Serious problem for the security of my forum

classic Classic list List threaded Threaded
26 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Serious problem for the security of my forum

Silvana
This post was updated on .
Hello to all. I have a problem that I can not solve alone. A new user of my forum, yesterday, created a topic containing links. When I opened it, my antivirus started to report and block threats continuously. Of course, I deleted, immediately  the topic and I warned the author of the topic, which has not responded to my message. These days, two other people are signing up to the forum with strange email addresses, too long. I'm suspicious, because they did not ask questions, after their entry. I would like to know if there is a way, as is often done in other forums, to prevent the pubblicazioine of links in the post for new members. This would be a security. Thank you for your help. Silvana

I forgot. I would also like to know if it is possible to block spam and how and if it would be possible for me to check the registration and give the ok before they become effective ... Thank you.
(in the meantime, for safety, I locked the suspect users)
I'm Italian. Excuse me if I'll make mistakes writing my posts. Ciao
This is my site: "La chiave nel pozzo"..
..and this is my forum: "La chiave nel pozzo - il forum"
Reply | Threaded
Open this post in threaded view
|

Re: Problem for the security of my forum

Marc Martin
This post was updated on .
Yes, I've been experiencing the same problem... if this keeps up, my registered user list will one day be 99% spammers.  :-(

The best solution I've seen is to only let "Members" (NOT "Anyone" or "Registered Users") post and reply to messages, and then you should add all known non-spammer email addresses to the members list.    So that becomes an extra step for the admin to determine if the new person is a spammer.  It's pretty obvious with these weird gmail accounts that these are spammers, though, so I just ban them immediately without any research.

But again, I think there probably could be some sort of improvement in how Nabble handles this, so the registered user lists isn't dominated with spammer email addresses.
Reply | Threaded
Open this post in threaded view
|

Re: Problem for the security of my forum

juanete
This post was updated on .
I had that message too in my forum.

All have gmail addresses taking much the same form, a name and something else, usually a state/country, much interspersed with dots, such as:

ral.f.ric.her.d.s.au.s.tral.i.a@gmail.com
b.ob.m.a.rley.forevero.nly@gmail.com
r.al.fricher.d.s.a.ustr.alia@gmail.com
fr.a.nk.bi.ll.i.o.n.e.r.dol.l.a.r.s@gmail.com
f.r.a.nkb.il.l.ion.erd.o.lla.r.s@gmail.com
pe.tt.e.r.d.je.k.so.n.ar.iz.o.na@gmail.com

I'm using the Members group for known users and only they can post topics

The strangest thing is that I have the links "new topic" hidden in the main page and they post their messages here

If we add that many nabble forums are getting the same spam, I gather that they have access to nabble application.

regards
“El software libre construye una sociedad mejor“
"Free software builds a better society"
— Richard Stallman
Reply | Threaded
Open this post in threaded view
|

Re: Problem for the security of my forum

Silvana
In reply to this post by Marc Martin
Thanks Mark Martin, your hint is very clever. Can I ask, though, how you've organized things with your users? How did notice that they can not write posts, even if they are logged in, until you enter them in the group?
I agree that Nabble should find a better solution. Ciao
I'm Italian. Excuse me if I'll make mistakes writing my posts. Ciao
This is my site: "La chiave nel pozzo"..
..and this is my forum: "La chiave nel pozzo - il forum"
Reply | Threaded
Open this post in threaded view
|

Re: Problem for the security of my forum

Silvana
In reply to this post by juanete
He,  juanete. The addresses you've posted are the same as I have. Bob Marley ("b.ob.marley.forevero.nly @ gmail.com"), joined the my forum twice (nickname: sambhcar and saundiola), with two addresses, different only in the dots. It's this person who posted the topic containing the malware. After him came the others you wrote.
I think someone should tell Google what's going on, but I do not know how to do.
I ask the staff members Nabble to take action. They will know what to do. In the meantime, I recommend to all who read this topic immediately to ban users who register with the address of which we have spoken.
I thank you and wish you a good day ..
I'm Italian. Excuse me if I'll make mistakes writing my posts. Ciao
This is my site: "La chiave nel pozzo"..
..and this is my forum: "La chiave nel pozzo - il forum"
Reply | Threaded
Open this post in threaded view
|

Re: Problem for the security of my forum

Marc Martin
This post was updated on .
In reply to this post by Silvana
My suggestion to only allow "Members" the permission to post messages is just based on other discussions I've read here.  This seems to be the recommended approach for now.  So you've got the following group settings:

  Anyone -- cannot start a new thread or reply (this group includes registered and non-registered people)
  Registered -- cannot start a new thread or reply (this group is people who have registered, and includes people you've approved to post, banned people, and spammers)
  Members - CAN start a new thread, CAN reply (this group would only include people you've approved to post)

The administrator just adds the acceptable participants to the Members list.  Either by using a button when looking at their user profile page, or by manually adding their email address to the members list.
Reply | Threaded
Open this post in threaded view
|

Re: Problem for the security of my forum

GregChapman
Hi Marc,

I quibble with your descriptions of "Anyone", "Registered" and "Members", but agree with your recommended action.

Forum Administrators need to remove the User permissions for "Create_topic" and "Reply" from users in the "Anyone" and "Registered" groups and grant those permissions for the "Members" group. They then need to add the mail address of all approved users to the "Members" group.

The Nabble default is to allow those in the "Anyone" group to post. And that literally does mean anyone!

Most forum administrators remove those two permissions from "Anyone" and add them the "Registered" group. But all that does is force a user to provide an email address before they post and the only protection it offers is the ability to ban someone with that email address from posting. However, it is a simple process for a spammer to create software robots that  create multiple, near identical, email addresses and then use those addresses to register and post to a forum. This is what happening in the current registration and spamming storm.

As you say, the only option currently, for forum administrators is to adopt a manual system of approval of users. Insisting on registration only is not enough. Only allowing approved "Members" to post is the answer.

Having said that, I do believe that Nabble will need to take some action soon, as a minimum, implement some filtering of registrations - removing those that clearly come from spammers as the current situation is unacceptable and will drive users away from Nabble forums.
Volunteer Helper - but recommending that users move off the platform!
Once the admin for GregHelp now deleted.
Reply | Threaded
Open this post in threaded view
|

Re: Problem for the security of my forum

Silvana
In reply to this post by Marc Martin
Thanks Mark. I'll do that , now. The problem is when, for example, I can not be at the pc and new users should wait before they can write their posts. I have to think about how to get organized to inform visitors. Ciao
I'm Italian. Excuse me if I'll make mistakes writing my posts. Ciao
This is my site: "La chiave nel pozzo"..
..and this is my forum: "La chiave nel pozzo - il forum"
Reply | Threaded
Open this post in threaded view
|

Re: Problem for the security of my forum

Silvana
In reply to this post by GregChapman
Hi Greg, I hope Nabble can sort it as soon as possible. I would like to know if it is possible to customize the message that users receive after subscription to the forum. Ciao
I'm Italian. Excuse me if I'll make mistakes writing my posts. Ciao
This is my site: "La chiave nel pozzo"..
..and this is my forum: "La chiave nel pozzo - il forum"
Reply | Threaded
Open this post in threaded view
|

Re: Problem for the security of my forum

juanete
This post was updated on .
In reply to this post by GregChapman
Hi Greg

I use the group members in order to post messages, but when I stop receiving spam, I am coming to give permissions to registered to save waiting time for new users

So I came to receive the first message

I'm worried because they have written in the root folder of the forum and I have removed the link "new topic" when the page has subapplications

Macro "new_topic_action_link":
 <override_macro name="new_topic_action_link" parameters="text">
    <n.page_node.>
        <n.if.has_subapps>
            <then>
            </then>
            <else>
                <div class="[n.action_link_style/]">
                    <img src="http://foro.ubuntu-guia.com/file/n3513314/Nuevo_Tema.png" class="image24" />
                    <n.new_topic_link>
                        <title>
                            <t>Post new message in <t.location.subject/></t>
                        </title>
                        <text>
                            <n.default. to="[t]New Topic[/t]"><n.text/></n.default.>
                        </text>
                    </n.new_topic_link>
                </div>
            </else>
        </n.if.has_subapps>
    </n.page_node.>
</override_macro> 



As you can see there is no link to write there

How do they have?

regards
“El software libre construye una sociedad mejor“
"Free software builds a better society"
— Richard Stallman
Reply | Threaded
Open this post in threaded view
|

Re: Problem for the security of my forum

juanete
In reply to this post by Silvana
Hi Sylvana.

To explain the reason for this step, open your editor Naml and find the macro "unauthorized"

Click on "Edit this override", find the part that says:
                     Only Authorized Users <t> In this area can proceed. </ t>
                     <t> You can use the form below to send a request to the Administrators. </ t>
And change it to whatever you want to explain.

You can also edit the Macro "new_topic_forbidden_page" to warn when click "New Topic":

Find the part that says:
                         <t> Sorry, but you can not create new topics here. <br/> still Notice That You May Be Able to reply to posts. </ t>
And change it explaining the situation
“El software libre construye una sociedad mejor“
"Free software builds a better society"
— Richard Stallman
Reply | Threaded
Open this post in threaded view
|

Re: Problem for the security of my forum

Silvana
Thanks juanete, but how can I open my editor Naml? I have never done. Ciao :-)
I'm Italian. Excuse me if I'll make mistakes writing my posts. Ciao
This is my site: "La chiave nel pozzo"..
..and this is my forum: "La chiave nel pozzo - il forum"
Reply | Threaded
Open this post in threaded view
|

Re: Problem for the security of my forum

Silvana
Wait, I have found the way. But....can I write also in italian, in Naml code, or only in english? Most of my users are Italian and it would be better for me to write explanations in both languages​​, if it is possible....
I'm Italian. Excuse me if I'll make mistakes writing my posts. Ciao
This is my site: "La chiave nel pozzo"..
..and this is my forum: "La chiave nel pozzo - il forum"
Reply | Threaded
Open this post in threaded view
|

Re: Problem for the security of my forum

Silvana
In reply to this post by juanete
Ciao. I can change parts in  macro "Unauthorized", but not in macro "new_topic_forbidden_page", becouse it is not for basic account. Can I change the text of the messages that appear to new users when they sign up to my forum? And what they receive by email? If yes, what should I look for in the macro Naml to find the parts that I need? Thanks for the replies ..
I'm Italian. Excuse me if I'll make mistakes writing my posts. Ciao
This is my site: "La chiave nel pozzo"..
..and this is my forum: "La chiave nel pozzo - il forum"
Reply | Threaded
Open this post in threaded view
|

Re: Problem for the security of my forum

GregChapman
In reply to this post by Silvana
The text of the message can be in any language but, obviously, the NAML code itself (the parts within the <...>) must remain as written in the macro.
Volunteer Helper - but recommending that users move off the platform!
Once the admin for GregHelp now deleted.
Reply | Threaded
Open this post in threaded view
|

Re: Problem for the security of my forum

Pedro
We are working in order to prevent this spam storm. Please, keep in mind that it is something a bit complex. There is no logical rule to tell if someone is a spammer or not.
My test forum.
Reply | Threaded
Open this post in threaded view
|

Re: Problem for the security of my forum

Silvana
Thanks Pedro....
I'm Italian. Excuse me if I'll make mistakes writing my posts. Ciao
This is my site: "La chiave nel pozzo"..
..and this is my forum: "La chiave nel pozzo - il forum"
Reply | Threaded
Open this post in threaded view
|

Re: Problem for the security of my forum

Mintrax
In reply to this post by Pedro
Surely a quick fix is to stop email addresses with say 5 or more dots in the email address.

Reply | Threaded
Open this post in threaded view
|

Re: Problem for the security of my forum

GregChapman
I suggested six!
http://support.nabble.com/Nabble-Support-a-place-to-meet-girls-tp7586475p7586513.htm
Volunteer Helper - but recommending that users move off the platform!
Once the admin for GregHelp now deleted.
Reply | Threaded
Open this post in threaded view
|

Re: Problem for the security of my forum

Pedro
In reply to this post by Mintrax
We cannot say in public what kind of filter we gonna do. The spammer can simply read and change his tactics.
But I can say that our efforts has been successful.
My test forum.
12