CUTCODEDOWN
Minimalist Semantic Markup

Welcome Guest
Please Login or Register

If you have registered but not recieved your activation e-mail in a reasonable amount of time, or have issues with using the registration form, please use our Contact Form for assistance. Include both your username and the e-mail you tried to register with.

Author Topic: The comedic side of starting a new forums  (Read 1119 times)

Jason Knight

  • Administrator
  • Hero Member
  • *****
  • Posts: 1049
  • Karma: +188/-1
    • CutCodeDown -- Minimalist Semantic Markup
The comedic side of starting a new forums
« on: 23 Oct 2019, 04:14:02 pm »
I was just doing my weekly check of my fail2ban logs... since the launch of these forums the rejections have quadrupled. Launch a forums, make yourself a target.

Good thing i didn't enable SSH for this subdomain. :D Still funny that the new subdomain is getting hammered for brute force FTP attacks.

But again, this VPS is twice the hardware I had for running a massive forums a decade and a half ago on a shoe-string budget. Apart from the fact that storage sizes have shrunk thanks to SSD's, by comparison I've got RAM and CPU out the yazoo for a pittance in cost.

Always fun though to swing the ban-hammer at the iptables level against actual dirtbags.
We are all, we are all, we are all FRIENDS! For today we're all brothers, tonight we're all friends. Our moment of peace in a war that never ends.

durango_d

  • Full Member
  • ***
  • Posts: 124
  • Karma: +1/-0
Re: The comedic side of starting a new forums
« Reply #1 on: 1 Dec 2019, 05:13:55 am »
Do you do IP ranges when you ban or just single IP's?   

In my forum experience the spammers and hackers seem to be able to key on newly installed product sites easily, not sure how they do that. 

I have also noticed that they seem to run some kind of search software that searches for popular folders of well known software installs.   I have seen errors in my logs at times and its so obvious they are running some script because its fail after fail "file not found".  I used to think they did so at certain times of the year but i have not been able to prove that theory.

Also i still have not figured out how they can set up a profile and seem to bypass not only the generic captcha, but also the question captcha and re-captcha. 

Yes forums are fun that way making yourself a target, well i guess it lets you know how secure your machine is, if noone gets in,  so thats positive.
« Last Edit: 1 Dec 2019, 05:15:54 am by durango_d »
Squeeze it Harley! Don't yank it!  It's not your D...!  Squeeze it !

Jason Knight

  • Administrator
  • Hero Member
  • *****
  • Posts: 1049
  • Karma: +188/-1
    • CutCodeDown -- Minimalist Semantic Markup
Re: The comedic side of starting a new forums
« Reply #2 on: 1 Dec 2019, 07:04:32 am »
Do you do IP ranges when you ban or just single IP's?   
I only resort to IP bans in the case of "obvious spam is obvious" -- see the glut of PM spammers. (i've got to set a three posts before you can send more than one PM limit, but it's been a while since I've done that with SMF so I need to re-train)

But when I do I research the address range. SMF has some nice built-in features for dealing with doing whois lookups on arin/ripe/apnic/afrinic/etc directly from the forum / user account pages, and gives you a nice big cross-reference of all users who've come from the same IP's.

If the whois tells me it's some form of data center, from one of the many international "hives of scum and villiany" like Nigiria or the Ukraine, I band the whole region. Otherwise I set a singe IP ban.

Research is an important part of doing bans. You don't blindly drop an entire IP address region if it's for a normal ISP... but if a RDNS sample of the range returns actual websites, you kick them to the curb since there's little reason for legitimate traffic to be coming from a server farm.

On the back-end I also have fail2ban running. Getting hammered for ftp and ssh brute force requests is far more of an issue and having fail2ban kicking those folks in the groin limiting them to three failures before a time in the penalty box makes most attackers just give up and go elsewhere.
« Last Edit: 1 Dec 2019, 07:06:31 am by Jason Knight »
We are all, we are all, we are all FRIENDS! For today we're all brothers, tonight we're all friends. Our moment of peace in a war that never ends.

fgm

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +5/-0
Re: The comedic side of starting a new forums
« Reply #3 on: 25 Jun 2020, 04:13:52 am »
In my experience configuring a number of questions and answers works fine to get rid of spam registrations, at least for small or medium-sized forums.

 

SMF spam blocked by CleanTalk

Advertisement