Full Version: happy birthday
did the forums get hacked?
Born Mar-28-1983 WOW baby boom
I don't get it.
QUOTE (mazza @ Mar 28 2007, 04:50 AM) 
did the forums get hacked?
I am going with a definate yes!
This forum has been really sucky at keeping spam bots at bah. Looks like they hit harder this time around....
klaude get your butt in here, and take a look at the bottom of the homepage. That goes for you too jj. Go to the forum homepage and scroll down, down, down....
hrmm, thats no good. It's not hacked, they are just registering users. It's really not a big deal as long as klaude can get here before they start posting.
Edit:
Now that I look closer:
Statistics
Joined: 24-September 06
Profile Views: 2*
Last Seen: 24 Sep 2006
Local Time: Mar 28 2007, 01:11 PM
They joined a while back... So there is nothing to worry about. We just need to take the opportunity to remove them.
Edit:
Now that I look closer:
Statistics
Joined: 24-September 06
Profile Views: 2*
Last Seen: 24 Sep 2006
Local Time: Mar 28 2007, 01:11 PM
They joined a while back... So there is nothing to worry about. We just need to take the opportunity to remove them.
QUOTE (jjhurani @ Mar 28 2007, 01:00 PM)
hrmm, thats no good. It's not hacked, they are just registering users. It's really not a big deal as long as klaude can get here before they start posting.
Edit:
Now that I look closer:
Statistics
Joined: 24-September 06
Profile Views: 2*
Last Seen: 24 Sep 2006
Local Time: Mar 28 2007, 01:11 PM
They joined a while back... So there is nothing to worry about. We just need to take the opportunity to remove them.
Edit:
Now that I look closer:
Statistics
Joined: 24-September 06
Profile Views: 2*
Last Seen: 24 Sep 2006
Local Time: Mar 28 2007, 01:11 PM
They joined a while back... So there is nothing to worry about. We just need to take the opportunity to remove them.
When Kevin gets in I'm going to talk to him about the best way to do that. From looking at profiles SOME of those users are legit.
Well well well. Lets see what to do about all this.
It looks like these accounts were registered in mid-late 2006, so none of this running to the hills screaming "IPB sucks". 
Judging from their user id's they look to have been registered on the old EV1Servers forums. We probably didn't notice them until their birthdays hit and clobbered the main page. I'm gathering account similarities and will have them gone soon.
Judging from their user id's they look to have been registered on the old EV1Servers forums. We probably didn't notice them until their birthdays hit and clobbered the main page. I'm gathering account similarities and will have them gone soon.
Today is everyone's birthday.
Happy Birthday Everyone!!!!!!!
Happy Birthday Everyone!!!!!!!
It was my birthday two days ago. I wasn't born in 1983 though 
Most of them (1200 of them in fact) are gone now. There's still a few lingering spam accounts left, but I can handle those on a case by case basis. The criteria for member deletion were members whose birthdays are today, don't have any posts, icq, aim, yahoo or msn contact information, no website, no avatar, no location, and no photo. The IP addresses of these members have also been banned. There were 725 IP's banned in total, and I suspect most of them belong to proxies, TOR nodes, or compromised residential Internet users. If you think your IP or forum user got caught up in all this please let me know and we'll make sure you're unbanned, though you'll have to register for a new account again. If any other IPB users ran into this here's the script that cleans things up:
CODE
<?php
mysql_connect('localhost', 'myusername', 'mypassword');
mysql_select_db('mydatabase');
/**
* Gather the bad users.
*/
$result = mysql_query('select m.id, m.name, m.ip_address'
.' from ibf_members m, ibf_member_extra e'
.' where e.id=m.id'
.' and m.bday_day=28'
.' and m.bday_month=3'
.' and m.bday_year=1983'
.' and m.posts=0'
.' and m.time_offset=0'
.' and e.icq_number=0'
.' and e.aim_name=\'\''
.' and e.yahoo=\'\''
.' and e.msnname=\'\''
.' and e.avatar_location=\'\''
.' and e.location=\'\''
.' and e.signature=\'\''
.' and e.photo_location=\'\''
.' and e.website=\'\'');
if (mysql_num_rows($result) == 0) {
echo 'No users found. Exiting.';
exit;
}
while (($row = mysql_fetch_assoc($result))) {
echo 'Removing account '.$row['name']."\n";
/**
* Delete the user
*/
$result2 = mysql_query('update ibf_profile_comments set comment_by_member_id=0 where comment_by_member_id='.$row['id']);
$result2 = mysql_query('update ibf_profile_ratings set rating_by_member_id=0 where rating_by_member_id='.$row['id']);
$result2 = mysql_query('delete from ibf_profile_comments where comment_for_member_id='.$row['id']);
$result2 = mysql_query('delete from ibf_profile_comments where rating_for_member_id='.$row['id']);
$result2 = mysql_query('delete from ibf_profile_portal where pp_member_id='.$row['id']);
$result2 = mysql_query('delete from ibf_profile_friends where friends_member_id='.$row['id']);
$result2 = mysql_query('delete from ibf_profile_friends where friends_friend_id='.$row['id']);
$result2 = mysql_query('delete from ibf_pfields_content where member_id='.$row['id']);
$result2 = mysql_query('delete from ibf_member_extra where id='.$row['id']);
$result2 = mysql_query('delete from ibf_members_converge where converge_id='.$row['id']);
$result2 = mysql_query('delete from ibf_tracker where member_id='.$row['id']);
$result2 = mysql_query('delete from ibf_forum_tracker where member_id='.$row['id']);
$result2 = mysql_query('delete from ibf_warn_logs where wlog_mid='.$row['id']);
$result2 = mysql_query('delete from ibf_validating where member_id='.$row['id']);
$result2 = mysql_query('delete from ibf_members where id='.$row['id']);
/**
* Ban the ip address
*/
$result3 = mysql_query('select ban_id from ibf_banfilters where ban_type=\'ip\' and ban_content=\''.$row['ip_address'].'\'');
if (mysql_num_rows($result3) == 0) {
echo 'Banning IP '.$row['ip_address']."\n";
$result4 = mysql_query('insert into ibf_banfilters (ban_type, ban_content, ban_date) values (\'ip\', \''.$row['ip_address'].'\', '.time().')');
}
else {
echo $row['ip_address']." already found in banlist. Skipping.\n";
}
}
/**
* Fix the birthday cache by making sure each birthday belongs to an existing member.
*/
echo "Updating birthday cache.\n";
$result = mysql_query('select cs_value from ibf_cache_store where cs_key=\'birthdays\'');
$old_serialized_array = mysql_result($result, 0, 'cs_value');
$old_array = unserialize($old_serialized_array);
foreach ($old_array as $key => $member) {
$result = mysql_query('select id from ibf_members where id='.$member['id']);
if (mysql_num_rows($result) != 0) {
$new_array[$key] = $member;
}
}
$result = mysql_query('update ibf_cache_store set cs_value=\''.serialize($new_array).'\' where cs_key=\'birthdays\'');
mysql_close();
?>
mysql_connect('localhost', 'myusername', 'mypassword');
mysql_select_db('mydatabase');
/**
* Gather the bad users.
*/
$result = mysql_query('select m.id, m.name, m.ip_address'
.' from ibf_members m, ibf_member_extra e'
.' where e.id=m.id'
.' and m.bday_day=28'
.' and m.bday_month=3'
.' and m.bday_year=1983'
.' and m.posts=0'
.' and m.time_offset=0'
.' and e.icq_number=0'
.' and e.aim_name=\'\''
.' and e.yahoo=\'\''
.' and e.msnname=\'\''
.' and e.avatar_location=\'\''
.' and e.location=\'\''
.' and e.signature=\'\''
.' and e.photo_location=\'\''
.' and e.website=\'\'');
if (mysql_num_rows($result) == 0) {
echo 'No users found. Exiting.';
exit;
}
while (($row = mysql_fetch_assoc($result))) {
echo 'Removing account '.$row['name']."\n";
/**
* Delete the user
*/
$result2 = mysql_query('update ibf_profile_comments set comment_by_member_id=0 where comment_by_member_id='.$row['id']);
$result2 = mysql_query('update ibf_profile_ratings set rating_by_member_id=0 where rating_by_member_id='.$row['id']);
$result2 = mysql_query('delete from ibf_profile_comments where comment_for_member_id='.$row['id']);
$result2 = mysql_query('delete from ibf_profile_comments where rating_for_member_id='.$row['id']);
$result2 = mysql_query('delete from ibf_profile_portal where pp_member_id='.$row['id']);
$result2 = mysql_query('delete from ibf_profile_friends where friends_member_id='.$row['id']);
$result2 = mysql_query('delete from ibf_profile_friends where friends_friend_id='.$row['id']);
$result2 = mysql_query('delete from ibf_pfields_content where member_id='.$row['id']);
$result2 = mysql_query('delete from ibf_member_extra where id='.$row['id']);
$result2 = mysql_query('delete from ibf_members_converge where converge_id='.$row['id']);
$result2 = mysql_query('delete from ibf_tracker where member_id='.$row['id']);
$result2 = mysql_query('delete from ibf_forum_tracker where member_id='.$row['id']);
$result2 = mysql_query('delete from ibf_warn_logs where wlog_mid='.$row['id']);
$result2 = mysql_query('delete from ibf_validating where member_id='.$row['id']);
$result2 = mysql_query('delete from ibf_members where id='.$row['id']);
/**
* Ban the ip address
*/
$result3 = mysql_query('select ban_id from ibf_banfilters where ban_type=\'ip\' and ban_content=\''.$row['ip_address'].'\'');
if (mysql_num_rows($result3) == 0) {
echo 'Banning IP '.$row['ip_address']."\n";
$result4 = mysql_query('insert into ibf_banfilters (ban_type, ban_content, ban_date) values (\'ip\', \''.$row['ip_address'].'\', '.time().')');
}
else {
echo $row['ip_address']." already found in banlist. Skipping.\n";
}
}
/**
* Fix the birthday cache by making sure each birthday belongs to an existing member.
*/
echo "Updating birthday cache.\n";
$result = mysql_query('select cs_value from ibf_cache_store where cs_key=\'birthdays\'');
$old_serialized_array = mysql_result($result, 0, 'cs_value');
$old_array = unserialize($old_serialized_array);
foreach ($old_array as $key => $member) {
$result = mysql_query('select id from ibf_members where id='.$member['id']);
if (mysql_num_rows($result) != 0) {
$new_array[$key] = $member;
}
}
$result = mysql_query('update ibf_cache_store set cs_value=\''.serialize($new_array).'\' where cs_key=\'birthdays\'');
mysql_close();
?>
cool beans !
wait im deleted my BD is 1983 i know lame joke
thanks for the clean up bro
wait im deleted my BD is 1983 i know lame joke
thanks for the clean up bro
Yes, thanks for the clean up and especially the code! I'll save it just incase I need to use it on one of mine.
Thank you, supersysadmin Klaude!
Thank you, supersysadmin Klaude!
I have about 10 spammers a day that register on each forum I admin/mod at. phpbb forums seem to get hit harder, even with visual+admin validation. I threw together a quick admin validation system for phpbb since oddly theres none built in so every day I go through and check box + delete all the new accounts with stupid names like "viagra3424" and "chrissyhot69" etc... they just register tons of accounts and throw blogspot links in their profiles in hope google picks it up. At least thats my guess, since theres no reason to make so many accounts on a forum that won't let you post right away.
QUOTE (Red Squirrel @ Apr 4 2007, 03:14 PM)
I have about 10 spammers a day that register on each forum I admin/mod at. phpbb forums seem to get hit harder, even with visual+admin validation. I threw together a quick admin validation system for phpbb since oddly theres none built in so every day I go through and check box + delete all the new accounts with stupid names like "viagra3424" and "chrissyhot69" etc... they just register tons of accounts and throw blogspot links in their profiles in hope google picks it up. At least thats my guess, since theres no reason to make so many accounts on a forum that won't let you post right away.
You might want to modify the code and add a random image verification scheme to prevent this. _Supposedly_ someone has been toying with a means of allowing the bots to actually read the image and verify correctly. But for the most part this should eliminate the script kiddies.
If you want something a little easier, just change the registration process. Whether it be a page name, or add some check boxes that must be checked to proceed, etc. Anything that will cause the automated process to encounter something it does not know how to handle.
Thats what I noticed too. Most of the spam accounts I've seen don't actually post. They just hope to get better google rankning due to google spidering the forums. You'll notice that most of these accounts come from certain mail domains or IP addresses. Block *@cashette.com and *@*.ru from registering accounts. Also look into blocking TOR IPs from your forums. Here's a shell script to do it with phpbb. I used this on The Planet's old phpbb forums. Also, usually when I close a spam account I look at their email and IP address to see if there's anything I should add to my forum's banlist.
Yeah I'm working on a custom forum system and I originally did not take any of this into account but I will once I get to it, I want to try and come up with a whole new system for validation, and also make it easier for administrators to delete spam accounts. I've seen the vBulletin image verification but that one is so randomized it makes it even hard for humans to interpret so have to keep it usefriendly at the same time. But the idea is to make it totally dynamic as bots will eventually be able to figure things out as they are coded for it.
But the key is deleting them asap, and they loose. Blocking their IPs is probably a good idea too.
But the key is deleting them asap, and they loose. Blocking their IPs is probably a good idea too.
I use a vBulletin system and it runs very well in terms of keeping spammers at bay.
By no means is it as high traffic as this board but I haven't even had trouble with spam accounts.
I use image verification, and some profile fields that must be filled in that are custom to the site. Then they must validate through an email. As the admin I check new registrations everyday to see if anything stupid makes its way in.
By no means is it as high traffic as this board but I haven't even had trouble with spam accounts.
I use image verification, and some profile fields that must be filled in that are custom to the site. Then they must validate through an email. As the admin I check new registrations everyday to see if anything stupid makes its way in.
QUOTE (Creed3020 @ Apr 5 2007, 07:27 AM)
As the admin I check new registrations everyday to see if anything stupid makes its way in.
That's really the best way to do it, and is perfect for smaller forums. Its when you've got more registrations than time on your hands that you have to look into anti-spam autonoma.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.