I'm hoping that maybe someone here can help me. My friend's band forum is currently under attack from spammers. They have managed to completely bring the forum down. You have to be a member to post but that doesn't seem to be enough. Does anybody have any ideas on how i can eliminate this problem.
Some software is better than others. We used a free software program for a while, but it allowed spammer bots to register automatically and post spam. This software is more secure (U have to type in some letters that are shown in a picture to complete registration). But, it costs money. Added to the cost of server fees and domain names, it can get expensive. Also, many sites like the unique look over the default - a color scheme, buttons, etc that are unique. So, many times ya gotta buy the "skin" for the site, because most of the free ones suck. It ads up.
The Walther Forum finally upgraded the software because it was being attacked by sex spammers constantly. Still, it takes vigillent watching by the admins to keep an eye on new members to see if they start spamming. User IDs can also be banned, and if U work with the ISP server, U can ban certain IP addresses to keep them from cooming back.
If U are getting diluged so much that the site is going down, though, U may be suffering from a coordinated attack thats done on purpose. That's not a good deal....
They are using phpBB for the site. I think its just bots but im not sure he just called me last night and asked about it. The person that was running their site has gone a-wall so im kinda limited in the info i have. I can get into the admin area to investigate but i seem limited as to what control i have but that could just be the software.
All the post are casino and mp3 related so im sure its just spammers.
Ok well i managed to purge all the spam out of the forum. I also set it to make you validate your email before you could register. I found that most of the post were from guest accounts so i THINK i have it set to not allow them anymore. If I have done what i think i have done the only problem i have left (that i can fix with the software i have) is to get rid of the 215 fake users. So do you know if there is a way i can delete multiple users at the same time. I have found that i can ban them one by one but that would take days.
My friend even said we would send out emails to the people we know to be real and have them re-register if we could just delete everyone at one time.
Unfortunately they don't have the money to upgrade the software so i have to do what i can do with what i have
Thanks for your help. I have never done any forum management till about an hour ago so im kinda over my head lol.
I think U did about all U could. Yes, turn off the guest accounts. Most definetly!
I think U'll have to do them 1 by 1. JS may chime in, but don't know what else to say.
U may loose a few people if U accidentally throw off a real person. My suggestion would be to wait and see. U've done all U can. Kick the rest off as they show themselves to be spammers. Take them off 1 by one that way. By shutting off the ability of guest accounts to post, I think that will go along way towards solving this issue, in addition to the email verification.
U will still get spam, and the site should be checked a few times a day to keep an eye for it. But w/o paying for better software, its all U can do.
Any idea if the spams are coming from specific IP addresses or domains? You could at least blacklist them until you get the forum fortified.. assuming it won't block valid users.
Also, for deleting out all those users you could run a delete directly against the database tables, but if you don't know what you're doing this could be risky..
They do seem to be coming from the same ip addresses I blocked some of them but to be honest there are just too many of them.
As for your second point and also ship's I did find a plug-in for phpbb that says it will let me select multiple users. if it works i will be able to do it with a few clicks. the only hold up to it would be that I have admin credentials but since the webmaster disappeared i don't have a way to get to the ftp part of the site to install the plug-in.
U may loose a few people if U accidentally throw off a real person. My suggestion would be to wait and see. U've done all U can. Kick the rest off as they show themselves to be spammers.
Sounds like a good point to me. All the ones i took off today had very explicit links to websites and i doubt the plug in would show me any more info than the user name so id say your right. One by one it is unless the band wants me to do otherwise. They are talking about just shutting down the forum and i would hate to see them do that.