SMF proxy mod locked site.

Started by shutter, August 07, 2014, 07:53:53 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

shutter

I have other mods. I started the whole thing back in late February. I didn't know anything about SMF. I originally followed a You Tube video and installed it onto a free server. the whole purpose of this was to get away from one person from another forum. he signed up, and was blocked. he then started using a proxy to view the site. this was where and why I found this mod, and installed it. the latest problem was spammers attacking the site. my focus has been on that. this happened a week or so previous to this last event. when the site came back up on it's own. I shut the mod off. I should of removed it, but I didn't.

As you can see I'm clearly new to this in every aspect. I had no idea making a simple forum to discuss things would be so complicated. unfortunately I'm learning things the hard way.

Now, as for the code. I'm not seeing anything other than IP's in the .htaccess. according to what the "notes" say by removing the code in the .htaccess file, but I don't see anything of the sort. which file do you wish to view? the .htaccess, or the mod file?


Skhilled

To block spammers, I suggest using httpBL and Stop Spammer mods as mentioned here:

http://www.docskillz.com/docs/index.php?page=45

For general security tips for your forum, I suggest you read the tutorials in the "SMF 2.x Security" block on the left side of this forum.

As far as free hosting goes, I you can pay for hosting I highly suggest you do! Most free hosting cost at a price. Most do not allow you the control you would normally have with paid hosting and can change things on you without your knowledge or approval or will add restrictions to your forum's features. Also, most will charge you to backup your database which hold all of the posts, users, pm's, and other important information of your site. This is also done to prevent people from leaving them as you will not be able to take your db and information with you to another hosting without paying a stiff fee. If they allow you to backup your database for free, do it everyday in case something happens and you decide to leave them.

Quote from: shutter on August 09, 2014, 07:11:44 AMNow, as for the code. I'm not seeing anything other than IP's in the .htaccess. according to what the "notes" say by removing the code in the .htaccess file, but I don't see anything of the sort. which file do you wish to view? the .htaccess, or the mod file?

Yes, see if your IP is in that list of IP's in .htaccess and remove it if it is there. Look at your profile here on this forum and see if your hostname (the one usder IP) is also in it and remove it if it is in there.

Please post the .htaccess file if you are still having problems.

shutter

Ok, I just got home. let me catch up here. I started out on a free server through x10. I then upgraded to a .com site with X10. I originally started it on the free server to make sure enough interest was in the forum. I have checked several times and my IP is not in the file. I will post what is in the file below. it's just plain out blocking everyone.

Prior to upgrading I tried to move the forum to another server, but two of them couldn't do it. I ended up staying with them and they moved the site without any issues. I also tried Cloudflare, but that ended up bringing in more spammers. I'm on day 3 of the site being down....

Don't I have to be an admin to see my IP on here?


order allow,deny
allow from all
</Files>

deny from 67.185.175.203
deny from 74.63.112.138
deny from 74.63.112.139
deny from 74.63.112.140
deny from 74.63.112.141
deny from 74.63.112.142
deny from 74.63.112.143
deny from 74.63.112.144
deny from 74.63.112.145
deny from 74.63.112.146
deny from 67.159.56.162
deny from 67.159.56.163
deny from 67.159.56.164
deny from 67.159.56.165
deny from 67.159.56.166
deny from 74.63.86.218
deny from 74.63.86.219
deny from 74.63.86.220
deny from 74.63.86.221
deny from 74.63.86.222
deny from 74.63.112.147
deny from 74.63.112.148
deny from 74.63.112.149
deny from 74.63.112.150
deny from 74.63.112.151
deny from 74.63.112.152
deny from 74.63.112.153
deny from 74.63.112.154
deny from 74.63.112.155
deny from 74.63.112.156
deny from 74.63.112.157
deny from 66.90.73.223
deny from 67.159.36.18
deny from 67.159.36.19
deny from 67.159.36.20
deny from 67.159.36.21
deny from 67.159.36.22
deny from 67.159.36.23
deny from 67.159.36.24
deny from 67.159.36.25
deny from 67.159.36.26
deny from 67.159.36.27
deny from 67.159.36.28
deny from 67.159.36.29
deny from 67.159.36.30
deny from 95.154.230.253
deny from 95.154.230.254
deny from 95.154.230.191
deny from 67.159.5.242
deny from 93.174.93.145
deny from 50.204.7.60
deny from 165.160.15.20
deny from 67.221.255.55
deny from 79.141.173.62
deny from 50.204.7.243
deny from 50.204.7.253
deny from 54.200.82.65
deny from 54.208.199.200
deny from 23.20.244.244
deny from 50.97.52.131
deny from 50.97.52.130
deny from 173.192.239.226
deny from 184.173.183.170
deny from 184.173.183.174
deny from 184.173.183.173
deny from 184.173.183.172
deny from 184.173.183.171
deny from 216.38.216.101
deny from 69.253.40.93
deny from 92.222.0.138
deny from 120.37.241.196
deny from 97.85.85.12
deny from 175.44.31.168
deny from 23.91.5.26
deny from 62.122.182.106
deny from 110.89.35.180
deny from 188.32.193.209
deny from 31.41.216.131
deny from 64.246.165.150
deny from 37.58.100.87
deny from 181.66.157.181
deny from 201.49.77.20
deny from 192.74.236.241
deny from 185.25.48.97
deny from 117.26.202.249
deny from 31.41.218.142
deny from 23.94.99.246
deny from 31.41.218.136
deny from 59.58.138.195
deny from 94.242.233.18
deny from 62.210.142.106
deny from 37.58.100.151
deny from 167.160.98.99
deny from 192.99.210.234
deny from 172.245.181.170
deny from 195.154.168.130
deny from 170.130.111.177
deny from 192.3.60.229
deny from 192.184.48.99
deny from 192.227.253.181
deny from 69.12.65.43
deny from 107.181.78.27
deny from 109.113.52.136
deny from 107.155.119.45
deny from 69.12.70.70
deny from 107.158.22.112
deny from 69.12.65.71
deny from 107.158.228.161
deny from 107.158.229.177
deny from 69.12.75.180
deny from 107.182.115.92
deny from 107.155.116.20
deny from 23.244.164.147
deny from 107.181.78.177
deny from 23.244.164.146
deny from 199.27.133.7
deny from 173.245.50.221
deny from 173.245.50.177
deny from 108.162.221.180
deny from 108.162.221.221
deny from 108.162.237.24
deny from 173.245.48.27
deny from 108.162.236.55
deny from 173.245.50.222
deny from 108.162.238.248
deny from 141.101.104.201
deny from 108.162.229.223
deny from 141.101.104.193
deny from 141.101.98.202
deny from 173.245.50.223
deny from 108.162.237.44
deny from 108.162.215.243
deny from 108.162.237.236
deny from 173.245.52.117
deny from 108.162.215.223
deny from 199.27.133.29
deny from 173.245.48.221
deny from 108.162.230.113
deny from 173.245.52.124
deny from 108.162.254.223
deny from 108.162.215.34
deny from 108.162.225.62
deny from 108.162.216.222
deny from 173.245.48.241
deny from 173.245.54.139
deny from 173.245.56.147
deny from 108.162.216.193
deny from 141.101.70.187
deny from 108.162.221.191
deny from 108.162.245.57
deny from 108.162.245.206
deny from 108.162.246.203
deny from 108.162.245.203
deny from 108.162.246.57
deny from 108.162.246.196
deny from 108.162.246.198
deny from 173.245.50.192
deny from 108.162.222.220
deny from 173.245.55.211
deny from 173.245.56.143
deny from 173.245.54.144
deny from 173.245.54.147
deny from 173.245.54.140
deny from 173.245.55.223
deny from 108.162.216.208
deny from 173.245.55.176
deny from 173.245.56.131
deny from 173.245.56.120
deny from 173.245.56.128
deny from 108.162.238.241
deny from 173.245.54.119
deny from 108.162.216.177
deny from 173.245.55.209
deny from 173.245.56.133
deny from 173.245.54.157
deny from 108.162.212.185
deny from 108.162.219.138
deny from 173.245.54.155
deny from 108.162.216.198
deny from 173.245.55.204
deny from 108.162.254.14
deny from 141.101.92.39
deny from 108.162.215.12
deny from 173.245.55.154
deny from 173.245.55.153
deny from 173.245.55.198
deny from 108.162.215.142
deny from 108.162.216.196
deny from 108.162.216.199
deny from 108.162.254.194
deny from 108.162.216.194
deny from 199.27.133.69
deny from 108.162.216.153
deny from 108.162.245.172
deny from 108.162.216.191
deny from 108.162.238.252
deny from 108.162.216.195
deny from 108.162.210.233
deny from 108.162.237.252
deny from 108.162.231.51
deny from 199.27.133.11
deny from 173.245.55.186
deny from 173.245.55.193
deny from 108.162.212.75
deny from 173.245.55.196
deny from 173.245.55.217
deny from 108.162.216.207
deny from 173.245.55.210
deny from 173.245.55.182
deny from 141.101.93.45
deny from 108.162.245.183
deny from 173.245.55.191
deny from 108.162.231.77
deny from 108.162.231.55
deny from 108.162.231.71
deny from 108.162.215.24
deny from 173.245.50.216
deny from 108.162.221.215
deny from 199.27.129.29
deny from 141.101.104.181
deny from 108.162.217.53
deny from 173.245.55.103
deny from 173.245.55.116
deny from 173.245.55.106
deny from 108.162.217.47
deny from 173.245.55.109
deny from 173.245.55.107
deny from 108.162.217.41
deny from 173.245.55.120
deny from 173.245.55.115
deny from 173.245.55.24
deny from 173.245.55.95
deny from 173.245.55.126
deny from 173.245.50.219
deny from 50.181.163.93
deny from 5.255.253.10
deny from 120.33.245.24
deny from 71.37.4.108
deny from 201.13.163.106

Skhilled

Quote from: shutter on August 09, 2014, 01:34:44 PM
Prior to upgrading I tried to move the forum to another server, but two of them couldn't do it.

What do you mean by "2 of them"? 2 people tried and could not move it? And who, the people from x10?

Quote from: shutter on August 09, 2014, 01:34:44 PM
I ended up staying with them and they moved the site without any issues. I also tried Cloudflare, but that ended up bringing in more spammers. I'm on day 3 of the site being down....

Where did they move the site to, another server or other hosting?

I'm not fond of cloudflare myself but I doubt that was the reason for the spammers...

Quote from: shutter on August 09, 2014, 01:34:44 PM
Don't I have to be an admin to see my IP on here?

Yes, you're right but you should be able to see it in your posts on the bottom right.

Do you mind if I have a look at your files? If so, create a separate FTP account for me in cPanel and PM me the details. Please make sure it has access to /public_html.

shutter

while the forum was still in the free server status, I tried two different hosts/servers. one was inmotion, and the other was Web Hosting Hub. the problem was that X10 removed the back up wizard just a couple weeks before I wanted to move. I ended up staying with X10.

with Cloudflare, I seemed to have more activity with spammers looking around, and then trying to sign up. just an hour after turning on CF I had 38 "visitors" poking around signing up with names like "dhgbkfhe" as soon as I shut it off. the traffic stopped? I agree on not being a fan of CF.

do you want me to PM you my information to my cpanel? I don't have a problem with that. I can just change the password. it's not National security here lol.

Skhilled

If you learn to secure your forum you do not have to worry about spammers much. Every now and again one may get through but proper security and security mods will help a lot and save you a lot of work. ;)

I usually tell people to not give me their cPanel details (nor anyone else) in case you get someone who "claims" to help but turns out to be something else... Basically, if you want someone to help you you should create a separate FTP account for them to access the files. This way they do not have your cPanel details and you can delete their accounts at will. If you do give them your cpanel details you should change your password to it immediately after they are finished what they need to do. ;)

If you need someone to help fix something directly on your forum or have a look at the admin side you should let them create a separate account and then make them admin so they can see and fix whatever then change the account back to a regular user when they are done. Letting them register on their own will give you their details so if they are not a trustworthy person you have their IP, email, etc. ;)

shutter

Correct on the spammers. as I mentioned I'm new to creating forums. this one is a little over 5 months old. the spammers started about two months ago. I put the captcha on, admin approval, I had the proxy blocker on. I also had "bad behavior" but shut that off a day after installing it. I then tried Cloudflare, but of course you need to pay for quality control. I'm learning as I go. I just didn't see this many problems with running the forum.

I've never messed with the FTP accounts. I'll need a little guidance in creating another account. I don't have anything of value in my cpanel. my address can be found if someone wants to find me anyway. at the moment my card on file is expired as of last month. I haven't put the new one in place. you are here on a public forum so, obviously people know what is going on. personally I don't think it's a big deal. we can do the FTP thingy, no big deal. my goal is to get my forum back up and running as soon as possible. I have people emailing me constantly asking whats up.

If you were not an administrator, perhaps my concern would be a little different.

Skhilled

As far as spammer go, they come and go at various times of the year for various reasons. They will also target some servers more than others, especially if they think the security is flawed enough they can break in and control it. They tend to attack more around the holidays when people spend more money. If they can get into your bank account then they can get your money before you have a chance to stop them. ;)

You can pm me your account but wanted to mention that so you know how you SHOULD be doing things. ;)

I'll take a look and we'll try to get you back online today. :)

shutter

If you are more comfortable with the FTP route, we can do that too? if you noticed my forum, it's about an old hijacking back in 1971. I know a lot of reporters, law enforcement agencies, including the FBI. aeronautical engineer's, private investigators etc. I'm not to worried. I'm in my 50's and have survived so far lol. I do appreciate your concern.

Skhilled

Knowing people and preventing something from happening BEFORE it happens are 2 very different issues! Once it happens doesn't mean they will be caught and may be too late before your identity is stolen or your users and used for nefarious means. ;)

Trust me, there are many people who will laugh at the FBI and have gotten away with a lot and still do!

I can do either one but I teach and help my users to learn to be safe. So, I had to mention that. Security is key to not only securing your site but gaining your users' trust. ;)

PM me the details so I can have a look and try to get you back online. :)

shutter

I just looked at the link you provided for spam. I have seen the same one. that's where I got the bad behavior mod from, but it was blocking some of my members. one had dial up. she is an older woman who refuses to jump up to dsl, cable. sometimes work gets in the way of working on getting the forum going smoothly. I work sometimes 70 hrs a week, so it's hard to put a lot of effort into this sometimes...

shutter

Ok, lets do the FTP thingy. I just need to resolve my issue. hopefully you can help in this matter. you have my full attention....

Skhilled

Quote from: shutter on August 09, 2014, 04:26:05 PM
I just looked at the link you provided for spam. I have seen the same one. that's where I got the bad behavior mod from, but it was blocking some of my members. one had dial up. she is an older woman who refuses to jump up to dsl, cable. sometimes work gets in the way of working on getting the forum going smoothly. I work sometimes 70 hrs a week, so it's hard to put a lot of effort into this sometimes...

The links I provide to you for anti-spam are for the Stop Spammer and the httpBL mods that I suggested that you use in my other post. Those are the 2 mods you should use as they play nice with each other. If you are referring to the link in the security block it also states to not use Bad Behaviour with the httpBL mod. I suggest you read it again. If you use those 2 mods you will be fine.

I work a lot of overtime as well and work 3rd shift. This is why my posts during the week are in the mornings...when I come home from work and before I go to bed. It does not matter what type of internet connection a user has, security is stilll the same. Their connection will run slower but that is their problem, not yours...that is what they are willing to pay or can afford. There is nothing you can do about that.

I'm 52 and have been into stopping spammers and hackers for years. I've spend time on Christmas Day helping people block spammers and hackers from their sites while my kids were opening their toys. I do know what i'm talking about. If I don't know something I will definitely say so. I never wish to give out any wrong information. Many people have helped me over the years for free so I, in turn, help others the same way.  O0

shutter

I do about the same. I hit the computer in the morning, take care of a few things and off I go. I figured I did something wrong with the bad behavior mod. I thought it was zapping the dial up connection. anyway, I'm making a FTP account. I'll send it momentarily.......I think  :blush:

beast


  Shutter, I can tell you that you can trust Skhilled with any thing you got. I and many other people will tell you this. He is 100% trust worthly

   :taz:
Thanks [you] for reading my post