Jim King Posted March 24, 2021 Report Share Posted March 24, 2021 (edited) I've received a number of obviously fake Registration requests lately. Here's an example: Name: На Ваш счет пришел долларовый бонус http://ionexchangemembrane.com/cryptogods?keyword=asmagulova182@gmail.comUsername: На Ваш счет пришел долларовый бонус http://ionexchangemembrane.com/cryptogods?keyword=asmagulova182@gmail.comYou have received a new request for a TNG user account. Please log into your TNG Admin area and assign proper permissions to this new account. Go to Admin/Users/Review to access the account settings. The account will remain inactive until you edit and save the record at least once.Administration: https://www.kinggardnerfamilyhistory.com//admin.php Sometimes there's a second email from the same email id trying to get me click on a link in the second email. DO NOT CLICK on the links in Name and Username lines in the above copied message. My URL is https://kinggardnerfamilyhistory.com. These Registration requests are in my TNG Users > Review page (which now has 39 fake requests although I've already deleted some). No Registration is required to just view my site. Registration is required to download or update. I use Simply Hosting, and I'm on Version 13.0.3. I use a separate email id for my TNG website. Is anyone else seeing this from their TNG website? Does anybody have suggestions as to how to stop this? Thank you. Edited March 24, 2021 by theKiwi Removed the links Quote Link to comment Share on other sites More sharing options...
Rob Severijns Posted March 24, 2021 Report Share Posted March 24, 2021 (edited) Jim, Adding the Bot-trap mod and a Google Captcha will help. For the Captcha Mod's there are several available and if you go for the Google Captcha use V2. Take a look at the Security wiki for additional info too. Rob Edit: would also be wise to change the hyperlinks in your post to flat text. Edited March 24, 2021 by Rob Severijns Quote Link to comment Share on other sites More sharing options...
ton van lil Posted March 24, 2021 Report Share Posted March 24, 2021 After reading the post I installed the bottrap mod. I have been working all night on my site. All of a sudden I got an internal server error. The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator at webmaster@scealta.nl to inform them of the time this error occurred, and the actions you performed just before this error. More information about this error may be available in the server error log. Looked at my error.log and it said: /home/vanlivm331/domains/scealta.nl/private_html/.htaccess: RewriteRule: bad flag delimiters and referer: https://scealta.nl/bot-trap/index.php How can I repair this? I cannot us my site anymore. Thanks Ton van Lil Quote Link to comment Share on other sites More sharing options...
Jim King Posted March 24, 2021 Author Report Share Posted March 24, 2021 Thanks for your help. I didn't realize Captcha was no longer installed for my site. I've FTP'ed Bot-trap to TNG's mods folder, and it shows in Mod Manager as OK to install. But, the installation instructions state that I have to: click on the "Run Checks" button BEFORE installing the mod. This step creates the files and folders needed for the mod to work if they are not already present. Where is the Run Checks button? Quote Link to comment Share on other sites More sharing options...
Rob Severijns Posted March 25, 2021 Report Share Posted March 25, 2021 Jim, Go to te MOD Manager --> find the Bot-Trap Mod and open the options for the mod. There you should find the Run Checks button. Rob Quote Link to comment Share on other sites More sharing options...
Rob Severijns Posted March 25, 2021 Report Share Posted March 25, 2021 Ton, First time I heard about this behavior related to Bot-Trap. I never had any issues with the mod and I've been using it for several years nnow. If you can still access your site you could try to remove the Mod and/or restore a backup. If access is no longer granted you could access your database via cPanel and restore a backup. Maybe others have an alternate solution. Rob Quote Link to comment Share on other sites More sharing options...
ton van lil Posted March 25, 2021 Report Share Posted March 25, 2021 Rob Found following text in blacklist.dat 40.77.167.91 - - [2021-03-24 (Wed) 23:01:48] "GET /bot-trap/index.php HTTP/1.1" Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Can no longer access my site. I can appoach my php-files. How can I remove the Mod? Are the changes only made in the PHP-files or also in the database? Ton Quote Link to comment Share on other sites More sharing options...
Rob Severijns Posted March 25, 2021 Report Share Posted March 25, 2021 Ton, I assume you don't have a recent backup you can restore which is unfortunate? Several PHP files are modified and an extra directory is made. (See FTP program to view them) To see which files are modified go to the Bot-Trap wiki Before you install the mod you have to click the "Run Checks" button. This creates the required tables in the database. Before you make any major changes I would advise you ta make a backup via cPanel. Just to make sure. After the backup you could try to remove the mod via FTP and see if you can re-enter your site. I have to work now so won't be able to respond untill later today. If this doesn't work we could look into it later today. Good luck. Rob Quote Link to comment Share on other sites More sharing options...
ton van lil Posted March 25, 2021 Report Share Posted March 25, 2021 Thanks Rob. I have to work to. I will try tonight. Ton Quote Link to comment Share on other sites More sharing options...
klooster Posted March 25, 2021 Report Share Posted March 25, 2021 I you want to find out where the line in .htaccess is wrong try this tool: http://www.htaccesscheck.com/index.html It will clearly specify the bad flags which can be corrected in their editor and check there itself. PS: RewriteRule Syntax doesn't allow inline comments. Reference: https://httpd.apache.org/docs/2.2/configuring.html#syntax Quote Link to comment Share on other sites More sharing options...
ton van lil Posted March 25, 2021 Report Share Posted March 25, 2021 Cees I did a check. This error was found. RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]Deny from 40.77.167.91 I have a copy of .htaccess. Can I replace the current one with a this copy? Ton Quote Link to comment Share on other sites More sharing options...
Rob Severijns Posted March 25, 2021 Report Share Posted March 25, 2021 Ton, You can. Just keep a copy of the current one. Rob Quote Link to comment Share on other sites More sharing options...
ton van lil Posted March 25, 2021 Report Share Posted March 25, 2021 Rob That worked. I am in. I think it solved the situation. Thanks very much. Quick back to work. Greetings Ton van Lil Quote Link to comment Share on other sites More sharing options...
Jim King Posted March 25, 2021 Author Report Share Posted March 25, 2021 I found and clicked the Run Checks button. Mod Manager now says Bot-Trap is Partially Installed. This makes sense as I understand I have to click Run Checks BEFORE I install. Bot-Trap has the following in its Status: line 15: %target:stdsitecredit.php% verified line 16: %location:% #1 not installed line 31: %newfile: ^bot-trap/settings.php not created line 67: %copyfile2: ^bot-trap/.htaccess not copied Source: mods/bot-trap_v12005/.htaccess line 68: %copyfile2: ^bot-trap/forbid.php not copied Source: mods/bot-trap_v12005/forbid.php line 69: %copyfile2: ^bot-trap/functions.php not copied Source: mods/bot-trap_v12005/functions.php line 70: %copyfile2: ^bot-trap/index.php not copied Source: mods/bot-trap_v12005/index.php line 71: %copyfile2: ^bot-trap/pixel.gif not copied Source: mods/bot-trap_v12005/pixel.gif line 72: %copyfile2: ^bot-trap/unban.php not copied Source: mods/bot-trap_v12005/unban.php line 78: %target:@robots.txt% verified line 80: %location:% #1 Installed line 87: %target:@bot-trap/settings.php% file missing (optional) bypassed code modifications specified: 2; modified: 1 file copies specified: 6; copied: 0 new files specified: 1; created: 0 new folders specified: 0; created: 0 errors: 0 So, I'm not sure Run Checks worked with all these 'not created' and 'not copied'. I FTP'd a directory named bot-trap_v12005 and file named bot-trap_v12.0.0.5.cfg into my mods folder. The only other mod in my mods folder is image_captcha_v13. I tested this, and it looks like it works. I can't get Mod Manager to display an Install button for Bot-Trap, so I can actually install it. Any ideas? Thanks again (in advance). Quote Link to comment Share on other sites More sharing options...
Rob Severijns Posted March 26, 2021 Report Share Posted March 26, 2021 Jim, Have you read Mod Manager ? It explains a lot. Rob Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.