False/SPAM registrations

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Headlight
    New Member
    • Dec 2016
    • 6
    • 3.8.x

    False/SPAM registrations

    Greetings, I run a board currently running vbulletin 3.8.7 Patch level 6 and we are experiencing a rater large issue with false registrations. I have Capcha and email confirmation enabled and yet we are still experiencing this. I was out of touch for a month in the hospital and upon my return there were over 100 new registrations to the site, none of which was legitimate. And then I receive an email from our host that our site had reached it's allowed daily daily executions limit. These registrations don't ever post, the few that do are typically caught by the spam system and banned. I'm kind of at my whits at end with this, we are a small metro detroit area club.
  • Headlight
    New Member
    • Dec 2016
    • 6
    • 3.8.x

    #2
    First I probably should have said, our site is redlinesuperbike.com

    So I completed the Suspect File Version check, other than some left over files from removed software like vbgallery, I have the following issues showing:

    ./
    forumdisplay.php - Files does not contain expected contents

    ./includes
    class_core.php - Files does not contain expected contents
    class_dm_threadpost.php - Files does not contain expected contents
    class_floodcheck.php - Files does not contain expected contents
    class_rss_poster.php - Files does not contain expected contents
    class_vurl.php - Files does not contain expected contents
    functions.php - Files does not contain expected contents
    functions_misc.php - Files does not contain expected contents
    init.php - Files does not contain expected contents

    ./modcp
    global.php - Files does not contain expected contents
    index.php - Files does not contain expected contents

    Starting to wonder if we may have been hacked, still looking for some help here.

    Comment

    • Headlight
      New Member
      • Dec 2016
      • 6
      • 3.8.x

      #3
      Below is an example of a new user registration and the moderated visitor message they are attempting to post.

      Originally posted by New User Email
      There is a new user, hakkanen4 at Redline Superbike

      To view their profile, go here:



      Email Address : [email protected] Birthday : April 3, 1986
      Referrer: N/A
      IP Address: 85.107.192.230

      Location : TR
      Zip code : 35414
      Originally posted by Moderated visitor Message
      hakkanen4
      Profile: hakkanen4
      This Message is Moderated
      httpİ//www.izmirmarkareklam.com

      Comment

      • Mark.B
        vBulletin Support
        • Feb 2004
        • 24286
        • 6.0.X

        #4
        You have files showing incorrect contents. That suggests your site may have been compromised.

        You need to download a fresh copy of the files from the members area and uploa dthese to the server, taking care to overwrite what is already there.

        You also need to change all admin and moderator passwords, all FTP passwords, and also your database password. Nite that when changing your database password, you must also update the entry for that in includes/config.php, otherwise your site won't load.
        MARK.B
        vBulletin Support
        ------------
        My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
        My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

        Comment

        • Headlight
          New Member
          • Dec 2016
          • 6
          • 3.8.x

          #5
          Originally posted by Mark.B
          You have files showing incorrect contents. That suggests your site may have been compromised.

          You need to download a fresh copy of the files from the members area and uploa dthese to the server, taking care to overwrite what is already there.

          You also need to change all admin and moderator passwords, all FTP passwords, and also your database password. Nite that when changing your database password, you must also update the entry for that in includes/config.php, otherwise your site won't load.
          I appreciate the response, I'll work on that this week.

          Comment

          • Headlight
            New Member
            • Dec 2016
            • 6
            • 3.8.x

            #6
            Ok so I downloaded a fresh copy of the software, I even re-ran the upgrade process. Now all the files that said "File does not contain expected contents" say "File version mismatch: found 3.8.7 Patch Level 6, expected 3.8.7 Patch Level 4" I"m certain I download 3.8.7 Patch Level 6 and that's what it says my forum version is everywhere I know to check.

            Comment

            • Mark.B
              vBulletin Support
              • Feb 2004
              • 24286
              • 6.0.X

              #7
              Make sure you have uploaded all the files and run the upgrade script.

              Also make sure you have downloaded the full 3.8.7 PL6 package, not just the patch files.
              MARK.B
              vBulletin Support
              ------------
              My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
              My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

              Comment

              • Paul M
                Former Lead Developer
                vB.Com & vB.Org
                • Sep 2004
                • 9886

                #8
                If you are running any sort of PHP op cache, you may need to reset it to detect the new uploaded files.
                Baby, I was born this way

                Comment

                • Headlight
                  New Member
                  • Dec 2016
                  • 6
                  • 3.8.x

                  #9
                  Ok so I think I've completed all the tasks.

                  1. Reset the database password, which was really poor btw, can't believe that went unnoticed for so long.
                  2. Completed the upgrade properly, the files no longer show out of date or incorrect versions on a suspect file check.
                  3. We didn't have any ftp accounts.
                  4. Reset all the master passwords for the account.
                  5. Mod and admin password after require a reset every 90 days.

                  I have capcha and email verification setup for registration. Is there anything else you guys could think of before I turn registration back on?

                  Comment

                  widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                  Working...