NYCPHP Meetup

NYPHP.org

[nycphp-talk] Bypassing Registration forms on vBulletin forums ... I guess other forums are having similar problem too?

Brian Williams brianw1975 at gmail.com
Tue Oct 14 11:32:29 EDT 2008


IMO registration forms should only use POST beacuse REQUEST is a
conglomerate of POST, GET, etc and is affected by the php.ini with the
variables_order and  can be  messed up and set insecurely by the host;
having said that, i do believe that cURL can do a POST. so it's not a 100%
solution to the problem.

Having said all of that -- make sure all of your forum software is up to
date with the latest patches, etc; they release those for a reason, and it's
not because they are bored.

Can you specify which forums you are having problems with?  A name might
help with other solutions and suggestions.




On Tue, Oct 14, 2008 at 3:41 AM, <mikesz at qualityadvantages.com> wrote:

> Hello NYPHP,
>
> I am seeing that Registration forms are taking a huge beating from
> scammers and spammers today, especially forum sites. I spend most
> of my time lately collecting and filtering data to find the freaks
> before they find the membership. Use to be and "every now and again"
> but now its thousands per day and you can't tell now whether its a
> robot or cheap labor doing the form input. Aside from my own sites
> that are getting pounded daily I have several client site that average
> 500 badguy hits a day now and those are just the ones I have a
> "known badguy" status, they are hijacking and adding new addresses
> everyday, spammers mostly, all forum sites. Just unbelievable, and of
> course, mustn't forget my recent episode with the porno  pirate hijacking
> my server is still giving me no joy either.
>
> Anybody else having these kinds of problems?
>
> I think someone suggested (here I think) that the scammer/spammers
> were using CURL to access the database directly, is that possible? If
> so how, and how can that be prevented.
>
> In the trap that I have set up, I log the contents of $_REQUEST but I
> don't see anything unusual about the submission and all of a sudden
> the bad guy ends up in the system as a "Registered" user bypassing all
> the captcha security and "moderation" step in the approval process,
> like they are accessing the database directly but I don't see any of
> this database being passed in $_REQUEST? Any ideas? Or where else I
> need to be looking to trap the data that is being passed?
>
> TIA for any pointers.
>
>
> --
> Best regards,
>  mikesz                          mailto:mikesz at qualityadvantages.com
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081014/d5ac0966/attachment.html>


More information about the talk mailing list