powered by Jive Software

Disabled new accounts registration in the forums

As spammers found a way to go through url links filtering and it seems they are creating new accounts in dozens i have disabled new accounts registration for now. Will try enabling in a few days. Or you may enable it earlier if you will find how to block them again and clean up the mess (LG? )

UPD: changed the policy to Registration moderation.

UPD 2: disabled registration again as new registrations numbers are overwhelming and it is impossible to guess hwo is spammer or not.

any possibility that the innerworkings of registration here can be examined by someone? is this an abuse of a lack of a CSRF token?

I would gladly lend my sword to help fix our registration system

Not sure i understand the CSRF token part. The situation now is that if i enable free registration (with activation email and Captcha), som script or bots start to register dozens of new accounts and post dozens of spam documents and threads. It goes through Captcha system and url interceptors are not working somehow too. I think if i leave a moderated registration on it is not happening, but i’m not 100% sure. Of course one of the moderators (most of the time me) have to accept every registration.

Usually it was LG (it2000) voluntary task to deal with that by making sql scripts to wipe the accounts and messages, to make intercept triggers or even ban IPs. I can’t do that because i only have an access to Jive SBS Admin Console and it has limited tools for that and actually i’m not good at that scripting part. If only i can check somewhere thei IP addresses, maybe it would be possible to add an IP Ban filter. But i can’t find such information.

the CSRF token stuff is essentially a hidden token that is generated by the website and is REQUIRED as part of the submission. When bots spam/hit a site they are usually just hitting the POST url to create accounts with the required data. This allows them to bypass captcha’s…etc as the captcha stuff…etc

The token is something that must be passed as part of the request and can only be obtained if the person were to come from a registration page. It makes spamming registration a lot harder.

Is there a newer version of Jive SBS we have access to? One that may offer the ability to protect from spam bots? Who has access that can give us more access to alleviate this issue.

Ah, i see. Once at my work we were advertised about an opposite way of spam protection, when there is a hidden form field that a human browsing cannot see. But a bot sees it and fills it out usually and if it happens, then a system can assume it is a bot. But that is not a bullet-proof protection either.

There is newer versions of Jive SBS, but i’m not sure if Jive is going to let us use the latest version. Usually someone from Jive updates our backend here, but usually it is only 4.5.x version patches. Personally i don’t really like the looks of 5 and newer versions with all the social stuff. Looks like a mess.

I think @Daryl Herzman can tell more about the access on this site. Or @Benjamin from Jive can tell more about Jive SBS updates.

That’s an interesting way of making the life of a spammer bot a bit harder wroot. I believe I’ll be using that in my code shortly.

As for SBS: (provided that Jive is willing to provide us with the proper licensing and we can find someone willing/able to help with the work) I would suggest to consider upgrading to the latest release. Even if you dislike the look-and-feel or functional changes (beauty is in the eye of the beholder), I do believe that any updates (especially if they relate to security) would be very welcome.

I would prefer to have a version that is slightly less appealing visually, but easier to maintain, than the other way around.

I actually have it on my calendar to coordinate with you guys for an upgrade to the latest 4.5.x release very soon.

I’ve thought about upgrading to 5.x/6.x, but I don’t believe the new features are incredibly useful for how we use this site. I’ll verify, but I also don’t think there have been significant improvements related to fighting spammers.

My company has used the hidden form field trick before to good effect. Most spammer bots are not actively monitored by a human so they get trapped easily.

Another trick we have used is to funnel them to some webpage ( i forget the page now!) that dynamically generated pages that had known spammer email addresses on them… so basically you would lead the bot to this page and they would get stuck in a loop harvesting other spammer email addresses, load the next page via follow link and continue in the loop. fighting fire with fire basically…

EDIT: is it possible our captcha’s suck? as in they are too easy to OCR? Perhaps implementing something like google’s reCaptcha would be better?

It is obvious, that our captcha sucks Though, sometimes i think, maybe they just found some hole in the system, as they are not just circumventing captcha, they also confirm the activation email, though sometimes it looks like not existing emails addresses. Funny that i now confirm every new registration and nothing happens. Probably they don’t expect for registration to take longer. Yet.

Improving recaptcha could help, but we also need to take a look at low level information (logs, database) and maybe find out IP patterns and block them. There are some interceptor triggers in the SBS Admin Console. But the only useful is one catching phrases in the new content. But we need something smarter. Like maybe limiting new user to create new content only after 1 day, or marking as abuse if user creates 5 content files in a few minutes, etc.

About the SBS. Actually new SBS looks more visually appealing, but i’m more concern about the usability. Its home screen just shows activity flow which is useless for me and then there is another tab “Content” which shows all content in one list. I haven’t find an option to modify your home screen (maybe community.jivesoftware.com has limited this) and add widgets. Compare what you get on your home screen there and with my current setup. Just to many hopping to get needed information, when i can have it now with one glance or click.


try some of their ip’s in here:

https://www.projecthoneypot.org/search_ip.php

they have an api i think… so could maybe implement a “suspicious list” and check incoming connections, if multiple accounts register from “suspicous list” in a short period of time, moderate registration… ?

I don’t have the IPs… I have searched every part of Admin Console, but can’t find it anywhere. Don’t know how LG managed to find them (maybe somewhere in webserver logs). I see he has created a few IP bans in the past, so it should be possible. But he is absent now. Will try to reach him via PM.