New "Pepotamo1985" hack???

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
Locked
Graham
Former Team Member
Posts: 8462
Joined: Tue Mar 19, 2002 7:11 pm
Location: UK
Contact:

Post by Graham »

The registration seems to be the same spammers as always, albeit they have a new method of doing it that causes them to appear to come from different locations. Equally the posting seems to be spammers abusing forums which allow guest posts.
"So Long, and Thanks for All the Fish"

phpBB Useful Links: Knowledge Base | Userguide | Forum Search | MOD Database | Styles Database
My Links: Blog!
cordob
Registered User
Posts: 15
Joined: Tue May 04, 2004 7:00 pm
Location: Spain (from the Netherlands)
Contact:

Post by cordob »

Hi guys,

I also have this "stuff" all over the place.
One thing I started doing is entering word censors, just in case it gets through again. You change things like "live sex" into a comma e.g.
Do a few of those and his posts are unreadable (nice to do before the deletions)

:?: I was just wondering if there is a mass delete option , to delete everything from such a user in one fell swoop. I have no problem with deleting guest as well for once. :?:

Changing my message boards to posting by members only. This sucks.. :cry:

Good luck, all.

Oh btw I also set the flood interval higher, so that there cannot be fast multiple posts.



Cheers
Cor
User avatar
Jackanape
Registered User
Posts: 1076
Joined: Wed Oct 13, 2004 6:01 am
Location: Capitol of the Great State of New York
Name: Jack Drury
Contact:

Post by Jackanape »

I know there is a mod that allows you to prune by user only...take a look through the admin tools section of mods...I haven't installed it, but I've read about it.
~Extending the rule of meticulous exactitude to exaspirating punctillio...still.~
Treat your phpBB like a member of the family--Update and MOD her by hand, with HTML-Kit
: : Wanna Talk Poker? : : Image : :
cordob
Registered User
Posts: 15
Joined: Tue May 04, 2004 7:00 pm
Location: Spain (from the Netherlands)
Contact:

Post by cordob »

Thanks jackanape, I did not find that but suddenly realized that I can use myphpadmin to search for those posts and then delete them, i.e. go straight to the database.

I really feel for those who need to keep their boards open for posting by guests (not necessary in my case, rather specialized, see
http://chipstocks.net/semi-subjects/php ... m.php?f=17


[edit]Hmm on second thoughts, could throw the posts out of the database but would probably break links to them ???


Cheers
Cor
vsego
Registered User
Posts: 27
Joined: Sat Mar 22, 2003 3:07 pm
Location: Zagreb, Croatia
Contact:

Post by vsego »

I wouldn't do that if I were you... :?

I have moved these to a separate hidden forum "Trash" and needed two SQL commands for that - one to update topics table and one to update posts table. :o

You see, phpBB has some redundancy in data to improve performance. :? If you do not pay attention to this, things might get bad. :(

As for guest access, three mods that appeared here seem to do the trick, so no reason to feel for us. ;) I keep guests because I want so, not because I need it. ;)
If you don't have the time to do something right, where are you going to find the time to fix it?
Stephen King
cordob
Registered User
Posts: 15
Joined: Tue May 04, 2004 7:00 pm
Location: Spain (from the Netherlands)
Contact:

Post by cordob »

Thanks vsego for the input.

Of course guests are great , but in my case I prefer "registered" posters. Guests can still read everything, can't they?
have moved these to a separate hidden forum "Trash" and needed two SQL commands for that - one to update topics table and one to update posts table.


Would you mind sharing those commands pse; I am a novice sql-er.
You see, phpBB has some redundancy in data to improve performance. If you do not pay attention to this, things might get bad.


thought about that after the original thought 8) having written some database stuff in my distant past, don't want to mess around with the indices :)

Cheers
Cor

[in edit] can I set thing such that I get an email for EVERY message posted? That would alert me....
vsego
Registered User
Posts: 27
Joined: Sat Mar 22, 2003 3:07 pm
Location: Zagreb, Croatia
Contact:

Post by vsego »

cordob wrote:
vsego wrote:have moved these to a separate hidden forum "Trash" and needed two SQL commands for that - one to update topics table and one to update posts table.

Would you mind sharing those commands pse; I am a novice sql-er.

Code: Select all

update phpbb_topics set forum_id=<trash forum id> where topic_title like '%lesbians%';
update phpbb_posts set forum_id=<trash forum id> where post_username='Pepotamo1985';
Without the second one, you won't be able to see poster's IP, access topic through direct post-link (...viewtopic?p=...#...) etc. :(

You can adjust the condition in the second command to use "like", like I did it in the first command for title. 8)

Be carefull with "like" - you do not want to move some "legal" topics, don't you? ;) It's easy for me, as my board is in Croatian, but if you have non-offending topic containing word "lesbians" in title, consider putting the full title in your command. 8)

After moving, it's easy to delete the topics with the usual phpBB ModCP (or Enhanced ModPanel - I happen to prefer this one 8)).
If you don't have the time to do something right, where are you going to find the time to fix it?
Stephen King
cordob
Registered User
Posts: 15
Joined: Tue May 04, 2004 7:00 pm
Location: Spain (from the Netherlands)
Contact:

Post by cordob »

Thanks vsego, going to try this later.

Whilst I was at dinner he revisited the bot was back and posted some more. Have now enabled the visual verification, hope that helps against another user. Don't understand how he got thru though, as I set it to need an email from me when starting. Apparently sidestepped that too.

I tested the latter by coming in via another browser and registering a new user. Strange.

Btw don't need anything "lesbian" on my forum, got a lesbian sister, she's OK :)

Thanks for the help,
Cheers
Cor
vsego
Registered User
Posts: 27
Joined: Sat Mar 22, 2003 3:07 pm
Location: Zagreb, Croatia
Contact:

Post by vsego »

cordob wrote: Whilst I was at dinner he revisited the bot was back and posted some more. Have now enabled the visual verification, hope that helps against another user. Don't understand how he got thru though, as I set it to need an email from me when starting. Apparently sidestepped that too.


It takes only few lines of Perl code and UN*X shell acount to avoid that. :mrgreen:

It's simple: bot registers new account and the other program awaits for the e-mail and visits the link it finds there. :)
cordob wrote: Btw don't need anything "lesbian" on my forum, got a lesbian sister, she's OK :)


So is one of my best friends... :D Sometimes, I see her as a "competition"... ;)

Good luck! :)
If you don't have the time to do something right, where are you going to find the time to fix it?
Stephen King
Darth Wong
Registered User
Posts: 2398
Joined: Wed Jul 03, 2002 5:20 am
Location: Toronto, Canada
Contact:

Post by Darth Wong »

The problem with the "don't allow guest posting" remedy is that many forums (including mine) have a "test" forum in which people who are having trouble registering can post questions and get help registering. That's why I think that "visual confirmation for guest posting" idea is really good, although I'm not sure how to go about making that happen.
Not a three-foot tall green gnome in real-life: My home page.
My wretched hive of scum and villainy: http://bbs.stardestroyer.net/
Clive
Registered User
Posts: 45
Joined: Sat Jan 17, 2004 3:59 pm
Contact:

Post by Clive »

Darth Wong wrote: The problem with the "don't allow guest posting" remedy is that many forums (including mine) have a "test" forum in which people who are having trouble registering can post questions and get help registering. That's why I think that "visual confirmation for guest posting" idea is really good, although I'm not sure how to go about making that happen.


What have you done so far to make it happen?

My changes didnt work on my server at home but on my main domain it is all set up, I am still trying to get a handle on setting up gd and true type or even trying to figure out if I have it... I have php 4.3.3 at home and gd files are present but dont know what to do with them YET...
A bad day fishing beats a good day working...
Clive Webmaster for
The Writers Voice
http://www.writers-voice.com
vsego
Registered User
Posts: 27
Joined: Sat Mar 22, 2003 3:07 pm
Location: Zagreb, Croatia
Contact:

Post by vsego »

Clive wrote: My changes didnt work on my server at home but on my main domain it is all set up, I am still trying to get a handle on setting up gd and true type or even trying to figure out if I have it... I have php 4.3.3 at home and gd files are present but dont know what to do with them YET...


On RedHat if you have apt installed and on Debian (which comes with apt):

Code: Select all

apt-get install php-gd
On RedHat if you don't have apt: go to http://rpmfind.net/ and search for appropriate RPM package (php-gd, but check for the same version as php RPM you have installed and for your processor).

Mandrake should be same as RedHat. 8)

For FreeType, do exactly the same, just replace "php-gd" with "freetype". :)

Btw, if you have RH/Fedora and broadband, I strongly suggest installing apt (can also be found on RPMfind). 8)
If you don't have the time to do something right, where are you going to find the time to fix it?
Stephen King
danielroe.ch
Registered User
Posts: 1
Joined: Sun Feb 20, 2005 6:35 pm
Contact:

Post by danielroe.ch »

Alternative solution: disallow guest postings containing links. This is what we do. If this has been thought of before, excuse the noise, but a quick search did not turn up anything.

http://dragon.roe.ch/bitsnpieces/patche ... links.diff
Doobdee
Registered User
Posts: 209
Joined: Wed Nov 10, 2004 6:43 pm
Location: DooBDee.net
Contact:

Post by Doobdee »

Graham wrote: a) TO prevent automated registrations enable the visual confirmation which is present in version 2.0.11

b) Make sure that all of your forums are set to not allow guest posting

c) If you have done both of the above, please provide us with some more information (eg the Suppport Request Template forum at the top of the support forum) to allow us to assist further


Is visual confirmation that picture with numbers in, that you then have to type out manually?

Is so, i never realised that visual confirmation was in 2.0.11 ?!

Am i wrong here or? What sectino in the admin panel is this ?!
Graham
Former Team Member
Posts: 8462
Joined: Tue Mar 19, 2002 7:11 pm
Location: UK
Contact:

Post by Graham »

Yes, that is what it is - it should be on the General Config page of the admin panel (assuming your style is compatible - if not the changes you need can be found in the Styles Dev forum or the contrib/readme.html file in the full download)
"So Long, and Thanks for All the Fish"

phpBB Useful Links: Knowledge Base | Userguide | Forum Search | MOD Database | Styles Database
My Links: Blog!
Locked

Return to “2.0.x Discussion”