Page 1 of 1

1st March 2016 :: SPAM attack on site

Posted: 02 Mar 2016, 10:41
by Jools
Hi All,

Users of the forum will have noticed a lot of SPAM being posted to the site since 1st March. It is unclear why this is happening, however there are some security patches I plan to apply tonight.

In terms of clean-up, @Silurus has been doing a great job of nuking a lot of the SPAM, but it's a task without end until I plug the gap that's letting them in. Once we've stabilised that, we will, of course, react and remove all of the spam and then purge all users with no posts who may be lurking spammers.


Jools

Re: 1st March 2016 :: SPAM attack on site

Posted: 02 Mar 2016, 10:52
by pleconut
I've had well over 100 notifications emailed to me, as I had posted in these topics. I know you're most likely to be really busy, but is its worth me deleting my board cookies.

Re: 1st March 2016 :: SPAM attack on site

Posted: 02 Mar 2016, 10:54
by shrimpkeeper222
Oh man this spam though. Its extreme!

Re: 1st March 2016 :: SPAM attack on site

Posted: 02 Mar 2016, 17:11
by michele
Jools, Russian hacker has posted to site......site IS compromised!

Re: 1st March 2016 :: SPAM attack on site

Posted: 02 Mar 2016, 21:21
by Jools
It's not really compromised nor is it hacked. It's just attacked - compromised means personal data is or may lost - that's not the case here. Hacked means someone has passwords or can access the site at a level above that or the normal user - that's not the case here.

What HAS happened is a spambot has figured out how to get around our security question and is merrily registering accounts. There is a lot to unpick here - it will take some time...

Jools

Re: 1st March 2016 :: SPAM attack on site

Posted: 02 Mar 2016, 21:24
by pleconut
Thanks for updating us.

Re: 1st March 2016 :: SPAM attack on site

Posted: 02 Mar 2016, 21:29
by Jools
Functionality has been restored across the site, the messenger that sends out emails had been automatically disabled due to the number of emails heading out and that caused a lot of stuff to fail.

I've now stopped new user access so I can clear out the trash and also patch the forum software to the latest version which is the first port of call.

Jools

Re: 1st March 2016 :: SPAM attack on site

Posted: 02 Mar 2016, 21:31
by pleconut
Thanks Jools :-BD