Applied PL3 for ver. 4.1.12 yesterday; spambot attacks then began.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • DuraMater
    New Member
    • Nov 2010
    • 12
    • 4.0.x

    [Suite] Applied PL3 for ver. 4.1.12 yesterday; spambot attacks then began.

    This could be merely a coincidence, but if it is not, then the programmers should know what is going on. I run a small fan site forum using vBulletin 4.1.12 PL3. Installed the latest security patch yesterday to bring us to the PL3 level. Around 6pm EST, last night, the spam bots began to assault the site with registrations for membership. Fortunately, membership approval is a two step process, and only an Admin can approve. So, none of them got in. I spent a good part of last night, and this morning, banning IP and email addresses. Finally, I disabled accepting new registrations for the time being, until this attack stops (it is still going on). In the almost five years that I have worked on this forum, I have never seen an attack like this. It could be a coincidence that it started after I applied the PL3 patch. If not, I need to know what to do to rectify this situation.

    Thanks to all in advance for any advice you may have.
  • Zachery
    Former vBulletin Support
    • Jul 2002
    • 59097

    #2
    With registration turned off, we can't really help figure out why spam might have increased. But the patch had nothing to do with it,.

    Comment

    • DuraMater
      New Member
      • Nov 2010
      • 12
      • 4.0.x

      #3
      Originally posted by Zachery
      With registration turned off, we can't really help figure out why spam might have increased. But the patch had nothing to do with it,.
      Not sure what you mean there. Are you saying that if I turn the registration back on, you could figure out why the spam increased? And are you also saying that the new security patch would have absolutely nothing to do with this exploit? I have been going back and forth with the host server techs all day. They tell me that it is a weakness in the software, not the server, that is causing this exploit. So, I came here to find out.

      Comment

      • Zachery
        Former vBulletin Support
        • Jul 2002
        • 59097

        #4
        We could at least take a look, assuming all you did was turn registration off.

        Comment

        • DuraMater
          New Member
          • Nov 2010
          • 12
          • 4.0.x

          #5
          Originally posted by Zachery
          We could at least take a look, assuming all you did was turn registration off.
          Not sure what you mean by "assuming all you did was turn registration off" either. I told you everything that happened in my original post. However, that is a good idea about turning the registration back on and let you all have a look. I am going to open a support ticket now. I will report back here if/when there is a resolution.

          Comment

          • whitey10tc
            Senior Member
            • Jan 2011
            • 415
            • 4.0.x

            #6
            spam o matic from vBulletin.org. just an fyi it's not just your forum. spamomatic blocked over 1k on one of my forums the other day.
            www.cdmagurus.com
            www.cellphone-gurus.com

            Comment

            • DuraMater
              New Member
              • Nov 2010
              • 12
              • 4.0.x

              #7
              Thanks for the info whitey10tc.

              I also want to thank Zachery for helping me fortify the protection around my forum site. Well done!

              EDIT: whitey, you are the only one so far to have acknowledged experiencing a large assault recently. everyone else I have asked about it had heard nothing. let me know if you hear anything else about this, thanks.
              Last edited by DuraMater; Sat 17 Nov '12, 6:25am.

              Comment

              • Lynne
                Former vBulletin Support
                • Oct 2004
                • 26255

                #8
                Originally posted by DuraMater
                EDIT: whitey, you are the only one so far to have acknowledged experiencing a large assault recently. everyone else I have asked about it had heard nothing. let me know if you hear anything else about this, thanks.
                Actually, I have seen a number of threads in the last week of users complaining about spam suddenly increasing.

                Please don't PM or VM me for support - I only help out in the threads.
                vBulletin Manual & vBulletin 4.0 Code Documentation (API)
                Want help modifying your vbulletin forum? Head on over to vbulletin.org
                If I post CSS and you don't know where it goes, throw it into the additional.css template.

                W3Schools <- awesome site for html/css help

                Comment

                • DuraMater
                  New Member
                  • Nov 2010
                  • 12
                  • 4.0.x

                  #9
                  Thanks, Lynne. Most of the spambots that I saw seemed to be coming out of the Russian Federation, the Ukraine, and Poland, with a few filtering through China, UAE, and Brazil.

                  Comment

                  • Trevor Hannant
                    vBulletin Support
                    • Aug 2002
                    • 24326
                    • 5.7.X

                    #10
                    There has been an increase here also, yes - plus on other forums I use that are not powered by vBulletin so it's not unique to vB powered sites.
                    Vote for:

                    - Admin Settable Paid Subscription Reminder Timeframe (vB6)
                    - Add Admin ability to auto-subscribe users to specific channel(s) (vB6)

                    Comment

                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...