Jump to content
TNG Community

Fake Registration Requests


Jim King

Recommended Posts

I've received a number of obviously fake Registration requests lately. Here's an example:

Name: На Ваш счет пришел долларовый бонус http://ionexchangemembrane.com/cryptogods?keyword=asmagulova182@gmail.com
Username: На Ваш счет пришел долларовый бонус http://ionexchangemembrane.com/cryptogods?keyword=asmagulova182@gmail.com

You have received a new request for a TNG user account. Please log into your TNG Admin area and assign proper permissions to this new account. Go to Admin/Users/Review to access the account settings. The account will remain inactive until you edit and save the record at least once.

Administration: https://www.kinggardnerfamilyhistory.com//admin.php

 

Sometimes there's a second email from the same email id trying to get me click on a link in the second email.

DO NOT CLICK on the links in Name and Username lines in the above copied message.

My URL is https://kinggardnerfamilyhistory.com. These Registration requests are in my TNG Users > Review page (which now has 39 fake requests although I've already deleted some). No Registration is required to just view my site. Registration is required to download or update. I use Simply Hosting, and I'm on Version 13.0.3. I use a separate email id for my TNG website.

Is anyone else seeing this from their TNG website? Does anybody have suggestions as to how to stop this? Thank you.

Edited by theKiwi
Removed the links
Link to comment
Share on other sites

Rob Severijns

Jim,

Adding the Bot-trap mod and a Google Captcha will help.

For the Captcha Mod's  there are several available and if you go for the Google Captcha use V2.

Take a look at the Security wiki for additional info too.

Rob

Edit: would also be wise to change the hyperlinks in your post to flat text.

Edited by Rob Severijns
Link to comment
Share on other sites

ton van lil

After reading the post I installed the bottrap mod. I have been working all night on my site.

All of a sudden I got an internal server error.

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at webmaster@scealta.nl to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Looked at my error.log and it said:

/home/vanlivm331/domains/scealta.nl/private_html/.htaccess: RewriteRule: bad flag delimiters

and

referer: https://scealta.nl/bot-trap/index.php

How can I repair this?

I cannot us my site anymore.

Thanks

Ton van Lil

 

Link to comment
Share on other sites

Thanks for your help. I didn't realize Captcha was no longer installed for my site. 

I've FTP'ed Bot-trap to TNG's mods folder, and it shows in Mod Manager as OK to install. But, the installation instructions state that I have to:

click on the "Run Checks" button BEFORE installing the mod. This step creates the files and folders needed for the mod to work if they are not already present.

Where is the Run Checks button?

Link to comment
Share on other sites

Rob Severijns

Jim,

Go to te MOD Manager --> find the Bot-Trap Mod and open the options for the mod. There you should find the Run Checks button.

image.png

Rob

Link to comment
Share on other sites

Rob Severijns

Ton,

First time I heard about this behavior related to Bot-Trap. I never had any issues with the mod and I've been using it for several years nnow.

If you can still access your site you could try to remove the Mod and/or restore a backup.

If access is no longer granted you could access your database via cPanel and restore a backup.

Maybe others have an alternate solution.

Rob

 

Link to comment
Share on other sites

ton van lil

Rob

Found following text in blacklist.dat

40.77.167.91 - - [2021-03-24 (Wed) 23:01:48] "GET /bot-trap/index.php HTTP/1.1"  Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)

Can no longer access my site.

I can appoach my php-files. How can I remove the Mod?

Are the changes only made in the PHP-files or also in the database?

Ton

Link to comment
Share on other sites

Rob Severijns

Ton,

I assume you don't have a recent backup you can restore which is unfortunate?

Several PHP files are modified and an extra directory is made. (See FTP program to view them)

To see which files are modified go to the Bot-Trap wiki

Before you install the mod you have to click the "Run Checks" button. This creates the required tables in the database.

Before you make any major changes I would advise you ta make a backup via cPanel. Just to make sure.

After the backup you could try to remove the mod via FTP and see if you can re-enter your site.

I have to work now so won't be able to respond untill later today.

If this doesn't work we could look into it later today. 

Good luck.

Rob

 

Link to comment
Share on other sites

I you want to find out where the line in .htaccess is wrong try this tool:

http://www.htaccesscheck.com/index.html

It will clearly specify the bad flags which can be corrected in their editor and check there itself.

PS: RewriteRule Syntax doesn't allow inline comments. Reference: https://httpd.apache.org/docs/2.2/configuring.html#syntax

 

Link to comment
Share on other sites

ton van lil

Cees

I did a check. This error was found.

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]Deny from 40.77.167.91

I have a copy of .htaccess. Can I replace the current one with a this copy?

Ton

Link to comment
Share on other sites

I found and clicked the Run Checks button. Mod Manager now says Bot-Trap is Partially Installed. This makes sense as I understand I have to click Run Checks BEFORE I install.

Bot-Trap has the following in its Status:

line 15: %target:stdsitecredit.php% verified

line 16: %location:% #1 not installed

line 31: %newfile: ^bot-trap/settings.php not created
line 67: %copyfile2: ^bot-trap/.htaccess  not copied
Source: mods/bot-trap_v12005/.htaccess
line 68: %copyfile2: ^bot-trap/forbid.php  not copied
Source: mods/bot-trap_v12005/forbid.php
line 69: %copyfile2: ^bot-trap/functions.php  not copied
Source: mods/bot-trap_v12005/functions.php
line 70: %copyfile2: ^bot-trap/index.php  not copied
Source: mods/bot-trap_v12005/index.php
line 71: %copyfile2: ^bot-trap/pixel.gif  not copied
Source: mods/bot-trap_v12005/pixel.gif
line 72: %copyfile2: ^bot-trap/unban.php  not copied
Source: mods/bot-trap_v12005/unban.php
line 78: %target:@robots.txt% verified

line 80: %location:% #1 Installed

line 87: %target:@bot-trap/settings.php% file missing (optional) bypassed

  • code modifications specified: 2; modified: 1
  • file copies specified: 6; copied: 0
  • new files specified: 1; created: 0
  • new folders specified: 0; created: 0
  • errors: 0

So, I'm not sure Run Checks worked with all these 'not created' and 'not copied'.

I FTP'd a directory named bot-trap_v12005 and file named bot-trap_v12.0.0.5.cfg into my mods folder.

The only other mod in my mods folder is image_captcha_v13. I tested this, and it looks like it works.

I can't get Mod Manager to display an Install button for Bot-Trap, so I can actually install it.

Any ideas? Thanks again (in advance).

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...