I sent a ticket therefore posting but I know I’m going to get a bad response like I got last time so I’ll go straight to the point.
I’ve been using bplaced for more than 3 years now and I’m started to get tired. My address is FILLED with bots, and I’m posting here because the last time I sent a ticket it was something like this :
Me :
Blablabla I’ve tryied multiple CMS’s and that’s not a solution, not even adding anti-bots system and whatsoever…
Response :
Change CMS.
It’s like… Who am I attended by?
Whatever, I’ve decided to remove all files from the FTP and I won’t upload anything 'till I have a solution. I have been using Wordpress and people have even uploaded things through my FTP, how come.
Forums CMS’s don’t stop bots, neither do blogs. They’re there.
I’ve been more than a month developing anti-bots systems and adding more and more and nothing helped, 'till more and more spambots came here.
Even my site has appeared all over the net.
If there’s no solution, I quit bplaced though I love it, or maybe loved.
first of all: your issue has nothing to do with bplaced as a host service provider, this may happen anywhere in the very same magnitude.
second, please understand that our support is there for you - for administrative tasks, not for custom consulting by means of what-exactly-to-do.
So, to get to the point. I understand you used anti-bot techniques, like captchas, is that true? Did you switch these, e.g. there are some captchas which are pretty secure, others are not. Some require socket functions, such as recaptcha ( google.com/recaptcha ) which is considered pretty much secure, however socket functions require bplaced pro (see the highlighted menu item in your control panel).
Could you please state examples, what you did exactly? This forum also did not get around using recaptcha, phpBB’s own ones were compromised pretty often, that lead to some bot registrations per day, posting tons of spam.
I know it may have nothing to do, but the other accounts are not getting spammed, or not even as much as I have been. For example, when I had a problem with php and asked the Tech support the just told me to change a file that didn’t even exist, so I had to do it my way.
Yeah, I tryied some Captcha modules. I even tryied ReCaptcha but noticed that it didn’t work because of the sockets but then used other things. The list :
Security Questions ( Not easy questions )
Fassim Anti-Spam (Has a list of spammers and removes them automatically )
Stopforumspam
Akismet.
I also switched and updated captcha modules but that didn’t work either.
Long ago I used phpBB but I had no issues with it. I had been using MyBB lately and registrations got there, changed to phpBB and bots got faster. Then switched to SMF and bots registered as fast as in SMF.
When I got back to MyBB I did all those changes, removed a few @mails and banned a few IP’s and that didn’t make it.
The thing is that installing a BBS board for example (which have a VERY simple captcha (phpbb2 like) they do not post ( It’s like 4chan ).
hm, it is curious that so many bots sign up. What amount of bots are we talking about?
Btw., please stick either to the forums or the ticket - both conversations can not be maintained.
hm, it is curious that so many bots sign up. What amount of bots are we talking about?
Btw., please stick either to the forums or the ticket - both conversations can not be maintained.
ciao[/quote]
Alright I’ll stick here.
It’s quite interesting, and even more that my site is all over the net while doing a quick search in google.
We’re talking about 200~250 bots per 5 hours. I let it 3 days without removing them and I had around 30k users.
seriously? Are you absolutely positive that the bots do have to pass the sign up forms secured with a captcha? Is there no way around to get registered within your forums? This sounds like there is some possibility left to sign up, for example via temporary files or some leftbehinds - are you btw. using the latest versions of any forum software?
I also closed the registrations but when looking at the stats there were up to 90 visitors. Of course, I couldn’t close them as I needed more people to register.
There was no other option, they even managed to activate their mails using addresses like asdf111@strangemail.com asdf@whatever… I banned some addreses like @yahoo and @gmail and even that they registered with strange domains which changed.
And yes, I’ve been using the last versions of it. I even reinstalled so I had to download the lastest content and plugins.
hm, curious. I have never seen that much load caused by bots at any of our sites - even at this forum, since it is the oldest one (as old as bplaced), and pretty much known and indexed.
Does that happen to one username only? Did you try to change the name of the subdirectory? Maybe they are probing just one specific (just the root?-)directory.
It started with a few spam posts with Russian content. Then viagra things appeared, but they were like 1~2 bots per day. Then it increased getting up to 100 registrations per day and more than 1000 posts per day also, then it increased more and more and forums were filled.
It was a pain because the bandwith is ALWAYS full and I had problems even doing transfer via FTP. Also, my mailbox is always FULL ( and the 100 mails per day is also full also )… You wouldn’t like to see how my WP blog had over 120000k comments.
Happens on all domains, even changing directories, CMS…
that is in fact really strange. Is there anything else in common besides these 3 addresses? For example, an IP-range or anything that might help you to get rid of them at once (at least of most of them).
For now I’d suggest to disable sign ups and comment functions and to monitor this. ReCaptcha might surely be a good idea, or multiple captchas of some sort, displaying (e.g. 3D) pictures having a code to type in.
There was no IP range. If I banned a range, a new one appeared.
I couldn’t ban countries either because then they moved to another, like Pakistan, Hungary, Italia… And I can’t afford ban EVERY country in the world as I’d loose users.
Monitor this? By who? I have no content at the moment, so there will be no registrations nor new posts. I’ve added every single spam filter besides ReCaptcha and I think that it won’t make it.
And even that, if I disable registrations what about the bandwith consumed by the thousands of visits of bots?
It goes slower and slower.
This could mean you FTP password is not secure. Maybe you had a keylogger on your computer, so you should also check your computer for viruses. Then when your PC is safe change all bplaced passwords. For FTP you have to delete the FTP user (not your bplaced account) and recreate it.
This could mean you FTP password is not secure. Maybe you had a keylogger on your computer, so you should also check your computer for viruses. Then when your PC is safe change all bplaced passwords. For FTP you have to delete the FTP user (not your bplaced account) and recreate it.[/quote]
And also that WP was exploitable.
I didn’t have a keylogger on my pc since what I always did was to operate from a Linux terminal, which I know for sure that doesn’t have any keyloggers nor reverse connection trojans.
I will change passwords and mails later, but it seems that there’s been no access through my acc.
