Botnets injecting direct to register.php. HELP!

Collapse
X
Collapse
 
  • Page of 2
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • Steve Machol
    Former Customer Support Manager
    • Jul 2000
    • 154488
    #16
    Originally posted by XXP
    This is different because these bots seem to be actually getting register.php to do something bad. Not sure what, but am sure that it involves sending out emails from our server.
    Actually as I understand it all they are doiung is using a fake email address, and since you have vB set up to verify all emails during registration, you are getting bounced email notices for those fake address. This is exactly what vB is supposed to do in these situations.

    Personally I doubt these are bots is you are using the human verification options you say you are. These are probably low-paid humans manually registering on behalf of spammers.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography

    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


      Comment

      • XXP
        Member
        • Jan 2007
        • 82
        #17
        Thanks, but these guys are going straight to register.php. They don't come from a link from our site so only replacing the first step won't help -- they are going around that first step anyway. They are not being trapped by bad referer filters.

        The loaded queries come from many different IP addresses. We've tried blocking the most egregious, but there are too many for this to be a practical prophylactic.

          Comment

          • Zachery
            Former vBulletin Support
            • Jul 2002
            • 59097
            #18
            You cannot get around any steps in register.php without manually completing them.

              Comment

              • Alfa1
                Senior Member
                • Dec 2005
                • 4165
                • 3.8.x
                #19
                Could you have a look at the bounced emails and see if there is anything strange in that?
                I buy 420 forums

                  Comment

                  • XXP
                    Member
                    • Jan 2007
                    • 82
                    #20
                    The largest number seem to be directed at a fake address; email-at-gmail-dot-com. Google isn't happy and is reporting that this address is receiving mail at too high a rate. Obviously not real and probably masking whatever the thing is really doing, but that's above my pay grade.

                      Comment

                      • XXP
                        Member
                        • Jan 2007
                        • 82
                        #21
                        Originally posted by Zachery
                        You cannot get around any steps in register.php without manually completing them.
                        Would be happy to show the support team a sample of the strings being sent directly to the script. Of course, would have to PM you to do that... LOL

                          Comment

                          • Trevor Hannant
                            vBulletin Support
                            • Aug 2002
                            • 24358
                            • 5.7.X
                            #22
                            Or raise a Support Ticket....
                            Vote for:

                            - Admin Settable Paid Subscription Reminder Timeframe (vB6)
                            - Add Admin ability to auto-subscribe users to specific channel(s) (vB6)

                              Comment

                              • Alfa1
                                Senior Member
                                • Dec 2005
                                • 4165
                                • 3.8.x
                                #23
                                Originally posted by XXP
                                The largest number seem to be directed at a fake address; email-at-gmail-dot-com. Google isn't happy and is reporting that this address is receiving mail at too high a rate. Obviously not real and probably masking whatever the thing is really doing, but that's above my pay grade.
                                What is in the email? Is it anything else then normal registration text?
                                I buy 420 forums

                                  Comment

                                  • stonepilot
                                    Senior Member
                                    • Apr 2006
                                    • 195
                                    • 4.1.x
                                    #24
                                    * Not sure if this is related, I have a similar issue with 4.0.8 that I am about to open a thread on *
                                    sigpic
                                    Life is just a Big Skid

                                      Comment

                                      Previous 1 2 template Next
                                      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                      Working...