Author Topic: Latest Forum News  (Read 3883 times)

Offline Ploppy

  • Administrator
  • Hero Member
  • *****
  • Posts: 725
    • View Profile
    • Hounslow Weather
    • Email
Latest Forum News
« on: October 01, 2008, 09:50:27 PM »
Well as most of you know the front page was hacked whilst I was in Plakias  

It was the index.html file that was affected. There was me desperately trying to find my backup which is on an external hard-drive I have misplaced  

Then I thought of just editing the file to create a redirect to the index.php file which is ok.
Then I realised that there isn't a index.html file by default anyway  , so it is deleted and all should now be okay for all those who come in by the www.forums.plakias.co.uk URL.

Thats the good news.

The bad news is that we maybe seeing some spam, i've just deleted some.

It is a new exploit that Invision has fixed today. I have applied the patch but I don't seem to be seeing much improvement.

I'll try and keep on top of deleting the spam and the new spam creating members (it is all automatic from the spammer side)

Cheers,

Paul

P.S If you are interested here is the info from Invision:



    We have released an update to IP.Board 2.3.x to  improve the Captcha spam prevention system. IPS has received reports of boards  receiving registrations by "spam bots" which register and post a high  number of spam posts in the forums. These bots are automated scripts which,  depending on your registration setup, can bypass the current Captcha system  included in IP.Board 2.3.x series.
 
  While annoying and troublesome, this does not present a security threat to the  safety of your board's database, member information, or passwords.
 
  Important: You must have the Advanced Captcha enabled in your Admin CP  under Tools and Settings -> Security and Privacy for the system to work.
 
 
  What is Captcha?
 
  The Captcha system is the method by which the software attempts to ensure that  the request to register an account is being submitted by a human and not a  software program. Many web sites and software programs present the user with  random characters on a unique background which can be read, and typed, by a  human but not a software program or script.
 

Offline Chas

  • Regulars
  • Sr. Member
  • ****
  • Posts: 268
    • View Profile
    • http://
    • Email
Latest Forum News
« Reply #1 on: October 02, 2008, 12:10:32 AM »
Hi, Ploppy,

FWIW - I'm admin on another forum and we suffered spambot invasion back in August.

The simple fix is to de-automate the registration ... vet/approve all registrations done by admin.  If you have any doubts about a newbie, check the email and/or at http://www.stopforumspam.com/.

Glad to see you back (albeit not in Plak  )
Chas



Stupidity is its own reward.

Offline Ploppy

  • Administrator
  • Hero Member
  • *****
  • Posts: 725
    • View Profile
    • Hounslow Weather
    • Email
Latest Forum News
« Reply #2 on: October 02, 2008, 07:22:59 PM »
Yes I have reverted the registration process to require Admin Validation.

Have had a couple of dozen registrations today but thankfully only one spam posting.

Maybe Invision will get on top of it and it can go back at some stage.