HELP! I'm getting spammed!

[bbrian017]

Is anyone else having this issues, after e-mail confirmation mod install?

User Management Sorting wrong any advice?

[Peter]

Quote:

Originally Posted by katlis

That little math quiz I added seems to have worked. No new spammer registrations since the change. If they get they can't solve 8 + 1, they're not registering on luxa.org. Deleting the spammers was a breeze in phpmyadmin. I may change up the quiz once in a while, along with the form field name. On a side note, I don't use CAPTCHA, and my registration process is only one step.

Hit 300 legitimate members today. :)

Doing this stopped all user registration for working.

I did it and just noticed by a user, registration its not working, I tried creating a user and the result is failed.

Did you test creating a user for confirming its working ok ?

I did it and also have default image verification in pligg 9.8.2.

Peter.

[joehunk]

Here is what I learned from the previous attack. Don't patch anything on your pligg site unless it is proven working by the anyone or suggested by the Pligg Dev team.

My pligg site is now sitting fine after patching one piece of code - renaming register.php. As far as I know, the spammer is using this file in his/her/they code. So, if all of us is to renamed it something different --- he/she/they need to go each of our site before the attack. I am planning on renaming it at least once a week.

How to do it?

Go to /libs/html1.php and find this code;

If ($x == "register") {return my_pligg_base."/register.php";}

replaced register.php to anything you want like register-no-spammer.php

-------------------------------------
my pligg site: eBenta.Com / Published

[Dubai]

I got spamed as well - over 10'000 new users! Funnily and luckily enough there's not a single comment spam.

[katlis]

Quote:

Originally Posted by Peter

Doing this stopped all user registration for working.

I did it and just noticed by a user, registration its not working, I tried creating a user and the result is failed.

Did you test creating a user for confirming its working ok ?

I did it and also have default image verification in pligg 9.8.2.

Peter.

It's working fine here. I've had 16 legitimate users sign up since the mod. I'm using Pligg 9.6.

[rmorrill]

Quote:

Originally Posted by bbrian017

Is anyone else having this issues, after e-mail confirmation mod install?

User Management Sorting wrong any advice?

No, I see them in my logs, I see nothing in the database, life is good. hope that helps. r/d

[bbrian017]

yeah my data base is fine too just the User Management page that's displaying all weird?

[Iceburg]

I received no comments either, that would have been a mess... I did although received 800+ users before I followed:

Quote:

joehunk
Go to /libs/html1.php and find this code;

If ($x == "register") {return my_pligg_base."/register.php";}

replaced register.php to anything you want like register-no-spammer.php

I also noticed that the spammers added two entries to my Auto RSS import on one of my sites, they don't look to be set up right, but I deleted them anyway. Just thought you guys should check it out and make sure you don't have auto RSS enteries too. If you have that module installed.

[cosmok]

Quote:

Originally Posted by joehunk

Here is what I learned from the previous attack. Don't patch anything on your pligg site unless it is proven working by the anyone or suggested by the Pligg Dev team.

My pligg site is now sitting fine after patching one piece of code - renaming register.php. As far as I know, the spammer is using this file in his/her/they code. So, if all of us is to renamed it something different --- he/she/they need to go each of our site before the attack. I am planning on renaming it at least once a week.

How to do it?

Go to /libs/html1.php and find this code;

If ($x == "register") {return my_pligg_base."/register.php";}

replaced register.php to anything you want like register-no-spammer.php

-------------------------------------
my pligg site: eBenta.Com / Published

That is nice info! After doing what you have suggested, I wrote a little script to catch the spam-bots trying to register through register.php. So after renaming register.php to something else, I created a file to store the ip addresses of the bots (and maybe I can feed them to the Spam Plugin).

Code:

<?php
$myFile = "ip.txt";
$fh = fopen($myFile, 'a') or die("can't open file");
  if (getenv('HTTP_X_FORWARDED_FOR')) {
    $ip=(getenv('HTTP_X_FORWARDED_FOR'));
   }
  else {
    $ip=(getenv('REMOTE_ADDR'));
   }
$stringData = "$ip\n";
fwrite($fh, $stringData);
fclose($fh);
?>

Just make sure you have file named 'ip.txt' in your root folder and make sure it is writable. Let the fun begin :)

[Iceburg]

Well I lied...

Changing register.php to a new name didn't work.
Adding the rewrite mod to the .htaccess file didn't work.

I am still getting new users in, and the e-mail mod is sending me failures, so I came in this morning to 1200 new failure message. Luckily for me godaddy stopped relaying after the 1200.

Anyway, anyone successfully shut down and verified a fix for this?