Jump to content
TNG Community
Jim King

Fake Registration Requests

Recommended Posts

Jim King

I've received a number of obviously fake Registration requests lately. Here's an example:

Name: На Ваш счет пришел долларовый бонус http://ionexchangemembrane.com/cryptogods?keyword=asmagulova182@gmail.com
Username: На Ваш счет пришел долларовый бонус http://ionexchangemembrane.com/cryptogods?keyword=asmagulova182@gmail.com

You have received a new request for a TNG user account. Please log into your TNG Admin area and assign proper permissions to this new account. Go to Admin/Users/Review to access the account settings. The account will remain inactive until you edit and save the record at least once.

Administration: https://www.kinggardnerfamilyhistory.com//admin.php

 

Sometimes there's a second email from the same email id trying to get me click on a link in the second email.

DO NOT CLICK on the links in Name and Username lines in the above copied message.

My URL is https://kinggardnerfamilyhistory.com. These Registration requests are in my TNG Users > Review page (which now has 39 fake requests although I've already deleted some). No Registration is required to just view my site. Registration is required to download or update. I use Simply Hosting, and I'm on Version 13.0.3. I use a separate email id for my TNG website.

Is anyone else seeing this from their TNG website? Does anybody have suggestions as to how to stop this? Thank you.

Edited by theKiwi
Removed the links

Share this post


Link to post
Share on other sites
Rob Severijns

Jim,

Adding the Bot-trap mod and a Google Captcha will help.

For the Captcha Mod's  there are several available and if you go for the Google Captcha use V2.

Take a look at the Security wiki for additional info too.

Rob

Edit: would also be wise to change the hyperlinks in your post to flat text.

Edited by Rob Severijns

Share this post


Link to post
Share on other sites
ton van lil

After reading the post I installed the bottrap mod. I have been working all night on my site.

All of a sudden I got an internal server error.

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at webmaster@scealta.nl to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Looked at my error.log and it said:

/home/vanlivm331/domains/scealta.nl/private_html/.htaccess: RewriteRule: bad flag delimiters

and

referer: https://scealta.nl/bot-trap/index.php

How can I repair this?

I cannot us my site anymore.

Thanks

Ton van Lil

 

Share this post


Link to post
Share on other sites
Jim King

Thanks for your help. I didn't realize Captcha was no longer installed for my site. 

I've FTP'ed Bot-trap to TNG's mods folder, and it shows in Mod Manager as OK to install. But, the installation instructions state that I have to:

click on the "Run Checks" button BEFORE installing the mod. This step creates the files and folders needed for the mod to work if they are not already present.

Where is the Run Checks button?

Share this post


Link to post
Share on other sites
Rob Severijns

Jim,

Go to te MOD Manager --> find the Bot-Trap Mod and open the options for the mod. There you should find the Run Checks button.

image.png

Rob

Share this post


Link to post
Share on other sites
Rob Severijns

Ton,

First time I heard about this behavior related to Bot-Trap. I never had any issues with the mod and I've been using it for several years nnow.

If you can still access your site you could try to remove the Mod and/or restore a backup.

If access is no longer granted you could access your database via cPanel and restore a backup.

Maybe others have an alternate solution.

Rob

 

Share this post


Link to post
Share on other sites
ton van lil

Rob

Found following text in blacklist.dat

40.77.167.91 - - [2021-03-24 (Wed) 23:01:48] "GET /bot-trap/index.php HTTP/1.1"  Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)

Can no longer access my site.

I can appoach my php-files. How can I remove the Mod?

Are the changes only made in the PHP-files or also in the database?

Ton

Share this post


Link to post
Share on other sites
Rob Severijns

Ton,

I assume you don't have a recent backup you can restore which is unfortunate?

Several PHP files are modified and an extra directory is made. (See FTP program to view them)

To see which files are modified go to the Bot-Trap wiki

Before you install the mod you have to click the "Run Checks" button. This creates the required tables in the database.

Before you make any major changes I would advise you ta make a backup via cPanel. Just to make sure.

After the backup you could try to remove the mod via FTP and see if you can re-enter your site.

I have to work now so won't be able to respond untill later today.

If this doesn't work we could look into it later today. 

Good luck.

Rob

 

Share this post


Link to post
Share on other sites
ton van lil

Thanks Rob.

I have to work to. I will try tonight.

Ton

Share this post


Link to post
Share on other sites
klooster

I you want to find out where the line in .htaccess is wrong try this tool:

http://www.htaccesscheck.com/index.html

It will clearly specify the bad flags which can be corrected in their editor and check there itself.

PS: RewriteRule Syntax doesn't allow inline comments. Reference: https://httpd.apache.org/docs/2.2/configuring.html#syntax

 

Share this post


Link to post
Share on other sites
ton van lil

Cees

I did a check. This error was found.

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]Deny from 40.77.167.91

I have a copy of .htaccess. Can I replace the current one with a this copy?

Ton

Share this post


Link to post
Share on other sites
Rob Severijns

Ton,

You can. Just keep a copy of the current one.

Rob

Share this post


Link to post
Share on other sites
ton van lil

Rob

That worked. I am in. 

I think it solved the situation.

Thanks very much.

Quick back to work.

Greetings

Ton van Lil

Share this post


Link to post
Share on other sites
Jim King

I found and clicked the Run Checks button. Mod Manager now says Bot-Trap is Partially Installed. This makes sense as I understand I have to click Run Checks BEFORE I install.

Bot-Trap has the following in its Status:

line 15: %target:stdsitecredit.php% verified

line 16: %location:% #1 not installed

line 31: %newfile: ^bot-trap/settings.php not created
line 67: %copyfile2: ^bot-trap/.htaccess  not copied
Source: mods/bot-trap_v12005/.htaccess
line 68: %copyfile2: ^bot-trap/forbid.php  not copied
Source: mods/bot-trap_v12005/forbid.php
line 69: %copyfile2: ^bot-trap/functions.php  not copied
Source: mods/bot-trap_v12005/functions.php
line 70: %copyfile2: ^bot-trap/index.php  not copied
Source: mods/bot-trap_v12005/index.php
line 71: %copyfile2: ^bot-trap/pixel.gif  not copied
Source: mods/bot-trap_v12005/pixel.gif
line 72: %copyfile2: ^bot-trap/unban.php  not copied
Source: mods/bot-trap_v12005/unban.php
line 78: %target:@robots.txt% verified

line 80: %location:% #1 Installed

line 87: %target:@bot-trap/settings.php% file missing (optional) bypassed

  • code modifications specified: 2; modified: 1
  • file copies specified: 6; copied: 0
  • new files specified: 1; created: 0
  • new folders specified: 0; created: 0
  • errors: 0

So, I'm not sure Run Checks worked with all these 'not created' and 'not copied'.

I FTP'd a directory named bot-trap_v12005 and file named bot-trap_v12.0.0.5.cfg into my mods folder.

The only other mod in my mods folder is image_captcha_v13. I tested this, and it looks like it works.

I can't get Mod Manager to display an Install button for Bot-Trap, so I can actually install it.

Any ideas? Thanks again (in advance).

 

Share this post


Link to post
Share on other sites
Rob Severijns

Jim,

Have you read Mod Manager ?

It explains a lot.

Rob

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×