03-24-2018, 08:58 AM
(This post was last modified: 03-24-2018, 09:17 AM by tommiehansen.)
ReCaptcha for the forums uses an old version and thus doesn't work = bots are coming again:
Here's a thread about this problem and how to upgrade to using v2 (which is better):
https://community.mybb.com/thread-216508...=recaptcha
btw..
This is how bots find and classify forums:
1. Create list of relevant keywords (in this case crypto, cryptocurrencies etc)
2. Use an external service such as Google Adtools Suggest to find similar (and most profitable long-tail keywords)
3. Use a tool such as Scrapebox with footprints that target specific systems such as MyBB etc and then generate search queries:
keyword 1 + "MyBB Group",
keyword 1 + "Powered by MyBB"
keyword 2 + ...
keyword 2 + ...
4. Scrape search tools such as Google, Yahoo, Bing etc for all these keywords to get lists of url's
5. Use another tool to spam the forums that you got from #4
-
Simple stuff that can be done
1. Remove the obvious footprints like anything 'MyBB' that very simply tells someone what system is running (and thus what vulnerabilities exist)
2. Remove or change the standard signup agreement since this also is a footprint (since it is not unique on a per-MyBB install)
3. Remove the "Theme by" since this is also a footprint that could be used
4. If you find any other obvious footprints remove that as well
Just changing the "MyBB" stuff should be simple enough since it should reside within some footer somewhere or maybe even can be disabled within the admin parts of the forums.
Here's a thread about this problem and how to upgrade to using v2 (which is better):
https://community.mybb.com/thread-216508...=recaptcha
btw..
This is how bots find and classify forums:
1. Create list of relevant keywords (in this case crypto, cryptocurrencies etc)
2. Use an external service such as Google Adtools Suggest to find similar (and most profitable long-tail keywords)
3. Use a tool such as Scrapebox with footprints that target specific systems such as MyBB etc and then generate search queries:
keyword 1 + "MyBB Group",
keyword 1 + "Powered by MyBB"
keyword 2 + ...
keyword 2 + ...
4. Scrape search tools such as Google, Yahoo, Bing etc for all these keywords to get lists of url's
5. Use another tool to spam the forums that you got from #4
-
Simple stuff that can be done
1. Remove the obvious footprints like anything 'MyBB' that very simply tells someone what system is running (and thus what vulnerabilities exist)
2. Remove or change the standard signup agreement since this also is a footprint (since it is not unique on a per-MyBB install)
3. Remove the "Theme by" since this is also a footprint that could be used
4. If you find any other obvious footprints remove that as well
Just changing the "MyBB" stuff should be simple enough since it should reside within some footer somewhere or maybe even can be disabled within the admin parts of the forums.