View previous topic :: View next topic |
Author |
Message |
Doc_Logan n00b
Joined: 28 Dec 2004 Posts: 2
|
Posted: Tue Dec 28, 2004 1:14 am Post subject: Mass forum account registrations |
|
|
This is obviously my first post here, and I don't know if this problem has already been noticed, but my search didn't turn up anything. When I registered a few minutes ago, I noticed on the member list that countless new registered members up until some time today have Strings of random characters as their usernames. Obviously, this is the result of malicious activity. I can't really tell how many of these user names there are, but when I registered, there were over 85,000 members. I certainly like Gentoo, but I don't really think it's quite that popular. I did notice a few posts about people having problems with the forums taking a long time to load recently, so I wonder if this has anything to do with it.
As I said, I don't know if anybody has noticed this or not, but I thought I'd try to help and make sure that the right people know about it. I believe that phpBB has an anti-bot feature to require that users copy random characters from an image when they sign up, and I think it might be a good idea to turn that on. Again, if this has already been discussed, I appologize.
-Logan
Edit: Looking at the members sorted by date joined, the earliest of these names seems to be number 8175, h6bk1y7Ep5, who/which joined today. I don't have a clue if today is the only time this has happened, but the member count has certainly grown usually quickly since I started "lurking" here recently. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Tue Dec 28, 2004 3:13 am Post subject: |
|
|
Yes, we noticed it. We'll probably delete them at some point.
Thanks. _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
Doc_Logan n00b
Joined: 28 Dec 2004 Posts: 2
|
Posted: Tue Dec 28, 2004 3:29 am Post subject: |
|
|
Good to know you guys are on top of things. I just wanted to make sure somebody knew about it before it got out of hand (not that ~8100 bogus accounts isn't bad enough to deal with).
-Logan |
|
Back to top |
|
|
ian! Bodhisattva
Joined: 25 Feb 2003 Posts: 3829 Location: Essen, Germany
|
Posted: Tue Dec 28, 2004 8:50 am Post subject: Re: Mass forum account registrations |
|
|
Doc_Logan wrote: | I believe that phpBB has an anti-bot feature to require that users copy random characters from an image when they sign up, and I think it might be a good idea to turn that on. |
We are looking at backporting this to our version of phpBB as we speak.
In the meantime we deleted the inactive accounts registered yesterday.
https://forums.gentoo.org/viewtopic.php?t=271802 _________________ "To have a successful open source project, you need to be at least somewhat successful at getting along with people." -- Daniel Robbins |
|
Back to top |
|
|
Naib Watchman
Joined: 21 May 2004 Posts: 6051 Location: Removed by Neddy
|
Posted: Tue Dec 28, 2004 11:19 am Post subject: |
|
|
frigging script-kiddie spammers _________________
Quote: | Removed by Chiitoo |
|
|
Back to top |
|
|
vonhelmet l33t
Joined: 06 Apr 2004 Posts: 770 Location: Somewhere in a school
|
Posted: Wed Jan 05, 2005 2:52 pm Post subject: Re: Mass forum account registrations |
|
|
ian! wrote: | Doc_Logan wrote: | I believe that phpBB has an anti-bot feature to require that users copy random characters from an image when they sign up, and I think it might be a good idea to turn that on. |
We are looking at backporting this to our version of phpBB as we speak. |
I know that feature is in 2.0.11, and I think phpbb is meant to be pretty easy to upgrade over existing versions. Have you done that much hacking (besides templates, natch) that you can't just untar it over what you've got? I mean, obviously you'd have to back up templates and then put them back, but that would be about it, right? _________________ My blog
nvtuner software - enhance your AGP Geforce 6800 or 6200! |
|
Back to top |
|
|
ian! Bodhisattva
Joined: 25 Feb 2003 Posts: 3829 Location: Essen, Germany
|
Posted: Wed Jan 05, 2005 3:06 pm Post subject: Re: Mass forum account registrations |
|
|
vonhelmet wrote: | I know that feature is in 2.0.11, and I think phpbb is meant to be pretty easy to upgrade over existing versions. Have you done that much hacking (besides templates, natch) that you can't just untar it over what you've got? |
Yes.
Backporting took about ~2 hours and was quite easy. We'll put that online ASAP. _________________ "To have a successful open source project, you need to be at least somewhat successful at getting along with people." -- Daniel Robbins |
|
Back to top |
|
|
ian! Bodhisattva
Joined: 25 Feb 2003 Posts: 3829 Location: Essen, Germany
|
Posted: Thu Jan 06, 2005 8:05 pm Post subject: Re: Mass forum account registrations |
|
|
ian! wrote: | We'll put that online ASAP. |
Done. _________________ "To have a successful open source project, you need to be at least somewhat successful at getting along with people." -- Daniel Robbins |
|
Back to top |
|
|
DRTProxy n00b
Joined: 31 Jul 2006 Posts: 3
|
Posted: Mon Jul 31, 2006 10:38 pm Post subject: |
|
|
Is there a script to remove mass forum signups or did you just manually edit the database? |
|
Back to top |
|
|
tomk Bodhisattva
Joined: 23 Sep 2003 Posts: 7221 Location: Sat in front of my computer
|
Posted: Wed Aug 02, 2006 12:08 pm Post subject: |
|
|
DRTProxy wrote: | Is there a script to remove mass forum signups or did you just manually edit the database? |
IIRC the accounts mentioned in this topic were removed manually, we've since put into place a script that will remove these accounts automatically. _________________ Search | Read | Answer | Report | Strip |
|
Back to top |
|
|
|