| View previous topic :: View next topic |
| Author |
Message |
Doc_Logan
n00b
Joined: 28 Dec 2004
Posts: 2
|
 Posted: Tue Dec 28, 2004 1:14 am Post subject: Mass forum account registrations |
 |
|
This is obviously my first post here, and I don't know if this problem has already been noticed, but my search didn't turn up anything. When I registered a few minutes ago, I noticed on the member list that countless new registered members up until some time today have Strings of random characters as their usernames. Obviously, this is the result of malicious activity. I can't really tell how many of these user names there are, but when I registered, there were over 85,000 members. I certainly like Gentoo, but I don't really think it's quite that popular. I did notice a few posts about people having problems with the forums taking a long time to load recently, so I wonder if this has anything to do with it.
As I said, I don't know if anybody has noticed this or not, but I thought I'd try to help and make sure that the right people know about it. I believe that phpBB has an anti-bot feature to require that users copy random characters from an image when they sign up, and I think it might be a good idea to turn that on. Again, if this has already been discussed, I appologize.
-Logan
Edit: Looking at the members sorted by date joined, the earliest of these names seems to be number 8175, h6bk1y7Ep5, who/which joined today. I don't have a clue if today is the only time this has happened, but the member count has certainly grown usually quickly since I started "lurking" here recently. |
|
| Back to top |
|
 |
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20067
|
| Posted: Tue Dec 28, 2004 3:13 am Post subject: |
|
|
Yes, we noticed it. We'll probably delete them at some point.
Thanks.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
Doc_Logan
n00b
Joined: 28 Dec 2004
Posts: 2
|
| Posted: Tue Dec 28, 2004 3:29 am Post subject: |
|
|
Good to know you guys are on top of things. I just wanted to make sure somebody knew about it before it got out of hand (not that ~8100 bogus accounts isn't bad enough to deal with).
-Logan |
|
| Back to top |
|
|
ian!
Bodhisattva
Joined: 25 Feb 2003
Posts: 3829
Location: Essen, Germany
|
| Posted: Tue Dec 28, 2004 8:50 am Post subject: Re: Mass forum account registrations |
|
|
| Doc_Logan wrote: | | I believe that phpBB has an anti-bot feature to require that users copy random characters from an image when they sign up, and I think it might be a good idea to turn that on. |
We are looking at backporting this to our version of phpBB as we speak.
In the meantime we deleted the inactive accounts registered yesterday.
https://forums.gentoo.org/viewtopic.php?t=271802
_________________
"To have a successful open source project, you need to be at least somewhat successful at getting along with people." -- Daniel Robbins |
|
| Back to top |
|
|
Naib
Watchman
Joined: 21 May 2004
Posts: 6051
Location: Removed by Neddy
|
| Posted: Tue Dec 28, 2004 11:19 am Post subject: |
|
|
frigging script-kiddie spammers
_________________
| Quote: | | Removed by Chiitoo |
|
|
| Back to top |
|
|
vonhelmet
l33t
Joined: 06 Apr 2004
Posts: 770
Location: Somewhere in a school
|
| Posted: Wed Jan 05, 2005 2:52 pm Post subject: Re: Mass forum account registrations |
|
|
| ian! wrote: | | Doc_Logan wrote: | | I believe that phpBB has an anti-bot feature to require that users copy random characters from an image when they sign up, and I think it might be a good idea to turn that on. |
We are looking at backporting this to our version of phpBB as we speak. |
I know that feature is in 2.0.11, and I think phpbb is meant to be pretty easy to upgrade over existing versions. Have you done that much hacking (besides templates, natch) that you can't just untar it over what you've got? I mean, obviously you'd have to back up templates and then put them back, but that would be about it, right?
_________________
My blog
nvtuner software - enhance your AGP Geforce 6800 or 6200! |
|
| Back to top |
|
|
ian!
Bodhisattva
Joined: 25 Feb 2003
Posts: 3829
Location: Essen, Germany
|
| Posted: Wed Jan 05, 2005 3:06 pm Post subject: Re: Mass forum account registrations |
|
|
| vonhelmet wrote: | | I know that feature is in 2.0.11, and I think phpbb is meant to be pretty easy to upgrade over existing versions. Have you done that much hacking (besides templates, natch) that you can't just untar it over what you've got? |
Yes.
Backporting took about ~2 hours and was quite easy. We'll put that online ASAP.
_________________
"To have a successful open source project, you need to be at least somewhat successful at getting along with people." -- Daniel Robbins |
|
| Back to top |
|
|
ian!
Bodhisattva
Joined: 25 Feb 2003
Posts: 3829
Location: Essen, Germany
|
| Posted: Thu Jan 06, 2005 8:05 pm Post subject: Re: Mass forum account registrations |
|
|
| ian! wrote: | | We'll put that online ASAP. |
Done.
_________________
"To have a successful open source project, you need to be at least somewhat successful at getting along with people." -- Daniel Robbins |
|
| Back to top |
|
|
DRTProxy
n00b
Joined: 31 Jul 2006
Posts: 3
|
| Posted: Mon Jul 31, 2006 10:38 pm Post subject: |
|
|
| Is there a script to remove mass forum signups or did you just manually edit the database? |
|
| Back to top |
|
|
tomk
Bodhisattva
Joined: 23 Sep 2003
Posts: 7221
Location: Sat in front of my computer
|
| Posted: Wed Aug 02, 2006 12:08 pm Post subject: |
|
|
| DRTProxy wrote: | | Is there a script to remove mass forum signups or did you just manually edit the database? |
IIRC the accounts mentioned in this topic were removed manually, we've since put into place a script that will remove these accounts automatically.
_________________
Search | Read | Answer | Report | Strip |
|
| Back to top |
|
|
|
Gentoo Forums Feedback
