shouldn't make any improvement.
The service should already check against the resources at www.stopforumspam.com/downloads doesn't it?