Board being targeted by spammer school

Get help with installation and running phpBB 3.3.x here. Please do not post bug reports, feature requests, or extension related questions here.
lochness
Registered User
Posts: 115
Joined: Tue Aug 07, 2007 12:04 pm

Re: Board being targeted by spammer school

Post by lochness »

that would explain why they go to a single forum. But the permission wasn’t set originally like that. Is there any way to reapply permissions or reset them?

It looks like they switched the ignore saturation limit and can post without approval in the forums they spammed. And also in the action tab.
You do not have the required permissions to view the files attached to this post.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26887
Joined: Fri Aug 29, 2008 9:49 am

Re: Board being targeted by spammer school

Post by Mick »

What do you have set for “New member post limit” in User registration settings?
  • "The more connected we get the more alone we become” - Kyle Broflovski© 🇬🇧
lochness
Registered User
Posts: 115
Joined: Tue Aug 07, 2007 12:04 pm

Re: Board being targeted by spammer school

Post by lochness »

2 messages. Could it be that they modified the permissions directly on the database and not on the board? Because there’s nothing in the logs except for the modifications I made myself but half the forums had their permissions changed.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26887
Joined: Fri Aug 29, 2008 9:49 am

Re: Board being targeted by spammer school

Post by Mick »

I don’t think any external forces have changed the settings, there would be entries in the admin log if “they” had. If it’s forum settings that have been changed you can copy permissions from a forum you know to work as you expect. You can also use the permission masks to find out where certain permissions are coming from, see the permission masks section of Knowledge Base - phpBB3 Permissions but I’d say the “can post without approval” permission needs addressing.
  • "The more connected we get the more alone we become” - Kyle Broflovski© 🇬🇧
lochness
Registered User
Posts: 115
Joined: Tue Aug 07, 2007 12:04 pm

Re: Board being targeted by spammer school

Post by lochness »

Mick wrote: Sun Feb 11, 2024 2:21 pm If it’s forum settings that have been changed you can copy permissions from a forum you know to work as you expect. You can also use the permission masks to find out where certain permissions are coming from, see the permission masks section of Knowledge Base - phpBB3 Permissions but I’d say the “can post without approval” permission needs addressing.
I’ve already updated manually the permissions for that line to never. But i would like to know whether they went directly to the database or how this happened. Any idea?
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26887
Joined: Fri Aug 29, 2008 9:49 am

Re: Board being targeted by spammer school

Post by Mick »

I doubt very much if the database has been infiltrated, maybe check with your host to see if there’s been any compromise around the time or date this started happening. As I said, the admin log would show any changes via the ACP. Has anyone on your board got admin permissions apart from you?
  • "The more connected we get the more alone we become” - Kyle Broflovski© 🇬🇧
lochness
Registered User
Posts: 115
Joined: Tue Aug 07, 2007 12:04 pm

Re: Board being targeted by spammer school

Post by lochness »

There are just two global moderators and me.

I went back to the admin log and there was some strange movements on August 15 & 16, 2020, for both new and registered users.

Thanks for your help.
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 6593
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.

Re: Board being targeted by spammer school

Post by thecoalman »

lochness wrote: Sun Feb 11, 2024 8:12 am
Most emails used came from fahih.com smallmtn.lol tospage.com seosnaps.com and gmail.
You can't do this with gmail since legitmate users will be using it but when you have odd domains you can go to the Users/Groups tab >> click the prune users link on left. Under email you can use a wildcard, e.g. *fahih.com and it will bring up all users who registered with that email for review before deleting them.

You can also wildcard ban the domain under ban emails.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
lochness
Registered User
Posts: 115
Joined: Tue Aug 07, 2007 12:04 pm

Re: Board being targeted by spammer school

Post by lochness »

The manual activation for new accounts has worked wonders. 19 accounts stopped tonight. Hopefully I’m not banning anyone legit. Not the best case scenario, but at this point much better than having moderators going crazy with spammy messages.

Thank you again all for your help.

I will try to come with another Q&A that is not too difficult for new people, but not so that it made them not register.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26887
Joined: Fri Aug 29, 2008 9:49 am

Re: Board being targeted by spammer school

Post by Mick »

To be honest, I’d just delete them, they rarely come back. If you ban them you’ll end up with a banlist the size of a house. If you find the same ones do come back then take further steps.
  • "The more connected we get the more alone we become” - Kyle Broflovski© 🇬🇧

Return to “[3.3.x] Support Forum”