Jump to content

Security Probls

Recommended Posts


I have a serious problem. A person appeared in my forum (hosted at TCH) and floods it literally every 2 minutes.

Tried to set IP ban - nothing. One user blocked, but his clone appeared.

Changed the passwords and emails to this user - clon #3 appeared.

Finally, the clone wrote it does have dynamic IP and thus overruns my IP bans.

Event ban of clon's name did not work.

Finally ,I suspect this attacker hacked into my forum and now has admin's rights.


Please tell me what can I do. It is urgent as I cannot sit all night long deleting this flooder's posts or tracking dynamic IP.


I can't write a comply against a flooder because his work supports him. Besides, he is a webmaster there so even if he did anything wrong, he won't be dismissed.

Unfortunately, cannot tell my web page adress directly in the forum as it would be tracked by Google and the flooder will know what to do.


Please help!!!

Link to comment
Share on other sites

Here are a couple things you can look into. First, do a trace/lookup from cpanel on one of the IP numbers. It will at least give you more info on where this person is coming from. You can also do a whois at http://www.arin.net/whois/index.html. You might possibly block a group of IP numbers to put a stop to the problem at least temporarily.


Next, see if you can find the attacker in the latest visitors list in cpanel. People like this sometimes use exotic setups that are easily recognizable in the user agent info and you can use that to block them. I think you could do that through the .htaccess file, but only if it isn't a common agent.



Link to comment
Share on other sites

Thanks for support.

I have banned all attacker's server so he won't be able to do any harm while at work.

Looked into awstatus - there are 2 users with adsl-****.hostname.com, but I am not sure if IPdeny will allow to ban everything begining witg adsl. I realise they accept endings - for instabce, *.hostname.com.

Just tried to ban adsl.*** - nothing. What should I do?

Found no .haccess files in my Cpanel. Where is it supposed to be? How do I change it?

TCH support advices me to upgrade PhP. Well, this I can do - but what if attack continue???

Link to comment
Share on other sites

Hi once again.

My programer told me there is no possibility to upgrade PhP to the newest version.

Is that true? If no - how does it go (upgrade)??


I took the liberty to respond to your helpdesk ticket. My main recommendation was to look into moderation options of signups so you can manually approve new users until he gets bored of trying.


Other phpBB users may be able to chime in here about best ways to do that. From what I can tell, he's probably just signing up repeatedly from different IP's and email addresses.

Link to comment
Share on other sites

Found no .haccess files in my Cpanel. Where is it supposed to be? How do I change it?


.htaccess is a text file that you can place in any folder of your site that outlines specifics about access to files in that folder and sub folders. Several of the cpanel options, such as IP banning and redirects, actually write instructions to the .htaccess file in your public_html folder.


The dot at the beginning of the filename ".htaccess" specifies this as an invisible file, so you may not see it in some FTP clients. You can access it through the cpanel file manager. It is handy to learn how to edit this file yourself but don't forget to back it up before you start playing.


You can control access to your forums, it just takes a little time, study and experience, which you are getting now. Just keep at it and you will block this guy and make it twice as hard for the next guy that tries it.



Link to comment
Share on other sites

wow...thanks a lot.



First of all - thanks to support team! I managed to turn on the option they have mentioned (administrator should approve every new user) and now I have no attacks. I will wait untill Monday and if there are no attacks, I could say this solution worked. The flooder simply realised he is not wellcome.


I think my problems are almost over :wallbash:


once more - thanxz to everyone in this best forum in the known Universe!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...