that would explain why they go to a single forum. But the permission wasn’t set originally like that. Is there any way to reapply permissions or reset them?
It looks like they switched the ignore saturation limit and can post without approval in the forums they spammed. And also in the action tab.
You do not have the required permissions to view the files attached to this post.
2 messages. Could it be that they modified the permissions directly on the database and not on the board? Because there’s nothing in the logs except for the modifications I made myself but half the forums had their permissions changed.
I don’t think any external forces have changed the settings, there would be entries in the admin log if “they” had. If it’s forum settings that have been changed you can copy permissions from a forum you know to work as you expect. You can also use the permission masks to find out where certain permissions are coming from, see the permission masks section of Knowledge Base - phpBB3 Permissions but I’d say the “can post without approval” permission needs addressing.
Mick wrote: Sun Feb 11, 2024 2:21 pm
If it’s forum settings that have been changed you can copy permissions from a forum you know to work as you expect. You can also use the permission masks to find out where certain permissions are coming from, see the permission masks section of Knowledge Base - phpBB3 Permissions but I’d say the “can post without approval” permission needs addressing.
I’ve already updated manually the permissions for that line to never. But i would like to know whether they went directly to the database or how this happened. Any idea?
I doubt very much if the database has been infiltrated, maybe check with your host to see if there’s been any compromise around the time or date this started happening. As I said, the admin log would show any changes via the ACP. Has anyone on your board got admin permissions apart from you?
lochness wrote: Sun Feb 11, 2024 8:12 am
Most emails used came from fahih.com smallmtn.lol tospage.com seosnaps.com and gmail.
You can't do this with gmail since legitmate users will be using it but when you have odd domains you can go to the Users/Groups tab >> click the prune users link on left. Under email you can use a wildcard, e.g. *fahih.com and it will bring up all users who registered with that email for review before deleting them.
You can also wildcard ban the domain under ban emails.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”
The manual activation for new accounts has worked wonders. 19 accounts stopped tonight. Hopefully I’m not banning anyone legit. Not the best case scenario, but at this point much better than having moderators going crazy with spammy messages.
Thank you again all for your help.
I will try to come with another Q&A that is not too difficult for new people, but not so that it made them not register.
To be honest, I’d just delete them, they rarely come back. If you ban them you’ll end up with a banlist the size of a house. If you find the same ones do come back then take further steps.