1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.1 Help Bot/Spam attack!

Discussion in 'XenForo Questions and Support' started by Yiit, Feb 17, 2012.

  1. Yiit

    Yiit Member

    Hello, my forum is www.turkcraft.net and it is not in english but i will try to explain the situation as well as I can.

    Today when i woke up I have seen that the forum now has 24.000 users ( it usually had like 3.000 ) and that all of them have strange names like 3493859sdfsd . They were all bots and spamming stuff. The forum was in ruins. It had been spammed and the forum couldn't even handle the connections anymore.

    So i quickly put the forum into maintenance mode. Now nobody can signup or login.

    These spammers claim to spam the forum because we erased their post that was in ENGLISH is a Turkish forum and was solved anyway. These guys didnt get money from one of our users or something but our forum must pay for this with bots spamming us? These guys are just keeping us responsible for trying to keep our forum clean instead of solving their issue with their client.

    Anyways, i would like some support please. What can i do against these bots? I mean there are 20.000 of them?

    One reason they could get so many accounts is because we can't use the mail activation system and don't know how to. It has never worked for us so we closed it and set some questions for signing up instead. So with the absence of mail activation system they have created many accounts but i do not know how they passed the question protection.

    Please does anyone have any suggestions? I am able to cooperate in any kind of solution. Thank you.
     
  2. Brogan

    Brogan XenForo Moderator Staff Member

    As you don't have email verification/activation configured and do use Q&A, it is more than likely a group of individuals, probably from a rival site.
    It wouldn't take long for a decent sized group to create that many accounts, quite possibly they also created a script; depending on how many different questions you have, it would work for a small percentage of attempts.

    Your options are to restore from a backup or delete the accounts.

    You should investigate the problem with activation emails and implement email verification.

    If the IP addresses of the accounts are all the same/similar, you can also ban those.
     
  3. borbole

    borbole Well-Known Member

    The email validation in registration should work ok and it can be set up at your Acp->Options->User Registration->Enable Email Confirmation. If that is not working ok for you then open a ticket at your help desk here so one of the xenforo staff can investigate this for you.

    You can also set it to Enable Manual Approval for the time being until the wave of the spamming attack cools down.
     
  4. mrb1972

    mrb1972 Active Member

    Also what we do is put all new members under moderation until they have 10 posts approved by staff
     
  5. Yiit

    Yiit Member

    Thanks everyone. What i did was to activate administrator approval for new users for the time being. Luckily the spamming person created new subjects inside only one of the forums. So i did a little cleaning and then erased that whole forum. Anyways does anyone know how i can delete like 20.000 members? There names seem to begin like ; 3fef71d43ab412 , 3fbd25119411db etc. So they begin with 3f. Also their mail adresses go like this : 3fef71d43ab412@3fef71d43ab412.com .

    All of their ips seemed to be the same so i have banned one ip. I do not know if there are more ips but i have checked some of them and they had the same ips. Any help please?
     
  6. Yiit

    Yiit Member

    How would one go about doing this ?
     
  7. Brogan

    Brogan XenForo Moderator Staff Member

  8. mrb1972

    mrb1972 Active Member

  9. Yiit

    Yiit Member

    Any way of mass deleting the newest registered users?
     
  10. Yiit

    Yiit Member

    I am trying to delete them one at a time but if i could select them from a list and just delete all that would be faster.
     
  11. Yiit

    Yiit Member

    Hello, sorry for bringing this back up but i am still suffering. I have contacted the spammers and they are nice people it seems. They have given me the script that they have used to spam and create many users. They also said that their usernames = passwords .

    http://pastebin.com/2tUPfKmC

    This good man suggested this solution, then :


    However I am not a coder and don't know how to make use of their passwords being the same as their usernames. Any help?
     
  12. Brogan

    Brogan XenForo Moderator Staff Member

    No, they're not.
    They spammed your forum with over 20,000 accounts.

    You can't delete users using simple SQL queries such as that.
    Ignore them.
     
  13. Yiit

    Yiit Member

    Allright thanks. Oh well back to deleting one by one for me.
     

Share This Page