Eh, if you cannot access the community anymore, it was me

Started by Mario, July 09, 2025, 02:05:24 PM

Previous topic - Next topic

Mario

Last week an update for SMF (the community software we use here) was released.

And immediately my administrator error log was filled with hundreds of entries per hour.
One reason for this was fixed by the SMF developers a day later.

Still, I saw hundreds if not thousands of errors in the log each day. After some digging, code inspection and discussing the issue with the SMF developers on Github, we finally tracked it down to about 20 corrupted attachments from 2018 (!) which caused an error log entry whenever the posts from 2018 (!) were accessed.

I could figure out the names of the attachments from the log entries and deleted the damaged attachments. This stopped this error flooding the log files. Good.

Still, I see hundreds of error in the log files every day. They are caused by strikter security checks introduced in SMF 2.15 and, apparently, some bots trigger it, flooding the logs.

I have drilled down the IP addresses and they are all assigned to Tencent in China. So, Tencent bots (or their AI scrapers) are constantly reading all posts on this site (including the post from 2018 which triggered the damaged attachment error), using a fake/incorrect name and access pattern, triggering the security checks in SMF. Which prevents the deep access and logs an error.

Unfortunately, these hundreds of errors are hiding the actual errors I e.g. use to detect SPAM bot registrations with fake gmail.com addresses. I need this to weed them out as soon as possible. I don't want AI SPAM or political / pr*n content posted in this community.

Today I decided to ban the IP ranges Tencent bots use from accessing this community server. The only chance I see to handle this.

Now the error logs are clean again and I can see the real errors again.
I doubt we have many real users from China in this community, so this should not be a problem.
If you cannot longer access this community, let me know. But then, how could you read this post...  ;)

sinus

Puh, what a mess.

Thanks, Mario, for put this all down and for your effort.  :)
Best wishes from Switzerland! :-)
Markus

Jingo

yup... yet another hat that Mario must wear to support the software... another job that can go unnoticed but quite important to a thriving business!