Bugs and things to fix

[noako]

Something very weird is happening with these spam bots.
I looked at their IPs and hostnames, and their IPs were all the same as mine, and their hostnames were all from the forum's host.  Not only that, but when I was cross checking everyone's accounts to make sure it was okay to ban them without affecting anyone, about 95% of you all had the same thing going on...  I've just deleted the bot accounts because I don't want to banlist an IP address that might belong to a real member.

This weirdness and the bots are definitely connected.  My hunch is that it either has something to do with my backing up the site yesterday, or Minna's posting a link on her site.  Most likely the backup thing.  If anyone can help, or has any general knowledge on this kind of thing, it'd be appreciated.

I have no idea how to help you in this. Sorry. Could we have some sort of spambot-filter, like email confirmation or writing numbers/letters like in some registeration sites?

[ThisCat]

I have no idea how to help you in this. Sorry. Could we have some sort of spambot-filter, like email confirmation or writing numbers/letters like in some registeration sites?

This would probably be a very good idea.

[Eich]

I'm pretty sure I can set up a captcha, yeah.  I know I've at least seen one hanging around the site somewhere.
I'll check that out.

[JoB]

Something very weird is happening with these spam bots.
I looked at their IPs and hostnames, and their IPs were all the same as mine, and their hostnames were all from the forum's host.  Not only that, but when I was cross checking everyone's accounts to make sure it was okay to ban them without affecting anyone, about 95% of you all had the same thing going on...

According to Netcraft, there's a HTTP accelerator (a.k.a. reverse proxy) sitting in front of the actual server (Apache running on a Linux host?). That'ld mean that the Apache sees the requests coming from the IP of that proxy, with the IP of the actual client stashed into an X-Forwarded-For HTTP header - which SMF likely isn't equipped out of the box to expect, if it knows to deal with that in the first place.

[Eich]

Well, all of your IPs and hostnames were different, a couple days ago.  That's why I think it's connected to some kind of stuff.  (I probably should've stated that in the first place)
Anyway, I'm not really sure what most of that meant (Apache=helicopters and natives to me), but I appreciate the input, and I guess I gotta learn this stuff at some point.  I'll ask for help on the SMF support site.

[JoB]

http://wiki.apache.org/httpd/FAQ#Why_the_name_.22Apache.22.3F

If neither you (as part of some SMF add-on you installed?) nor X10HOSTING (nor whoever acts as a go-between between the two of you) installed that reverse proxy, back when the client IPs changed from diverse to "everyone looks the same", I'ld suspect some kind of hostile intrusion ...

[Eich]

http://wiki.apache.org/httpd/FAQ#Why_the_name_.22Apache.22.3F

If neither you (as part of some SMF add-on you installed?) nor X10HOSTING (nor whoever acts as a go-between between the two of you) installed that reverse proxy, back when the client IPs changed from diverse to "everyone looks the same", I'ld suspect some kind of hostile intrusion ...

That's what I'm worried about.  I can't very well ban an IP or hostname used by a troll or bot when it's the same IP and hostname for everybody else.

[Nimphy]

That's what I'm worried about.  I can't very well ban an IP or hostname used by a troll or bot when it's the same IP and hostname for everybody else.

Can you suspend it, though? You could try for a day or so of suspension, and see if it affects the rest of us. Otherwise a captcha seems a pretty logical and easy solution to me.

[Eich]

Can you suspend it, though? You could try for a day or so of suspension, and see if it affects the rest of us. Otherwise a captcha seems a pretty logical and easy solution to me.

It's my IP now, too.  That's the big problem.  I don't want to risk nullifying the site entirely by locking myself out.
I'll ask SMF about setting up a capcha to register.  I'm also getting responses to my question about our email problem and the IP problem, so I'm looking into those.

[Eich]

Okay... I've set up some simple verification questions.  They're not hard and, according to the folks over at SMF, they're practically fool proof (I would've set up a capthca but, apparently, people have made bots that decipher those more successfully than people).  People have said their forums have been spambot free for several years.  Only actual people can get past these, supposedly, so we'll see how these fare in the next few days.  Hopefully this'll be good enough to filter out the bots and stop this crap.

[JoB]

I just posted, and the forum reports "my" IP as being 198.91.81.5, which is the server's IP and definitely not the one my connections go out onto the Internet with (says the local net admin). There must be something like the mentioned reverse proxy shielding the SMF software from the incoming requests.

[Sunflower]

I just posted, and the forum reports "my" IP as being 198.91.81.5, which is the server's IP and definitely not the one my connections go out onto the Internet with (says the local net admin). There must be something like the mentioned reverse proxy shielding the SMF software from the incoming requests.

I checked out all my posts.  About half of them give the same IP as you:  198.91.81.5.  The rest state my home IP, starting 76.14. 
Hoping this data point helps...

[Richard Weir]

Another datapoint for you: Between September 8th and September 9th my posts change from showing my proper IPA to showing the erroneous IPA.

[JoB]

Good idea to check the actual time of the change ... I have the proper IP with topic=31.msg1179 (08-09-2014, 16:37:32) and the wrong one on topic=31.msg1234 (09-09-2014, 05:03:10).

[Eich]

Sooo... Uhh-  The IP thing cleared up while I was asleep last night, apparently...
I'm not going to risk banning anyone by IP or hostname, just in case it was something more malicious than a glitch, so I'll be restricting myself to banning by email and usernames for a while, until I know for sure what was going on.