Board spam attacks (not hacked)

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
martini25
Registered User
Posts: 8
Joined: Wed Aug 08, 2018 3:02 pm

Board spam attacks (not hacked)

Post by martini25 » Thu Dec 06, 2018 6:54 pm

Hi guys,

what can one do in order to make sure the forum doesn't get hacked?

it happened to one i administer: in a section, there were about 5000 posts all of a sudden. Of course, spam!
I had no choice but to delete the whole branch and create it back. this was the first time.

Now it happened again. About 20.000 posts, out of nowhere. Any ideas pls?
Last edited by Mick on Fri Dec 07, 2018 8:09 am, edited 1 time in total.

User avatar
warmweer
Registered User
Posts: 2011
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Belt ... well actually Belgium

Re: Board spam attacks (not hacked)

Post by warmweer » Thu Dec 06, 2018 6:57 pm

martini25 wrote:
Thu Dec 06, 2018 6:54 pm
Hi guys,

what can one do in order to make sure the forum doesn't get hacked?

it happened to one i administer: in a section, there were about 5000 posts all of a sudden. Of course, spam!
I had no choice but to delete the whole branch and create it back. this was the first time.

Now it happened again. About 20.000 posts, out of nowhere. Any ideas pls?
Spam and being hacked are not synonyms.
Using a good Q&A for registration is usually sufficient, and not allowing guest posting is advisable.
Last edited by HiFiKabin on Fri Dec 07, 2018 9:03 am, edited 1 time in total.
Reason: retitled
A bug is a feature that hasn't made it to the manual (yet)

User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 3963
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: Board spam attacks (not hacked)

Post by HiFiKabin » Thu Dec 06, 2018 7:00 pm

I doubt you have been hacked. They will be SPAM accounts created in the same way a real member would.

Please see the following links

Have a look at See How to clean up a board hit by spam for some suggestions.


How to configure Q&A
  1. Administration Control Panel (ACP) > Spambot countermeasures> Installed plugins > click the dropdown box and select Q&A (it will be greyed out)
  2. Click the configure button then click add
  3. Add your question and answer (you need a Q&A for each language you have installed) click submit
  4. Click "back to previous page" then click "back"
  5. Select Q&A from the dropdown box (again)
  6. Click submit at the bottom of the page.
  7. Done.
Please visit Preventing Spam in phpBB3 for various options for fighting spam in phpBB

If your board really has been hacked, please do the following before making any modifications to your board (this includes changing passwords, editing files, running the Support Toolkit, etc.):
  1. Save an archive file comprising copies of all the files (this can be done by creating a zip or tarball of the files).
  2. Save a copy of the database.
  3. Save the server access logs for the time of the hack (they may be available in the ???logs??? directory on the server, in your host???s control panel or only by request directly from your host).
  4. File a report in the incident tracker. Attach the items from steps 1-3 when you file the report or upload them to a secure location for the incident investigation team to download. Please do not start a new topic on the board, the proper place for incidents reports is the tracker.

User avatar
John connor
Registered User
Posts: 1992
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: Board spam attacks (not hacked)

Post by John connor » Fri Dec 07, 2018 6:20 am

I've written about how to help from getting hacked on my forum. The link is in my signature. Also in my signature is an extension and a script that can help greatly with spam.
Last edited by HiFiKabin on Fri Dec 07, 2018 9:03 am, edited 1 time in total.
Reason: retitled

martini25
Registered User
Posts: 8
Joined: Wed Aug 08, 2018 3:02 pm

Re: Board spam attacks (not hacked)

Post by martini25 » Fri Dec 07, 2018 8:24 pm

waw, thanks for the details.
i have to set up some good questions, maybe some math problems.

HiFiKabin, that's a nice kabin! :)

User avatar
KevC
Support Team Member
Support Team Member
Posts: 68960
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Board spam attacks (not hacked)

Post by KevC » Fri Dec 07, 2018 8:34 pm

Not maths.

You need something that requires logic and understanding to solve. Bots can do maths or any general knowledge very easily.

Ask something unique about your board such as something that's in the logo on that only someone who knows the subject would know but could not just google the answer to.
And only use 1 question. If you use lots, and they get in again, you won't know which one they've cracked so you'll have to change all of them.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

martini25
Registered User
Posts: 8
Joined: Wed Aug 08, 2018 3:02 pm

Re: Board spam attacks (not hacked)

Post by martini25 » Fri Dec 21, 2018 9:42 am

KevC, thanks, makes sense.

And before I do this, how can I check if the board was hacked or if there were only spambots? Thanks!

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21009
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket - probably.

Re: Board spam attacks (not hacked)

Post by Mick » Fri Dec 21, 2018 10:03 am

Has someone set light to your server or have you just received a bunch of junk topics and posts?

Hackers, generally, have no interest in posting, certainly not 20,000 posts, they like to cause mayhem on the server itself.
"The more connected we get the more alone we become" - Kyle Broflovski

martini25
Registered User
Posts: 8
Joined: Wed Aug 08, 2018 3:02 pm

Re: Board spam attacks (not hacked)

Post by martini25 » Fri Dec 21, 2018 11:20 am

Many topics which shouldn't be there.
One section has a few hundred topics and thounsands of replies.
Another one has about 1000 topics and 60.000 replies :)

How do i disapprove something like that? Not to mention deleting.... i can't delete 60.000 manually.

This happened because there was no sec. question, but I have one now, which i intend to enforce.
But before, I would like to know if it's hacked or just bots. Thanks

User avatar
david63
Registered User
Posts: 15953
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: Board spam attacks (not hacked)

Post by david63 » Fri Dec 21, 2018 11:35 am

martini25 wrote:
Fri Dec 21, 2018 11:20 am
How do i disapprove something like that? Not to mention deleting.... i can't delete 60.000 manually.
Restore your back from before this attack.
martini25 wrote:
Fri Dec 21, 2018 11:20 am
But before, I would like to know if it's hacked or just bots. Thanks
If your host's server had been hacked then you would certainly know about it as your board would have some strange behaviour - also there would probably be some files on your domain that look "out of place". It is very rare for a phpBB board to be hacked.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 3963
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: Board spam attacks (not hacked)

Post by HiFiKabin » Fri Dec 21, 2018 12:05 pm

See How to clean up a board hit by spam for some suggestions.

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21009
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket - probably.

Re: Board spam attacks (not hacked)

Post by Mick » Fri Dec 21, 2018 12:15 pm

It's bots as has been said.
"The more connected we get the more alone we become" - Kyle Broflovski

martini25
Registered User
Posts: 8
Joined: Wed Aug 08, 2018 3:02 pm

Re: Board spam attacks (not hacked)

Post by martini25 » Fri Dec 21, 2018 12:20 pm

Got it right, it's clean now.

Another question i find nice would be "Who do you see in the mirror"? But the answer can be mixed: 'myself', 'me', 'i', and so on. You put all these as correct answers, or you set a single answer? Thanks

And another one: how can you allow new users only by confirming their emails? I have seen some code editing in the link from HiFiKabin, and thanks for that. But is this the only way to do it?
Last edited by martini25 on Fri Dec 21, 2018 12:49 pm, edited 2 times in total.

User avatar
cs.dk
Registered User
Posts: 14
Joined: Fri Mar 03, 2017 1:45 pm
Location: Denmark
Contact:

Re: Board spam attacks (not hacked)

Post by cs.dk » Fri Dec 21, 2018 12:21 pm

I have with great succes used CleanTalk. It's not utterly expensive; https://cleantalk.org/
When installed, it have an option to scan the complete database for spam and handle it.

I'm no affiliate, i'm just trying to keep my own board as clean as possible, with less effort.

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 50356
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Board spam attacks (not hacked)

Post by stevemaury » Fri Dec 21, 2018 5:58 pm

martini25 wrote:
Fri Dec 21, 2018 12:20 pm
Got it right, it's clean now.

Another question i find nice would be "Who do you see in the mirror"? But the answer can be mixed: 'myself', 'me', 'i', and so on. You put all these as correct answers, or you set a single answer? Thanks

And another one: how can you allow new users only by confirming their emails? I have seen some code editing in the link from HiFiKabin, and thanks for that. But is this the only way to do it?
You put in all the possible answers.

I don't think that is a good question. The first answer in Google is "a face that you recognize as your own".

A good question is something about your board. For example, for phpbb.com/community, it might be:

Q: There are two words beginning with the letter "C" in this board's header. What is the first one?

A: Creating or creating
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)

Post Reply

Return to “[3.2.x] Support Forum”