Please upgrade here. These earlier versions are no longer being updated and have security issues.

Spammers getting through registration

tsjtsj New
edited August 2012 in Vanilla 2.0 - 2.8

Hi there

I seem to be getting some spammers by-passing my registration. Nothing has been posted up to the fourm as yet, but they are appearing as users.

I'n using the Approval method for registration - New users are reviewed and approved by an administrator. I am the only person with rights for this. This seems to be fine - spammers are appearing here, but I get to cut them off before they gain access, as the first image show.

The strange thing however is the second image. I go to my user list, I'm getting around a dozen spammers a day appearing here. I can detect these because their first and last visit is almost identical time wise. These ARE NOT names that I have approved. I have to go in and manually delete these.

Weird.

Any ideas?

Many thanks

Image 1

image

Image 2

image

1.jpg 38.2K
2.jpg 34.1K
«1

Comments

  • AoleeAolee Hobbyist & Coder ✭✭

    what version pls?

  • 2.0.18.4

    Thanks

  • AoleeAolee Hobbyist & Coder ✭✭

    do you have recaptcha enabled?

  • ToddTodd Chief Product Officer Vanilla Staff

    Do you have any other registration methods enabled such as twitter or facebook?

  • I do have an account, but it's not an option though for the Approval method of registration, only Basic. I'm not against changing to this if it means cutting out the spammers somehow getting in through the backdoor, but I quite like the Approval method, which was working. I like getting the emails telling me that someone has applied to join.

    Is it possible roll out recaptcha with the Approval method?

    Many thanks...

  • Todd - no, twitter and facebook are both disabled. Really strange how these spammers are signing up without me getting to approve first.

  • I would run through the permissions table again and

    assuming there is no flaw in the approval process.

    1) see who has admin privs.
    2) change all the passwords for admins.
    3) change the password for your vanilla database users.
    4) verify permissions on all directories
    5) remove all plugins and download new versions.
    6) look for any strange code or programs in your directories.
    7) check your plugins against any known hacks.
    8) http://vanillaforums.org/discussion/19285/security-vulnerability-flagging-plugin-2-0-18-2-and-earlier
    9) do you have custom applications
    10) what theme are you using.
    11)

    and you might want to list your plugins

    check for vulnerable plugins:
    http://www.google.com/search?q=site:vanilla.org+xss

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

    UnderDog
  • if for some reason you db tables are a bit suspect.
    easier than a visual check

    you could run this in mysqladmin

      SELECT `RoleID`
        FROM `GDN_Permission`
        WHERE (
        `Garden.Users.Add` > '0'
        OR `Garden.Users.Edit` > '0'
        )
    
    
    for all the role ids that are returned with those privs.
    
    e.g. if 16 and 33 are returned, the use
    
    SELECT `UserID` FROM `GDN_UserRole` WHERE RoleID = "16"   
    SELECT `UserID` FROM `GDN_UserRole` WHERE RoleID = "33"   
    

    this will give you the userids with those permissions.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

    fh111UnderDog
  • Hi there

    Thanks for all the help and advice above. I've tried everything suggested, yet sadly the spammers are still getting through.

    My theme is: Vanillaversion 2.0.18.4by Mark O'Sullivan, the default theme.

    It's really weird. I'm catching some spammers in the usual way through the Approval method of signing up. Viagra, XXX, Britney etc given as reasons for wanting to join. But then when I look at my user list and sort it so that Last Visit is at the top, there are new spammers already there as members that I haven't approved.

    I'm catching them all manually - it would just be good to try and work out how it is happening and then plug it up.

    Thanks

  • once again what plugins do you have enabled?

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • peregrineperegrine MVP
    edited August 2012

    also

    what do you have in your dashboard with respect to this

    is this checked.
    Require users to confirm their email addresses (recommended)Email

    what confirmation role do you have - is it guest.
    Confirmation Role

    did you import your data from another forum or was it a new install?

    what is the role id for your confirmation role?

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • Hi there

    Enabled plugins and Dashboard:

    imageimage

  • Plus the data was imported from a previous install.

  • ToddTodd Chief Product Officer Vanilla Staff

    There's your problem there. You need to do the following.

    1. Create a new role called Verify Email

    2. Give it permission to sign in, but don't give it the ability to post.

    3. On the registration page select this new role instead of Member.

    What is happening is people are getting the member role as soon as they apply. Some are confirming their email address and going to the applicant queue, but others aren't and they are full members.

    Aolee
  • Wonderful!

    Thanks Todd and peregrine for your patience with this.

    I've set up the new role and will sleep on it. I'll see if any spammers get through overnight.

    Many, many thanks again. Really appreciated.

  • fh111fh111 Vanilla Padawan ✭✭

    we had this happen as well in the last few days. did not expect that to become an issue, so we had a special role assigned for users that gave them too many permissions. fixed that.

  • They're still coming through in my overall members list, albeit with the new role assigned.

    Is this right?

    Thanks

    image

    1.jpg 35.9K
  • well they won't be able to post will they if the verify email role is forbidden to post. Your quarantine area.

    you could just watch the ip addresses and block a certain octet. especially if it is from a different country and the spammers use that octet, especially of none of your members are using that octet.

    But I think what you have is the nature of things - they are in the quarantined area. Best to enable the captcha if you want to block the bulk of them. You can use the same approval process with it.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • ToddTodd Chief Product Officer Vanilla Staff

    What you are seeing is correct though. You will get a bunch of spammers sitting in the confirm email role, but they won't be able to do anything.

    Once a user confirms their email then they show up in the approval list.

  • fh111fh111 Vanilla Padawan ✭✭
    edited August 2012

    can they change profile information?

    i noticed one of those spammer accounts placed a link on their profile .. a link to myspace

    her is my Homepage

    http://myspa...

    and so on

    that was before i switched the assigned role to 'confirm email'

Sign In or Register to comment.