sardaukar Posted May 2, 2005 Share Posted May 2, 2005 Hello, I have a serious problem. A person appeared in my forum (hosted at TCH) and floods it literally every 2 minutes. Tried to set IP ban - nothing. One user blocked, but his clone appeared. Changed the passwords and emails to this user - clon #3 appeared. Finally, the clone wrote it does have dynamic IP and thus overruns my IP bans. Event ban of clon's name did not work. Finally ,I suspect this attacker hacked into my forum and now has admin's rights. Please tell me what can I do. It is urgent as I cannot sit all night long deleting this flooder's posts or tracking dynamic IP. I can't write a comply against a flooder because his work supports him. Besides, he is a webmaster there so even if he did anything wrong, he won't be dismissed. Unfortunately, cannot tell my web page adress directly in the forum as it would be tracked by Google and the flooder will know what to do. Please help!!! Quote Link to comment Share on other sites More sharing options...
stevevan Posted May 2, 2005 Share Posted May 2, 2005 Contact the help desk (link above) is your best course of action. Quote Link to comment Share on other sites More sharing options...
sardaukar Posted May 2, 2005 Author Share Posted May 2, 2005 Contact the help desk (link above) is your best course of action. <{POST_SNAPBACK}> Already done. However - is there anything in CPanel I can use? Or any software? Whatsoever? Quote Link to comment Share on other sites More sharing options...
stevevan Posted May 2, 2005 Share Posted May 2, 2005 I'd say let the help desk investigate. If there's something that you can do from your end, they'll let you know. Quote Link to comment Share on other sites More sharing options...
Striver Posted May 3, 2005 Share Posted May 3, 2005 Here are a couple things you can look into. First, do a trace/lookup from cpanel on one of the IP numbers. It will at least give you more info on where this person is coming from. You can also do a whois at http://www.arin.net/whois/index.html. You might possibly block a group of IP numbers to put a stop to the problem at least temporarily. Next, see if you can find the attacker in the latest visitors list in cpanel. People like this sometimes use exotic setups that are easily recognizable in the user agent info and you can use that to block them. I think you could do that through the .htaccess file, but only if it isn't a common agent. Lee Quote Link to comment Share on other sites More sharing options...
sardaukar Posted May 3, 2005 Author Share Posted May 3, 2005 Thanks for support. I have banned all attacker's server so he won't be able to do any harm while at work. Looked into awstatus - there are 2 users with adsl-****.hostname.com, but I am not sure if IPdeny will allow to ban everything begining witg adsl. I realise they accept endings - for instabce, *.hostname.com. Just tried to ban adsl.*** - nothing. What should I do? Found no .haccess files in my Cpanel. Where is it supposed to be? How do I change it? TCH support advices me to upgrade PhP. Well, this I can do - but what if attack continue??? Quote Link to comment Share on other sites More sharing options...
sardaukar Posted May 3, 2005 Author Share Posted May 3, 2005 Hi once again. My programer told me there is no possibility to upgrade PhP to the newest version. Is that true? If no - how does it go (upgrade)?? Quote Link to comment Share on other sites More sharing options...
MikeJ Posted May 3, 2005 Share Posted May 3, 2005 Hi once again.My programer told me there is no possibility to upgrade PhP to the newest version. Is that true? If no - how does it go (upgrade)?? <{POST_SNAPBACK}> I took the liberty to respond to your helpdesk ticket. My main recommendation was to look into moderation options of signups so you can manually approve new users until he gets bored of trying. Other phpBB users may be able to chime in here about best ways to do that. From what I can tell, he's probably just signing up repeatedly from different IP's and email addresses. Quote Link to comment Share on other sites More sharing options...
Striver Posted May 3, 2005 Share Posted May 3, 2005 Found no .haccess files in my Cpanel. Where is it supposed to be? How do I change it? <{POST_SNAPBACK}> .htaccess is a text file that you can place in any folder of your site that outlines specifics about access to files in that folder and sub folders. Several of the cpanel options, such as IP banning and redirects, actually write instructions to the .htaccess file in your public_html folder. The dot at the beginning of the filename ".htaccess" specifies this as an invisible file, so you may not see it in some FTP clients. You can access it through the cpanel file manager. It is handy to learn how to edit this file yourself but don't forget to back it up before you start playing. You can control access to your forums, it just takes a little time, study and experience, which you are getting now. Just keep at it and you will block this guy and make it twice as hard for the next guy that tries it. Lee Quote Link to comment Share on other sites More sharing options...
sardaukar Posted May 4, 2005 Author Share Posted May 4, 2005 wow...thanks a lot. First of all - thanks to support team! I managed to turn on the option they have mentioned (administrator should approve every new user) and now I have no attacks. I will wait untill Monday and if there are no attacks, I could say this solution worked. The flooder simply realised he is not wellcome. I think my problems are almost over once more - thanxz to everyone in this best forum in the known Universe! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.