MyBB Community Forums
Beware | MyBB is being attacked - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: 1.8 Support (https://community.mybb.com/forum-175.html)
+--- Forum: Security Management and Support (https://community.mybb.com/forum-179.html)
+--- Thread: Beware | MyBB is being attacked (/thread-217711.html)

Pages: 1 2


Beware | MyBB is being attacked - kbilly - 2018-05-22

Hello!

Please don't get in panic,i wanted just to inform you all of the users using MyBB that we are being attacked.

My forum is being spammed for 4 hours with 200 registration till now,banned them all and disabled registrations on my forum for the moment.I have hidden captcha enabled,google recaptcha enabled,spam check set to 0,but still they were managing to register,how is that possibile?

Here are some proofs:

[attachment=40364] My forum


[attachment=40365] Some other forum using MyBB


[attachment=40366]  MyBB official forum

You can see the number of guests.

The attack has been coming from some Arabic country ,check the usernames.

I hope my post would be helpful.

Regards!

KB


RE: Beware | MyBB is being attacked - mrdangem - 2018-05-23

You might try adding email verification? or change your security question harder?


RE: Beware | MyBB is being attacked - kbilly - 2018-05-23

Everything is enabled!

And that is what makes me afraid.

How is it possibile to bypass all that and make so many registrations in some hours?


RE: Beware | MyBB is being attacked - bhs - 2018-05-23

Very interesting indeed Confused


RE: Beware | MyBB is being attacked - Matt - 2018-05-23

I think saying MyBB is being "attacked" because of a high number of guest users is somewhat dramatic, you'll most likely find this on any other forum software, there's always going to be spammers trying to sign up, it's not a new thing.

These days, people in places like India are paid to sit and sign up to forums and submit spam contact messages, so they'll get around any protection you put in place because it's not a bot doing it, it's an actual person. Shot of trying to find a pattern to the email addresses and blocking then, blocking whole country IP ranges, or seeing if Cloudflare can detect and block them, there won't be a lot you can do.


RE: Beware | MyBB is being attacked - kbilly - 2018-05-23

Yes,you are right,i checked some other forums too,they are also having too many guests since a day or two.

On mine,i still see many guests visiting the registration page.

But i am afraid that our software has some vulnerability that has been perhaps found.

Let us see,how long will it go.

Regards!


RE: Beware | MyBB is being attacked - Omar G. - 2018-05-24

I won't tag this as unnormal behavior either.


RE: Beware | MyBB is being attacked - s3_gunzel - 2018-05-24

(2018-05-23, 11:29 AM)Matt Wrote: I think saying MyBB is being "attacked" because of a high number of guest users is somewhat dramatic, you'll most likely find this on any other forum software, there's always going to be spammers trying to sign up, it's not a new thing.

This.

Using guest counts as a metric is terrible anyway.


RE: Beware | MyBB is being attacked - kbilly - 2018-05-24

Well,my forum is only one year old and i have never faced this kinda issue, so, i wanted to make it present to the community as even on this forum we are still having those 500 guests visiting that is terribile anyway.

What made me shocked was all those registrations made in some hours with Google recaptcha and every other security enabled.

It was a wise decision to disable registrations on my forum as on some other MYBB based forum, i have seen all those new registered users are now making scam threads in every single section.

Well, on my forum things are getting better now as i'm not having all those guests anymore .

Taking to a friend, he told me it was a DDOS attack.

Regards!


RE: Beware | MyBB is being attacked - labrocca - 2018-05-24

I saw this a few days ago. I think it's bots grabbing data before GDPR changes and it's done by a nation state like China or Russia to gain as much member data as possible. These bots are not posting. If you view your logs you'll see it viewing threads and member profiles.

It's not a DDOS attack either because it's just slow enough to not effect the site with a reasonable host. Unless you view logs or check your guest activity you wouldn't even notice. DDOS intent is to deny service, this doesn't do that.

I stopped the attack by blocking China, Russia, and a couple other countries where MOST of the IPs were coming from but it was using hundreds, if not thousands. After going after the attack and countering it for 3-4 hours it finally stopped. Unsure if I finally triggered something on the bots end or someone manually noticed the blocks.

It also seems to use an existing cookie that's logged in to an account. With that cookie it will view the forum areas from multiple IPs. So I may have closed the correct accounts it was using to create the cookie and when my site stopped providing data it went offline.

It's annoying but I've seen bots like this before and I think the objective is just data mining.