HELP! I'm getting spammed!

[davemackey]

Okay, I think I am much closer. I moved my randomizer to near the top of register.php and made it a global variable:
function do_register0() {
global $main_smarty, $the_template, $mynumber;
$number1 = mt_rand(1,10);
$number2 = mt_rand(1,25);
$mynumber = $number1+$number2;
$main_smarty->assign('number1', $number1);
$main_smarty->assign('number2', $number2);
$main_smarty->display($the_template . '/register_step_1.tpl');
}
This successfully makes the numbers visible. Now at the last step it should verify the sum of these two numbers:
if($_POST["addit"] != $mynumber) {
$main_smarty->display($the_template . '/register_error.tpl');
$error = true;
}
But it doesn't. It always fails.

[davemackey]

Thanks Ash. For anyone who is interested, here is the final working code for the meantime:
1. On register_step_1.tpl:
<label>You're Human Right? What is {$number1} + {$number2}?</label>
<input type="text" id="addit" name="addit" size="2" tabindex="5"/>

<br />
2. In register.php:
if($_POST["regfrom"] == 'full'){
$username = $_POST["reg_username"];
$email = $_POST["reg_email"];
$password = $_POST["reg_password"];
$verify = $_POST["reg_password2"];
$theirnumber = $_POST["addit"];

function do_register0() {
global $main_smarty, $the_template, $mynumber;
$number1 = mt_rand(1,10);
$number2 = mt_rand(1,25);
$mynumber = $number1+$number2;
$main_smarty->assign('number1', $number1);
$main_smarty->assign('number2', $number2);
$main_smarty->assign('mynumber', $mynumber);
$main_smarty->display($the_template . '/register_step_1.tpl');

if($password !== $password2) { // if both passwords do not match
$main_smarty->assign('register_error_text', "nopassmatch");
$main_smarty->display($the_template . '/register_error.tpl');
$error = true;
}
if($theirnumber != $mynumber) {
$main_smarty->display($the_template . '/register_error.tpl');
$error = true;
}

Thats it.

[not2serious]

I got hit real bad as well today as well.

I deleted the register and comment tpl's in a panic. I should have renamed them, like some of you did. But, I panicked. I am now going to read all of your posts and decide what to do.

[davemackey]

Okay, strike this:
What the heck. This bot seems pretty intelligent. It is managing to register even with my random number generator authentication. Any ideas anyone? The only thing I can think is it has found another method of registering...
I figured out what the problem is. My changes aren't working. Even if you don't give it the right values to the rand addition it lets you go.
David.

[joehunk]

Dave, you are saying you are still in attack after implementing the random # generator auth'n you wrote above? right?

So, it means no luck on this solution ha. Seems like this bot is so intelligent that he knows PLIGG core code. Hmmm..... I stop working on the solution this morning and now I am ready to look at "HOW INTELLIGENT" this bot is. If I find the solution, I'll post here quickly.

----------------------------------
My pligg site: www.ebenta.com

[edpudol]

Quote:

Originally Posted by davemackey

Okay, strike this:
What the heck. This bot seems pretty intelligent. It is managing to register even with my random number generator authentication. Any ideas anyone? The only thing I can think is it has found another method of registering...
I figured out what the problem is. My changes aren't working. Even if you don't give it the right values to the rand addition it lets you go.
David.

Yes most of us who are using pligg getting this attack, and I guess the problem was address in this post.

Hackers using PyCurl to bypass registration

So even we tried put some code in our site, there is a hole where the hacker using to spam our sites.

I hope pligg dev team can see this problem.....

[hoho]

I've this problem too. :(

More than 2,000 spam users and 3,000 spam comments (and keep going). Hope someone can help.

[Yankidank]

Thanks for pointing out the article edpudol, we're looking into fixing this problem and other methods to stop spam.

[not2serious]

Quote:

Originally Posted by bbrian017

I would suggest 2 things in order to avoid spam. Sad but here they are,

#1- stay away from pliggsites.com it s a heat score

#2 - don't post in the my pligg site forum it's also a heat score.

Just so everyone knows that this is not the source of the attack. I have not registered on pliggsites nor have I posted my site in "my pligg site," but am under attack.

Unfortunately, I have no time to implement any of the fixes yet, but did delete the register and comment files from my server and it has stopped the progression. I will work on cleaning up the mess over the next few days.

[rmorrill]

Quote:

Originally Posted by edpudol

Yes most of us who are using pligg getting this attack, and I guess the problem was address in this post.

Hackers using PyCurl to bypass registration

So even we tried put some code in our site, there is a hole where the hacker using to spam our sites.

I hope pligg dev team can see this problem.....

interesting that it is not just me, didn't think to look here, but I can help diagnose what is happening from the security viewpoint. It is interesting to watch this, but the bubba has only made some 500 accounts on mine, and I am back in the db deleting them.

The behavior though is coming in spirts, like he/she/they is testing the code. The question, how many pligg installs are there?