| Tenchiboard: Anime and More http://bbs.noneedfortenchi.com/ |
|
| Hacked again blah http://bbs.noneedfortenchi.com/viewtopic.php?f=6&t=5646 |
Page 1 of 2 |
| Author: | Neelick [ Mon Mar 18, 2013 2:53 pm ] |
| Post subject: | Hacked again blah |
I'm not sure if anybody noticed but the website got hacked. I keep backups of the website so I was able to overwrite their changes. I hate hackers so much. I don't understand why they do what they do. If you're going to go after people where actual money is there to be made more power to you, but disabling fan websites is such a waste of their abilities and time. Go play Xbox. |
|
| Author: | PieEyedDragon [ Mon Mar 18, 2013 11:00 pm ] |
| Post subject: | Re: Hacked again blah |
I noticed. I've been checking every so often. Thanks for fixing this. |
|
| Author: | Neelick [ Wed Mar 20, 2013 2:27 pm ] |
| Post subject: | Re: Hacked again blah |
It was major pain in the ass. I don't know why somebody would take the time to hack random websites. |
|
| Author: | mjhennessey [ Mon Apr 01, 2013 8:24 pm ] |
| Post subject: | Re: Hacked again blah |
I remember getting error messages the last time I was here, so that's why I got those it seems. >_< It's hard to imagine the motives of hackers and certainly there are other goals besides money. If the hacking was done at the host level, you might want to consider moving the site to a more secure host. This is the second time that I can recall. |
|
| Author: | Neelick [ Mon Apr 22, 2013 10:56 am ] |
| Post subject: | Re: Hacked again blah |
I think that they likely got in via a PHPBB exploit. I've updated to the newest version of PHPBB to try to close that exploit. I also hope it might help with the spammers. |
|
| Author: | mjhennessey [ Fri May 24, 2013 6:54 pm ] |
| Post subject: | Re: Hacked again blah |
I hope it helps with the spammers too, but if it doesn't you may have to go to admin approval for all new registrations. |
|
| Author: | Neelick [ Sun Jun 02, 2013 6:23 pm ] |
| Post subject: | Re: Hacked again blah |
I have absolutely no problems with admin registration. I thought on the past, the spammers were able to circumvent the requirement that only refistered useders were able to post. If possible I would like to retire the IP restrictions because I have had a number if emails from people who were inadvertantly caught by the IP ban. MJH do you think there is a better way? Back in the day I added a field to the registration to trip up spambots from being able to register. The downside was that each update replaced the anti spambot code. I'd be willing to figure out how to do it with the newest version. But the question would be is, are spambots who are not registered able to post without being registered |
|
| Author: | mjhennessey [ Mon Jul 08, 2013 7:58 pm ] |
| Post subject: | Re: Hacked again blah |
They would only be able to post in forum sections where unregistered users are allowed to post there. I'm not sure if there are any sections setup like that anymore. One thing that I used to do was to edit the robots.txt file to disallow crawlers from harvesting links to my site. Spammers use a software called a "search engine optimizer" to get the url's they need to find you here. The url's come from google and bing and the like, so no harvested links = nothing for SEO's to grab and exploit. The downside is that the forum would be largely unsearchable for real users too. I'm sorry about the long time away, the last couple times I've been here the forum page wouldn't load for me. It seems to be okay now. ^_^ |
|
| Author: | Jibril [ Wed Aug 07, 2013 9:50 am ] |
| Post subject: | Re: Hacked again blah |
Maybe you guys should just lock down posting to registered users and don't make registration pass through automatic but instead had admin/mod okay it first. The forum is pretty much unusuable as it. Alternatively, you could just archive this entire board and redirect people elsewhere? I know the people over at http://uselesstenchi.org/ would love the extra traffic. |
|
| Author: | Neelick [ Mon Aug 12, 2013 3:20 pm ] |
| Post subject: | Re: Hacked again blah |
Thanks Jibril. I've been doing this for so long, if I gave up, I'd feel like I was losing something which has been a part of my life for so long. So I don't think I'm ready to fold up shop yet.... |
|
| Author: | mjhennessey [ Mon Aug 12, 2013 6:41 pm ] |
| Post subject: | Re: Hacked again blah |
The recent restore worked very well, so keeping a clean backup on hand seems like a most efficient fix. There were a few more spam posts here this afternoon so they are still after the forum. It sort of reminds me of the Borg from Star Trek. Resistance is far from futile, but you can't say that to the spammers, they will never stop. |
|
| Author: | Neelick [ Tue Aug 13, 2013 9:32 am ] |
| Post subject: | Re: Hacked again blah |
Well I wanted to avoid using the restore, so what I did was used the "Prune Users" routine in the Admin Control Panel, then selected all users who registered since the IPs were opened up. Some forums needed to be resynchinized to remove the broken links to the deleted posts but all was well. There were some spam posts this morning too when I logged in. I viewed many of the users' IPs and banned some ranges which appeared to be the most frequent. My plan is to log in each day and clean up the spam and ban the spammers' IP addresses. Because the large IP ban did stop them. Unfortunately it also stopped legitamate users. The downside is that if a legitamate user registers during this process they may get caught up in the spambots. I also set the registration to have to be approved by me. We'll see how many spam message I get now... Hopefully I'll be able to use that to dwindle down the spam IP addresses until they're blocked completely. |
|
| Author: | Neelick [ Tue Aug 13, 2013 10:12 am ] |
| Post subject: | Re: Hacked again blah |
I just deleted users with 0 posts. I found that some of the spambots were occassionally using users who had registered before the IP ban was lifted. Not to mention, 0 post users... Not what you would call an active user. |
|
| Author: | PieEyedDragon [ Fri Aug 23, 2013 9:30 pm ] |
| Post subject: | Re: Hacked again blah |
Thanx for keeping this up. |
|
| Author: | Neelick [ Wed Aug 28, 2013 3:47 pm ] |
| Post subject: | Re: Hacked again blah |
Thanks PED. Yeah I changed the registration method to admin required. The result appears to have stopped the spambots. However it also causes me to get about 50 registration e-mails a day now. None appear to be valid. They must be using PHPBB's programs in combintation with their own form. The reason I think that's what it is is because I created a field in the registration screen that's a required field. Since I assume the spambots would not know about that field or how to deal with it, they must be circumventing the registration form with their own. That also explains why the image isn't working. |
|
| Page 1 of 2 | All times are UTC - 5 hours [ DST ] |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|