I had 100,000 users and over 300,000 posts on my forum, but then lost it all...

[samstephens]

...when I clicked the "Delete Database" link in cPanel.

As it turns out, the usernames were random, and all the posts were porn.

I had left a phpBB formum on one of my dormant sites, when I suddenly realised I had about 3 gb of space taken up in MySQL databases.

Turns out I've had bots running their own little porn-fest on an unused forum that I was using to test out a template almost two years ago.


Just a quick note - if you're mysteriously running out of space, or suddenly using about 20 gb of extra bandwidth per month, check to see if there's a "spam party" going on in a long forgotten script

cheers
Sam

[George Wright]

Thanks Sam,

I had a virtual dedicated server and one day all the space was gone. I never could find the problem. Tech support wanted me to change to plesk as they offered no support for cPanel and a very nice Warrior tried to find the problem and never could.

Finally I just moved all my stuff to a little $9 a month hosting service and never had another problem.

I'm glad you brought this up, let's me know I'm not alone on such things.

George Wright

[Gary Huynh]

Hmmm, interesting...did you get any search engine traffic at all from those posts?

[GarrieWilson]

You could have started charging admission for that much porn.

Garrie

[onlinemoney00]

Is DLR Guard the software you use to rectify the situation

[samstephens]

Hi George,

That's strange! Another spot space gets taken up is the cache files in your "tmp" folder for your stats software. These can quickly sneak up on you!

Quote:

did you get any search engine traffic at all from those posts?

I didn't check originally, so I just had a look now - I got about 40 hits for each of the keywords: video, videos, credit, viagra.

Thinking about it, I probably should have redirected it to a credit affiliate program...that would have been smart. I still might do that, actually - thanks for the idea

Quote:

You could have started charging admission for that much porn.

Haha, yeah I didn't think that one through real well

Quote:

Is DLR Guard the software you use to rectify the situation

Nope, DLGuard is security for when you're selling products.

This forum was just spam, and all I did was delete the forum. Nice and easy

But it's a good example of why you should implement a decent CAPTCHA or similar system in forums

cheers
Sam

[James Schramko]

That is such a shame Sam, I was enjoying your daily top ten newsletter...

[StaceyStanley]

Oh my gosh Sam! Thanks for the warning! I'm just getting my feet wet in web hosting, so I now know what to look out for... I'd hate to be a porn hoster!

Stacey

[Dan Grossman]

If you're going to install free software packages on your site, like phpBB, WordPress, Joomla, Drupal, etc... you MUST keep them up to date. As they are used by so many sites and are open source, they are targeted by hackers. Once they find an exploit, they can hack millions of sites instead of just one.

The software makers generally release updates to fix these vulnerabilities when they are found, but you must keep on top of watching for updates and installing them.

If you don't, the consequences could be much more dire than this. You could end up losing a customer database with personal information resulting in a lawsuit if the information is misused, or hosting porn without knowing it and facing long jail time and huge fines for not complying with the record keeping requirements anyone that hosts porn in the US must comply with.

Not being aware you're breaking a law is no defense, just ask the Kazaa users that didn't even know they were sharing any music they downloaded with others, then were sued and lost hundreds of thousands of dollars against the recording industry.

[Martin Luxton]

My band site's 'Contact Us' page was getting a lot of traffic from porn sites. I deleted the page and lost about 70% of my traffic.

The problem was, Google bots used to visit me 6 times a day. Now they've stopped coming.

I can only assume Google bots have interesting sexual tastes

Martin

[samstephens]

Haha, sorry James, I'll see if I can start a new one up for you!



No worries Stacey, I'm glad I could help! As Dan said, as long as you keep your software scripts up to date and you use the security they give you, you should be fine!

The problem I had was I didn't bother putting any security in place because it was just a test forum, it was never meant to be public. Then I forgot about it!

I wasn't actually hosting any files, though, it was just all link posting. It's amazing how large those can get!

Quote:

I can only assume Google bots have interesting sexual tastes

Hahaha, I've always suspected! Devious little fella's...


cheers
Sam

[PaulSchubert]

Good Morning Sam, I can fully appreciate your situation. Your post is a good warning for everyone to remember to stay up to date with security. We were hacked and taken off-line by the hackers 4 times within the first 6 months this year. Finally, we found all of the hidden bots and files in our root level. The tmp directory was the biggest problem. My suggestion to everyone, based on all of the headaches we encountered... use a good ftp program and look inside your root directory, make sure you are able to view hidden files, check the file sizes and the dates last accessed. If anything looks suspicious, contact tech support at your hosting company immediately.

We actually found a phishing program designed to spam email people looking for credit card and account numbers for Wells Fargo Bank. I turned everything over to the highest level security in our Government, and they caught the people.

If you use WordPress, there are several excellent threads here on the Warriors site regards that exact subject. We use almost every suggestion posted as part of our security wall, and have not had one problem since implementation.

(And now my shameless plug for Sam/DLGuard)
If you are selling downloadable digital products, you need to be using Sams DLGuard. It is worth every penny and more. The piece of mind we have using DLGuard is beyond comprehension.

PAS

[Michael Mayhew]

I knew when I saw the post title that you had phpBB installed
Go with SMF if you happen to install a new one. It's free & very secure.
I installed it after I lost my entire phpBB forum also. Same, circumstances
too. Probably half Porn. I couldn't keep up with all the spam.

[samstephens]

Hi Paul,

Wow, sorry to hear about all the hack attempts!

Glad you got it all sorted though!

And thanks for your shameless plug for DLGuard - I'm glad you're enjoying it





Hi Michael,

Heh, yeah phpBB v2 out of the box is certainly open to attacks. From what I hear v3 is better.

With v2 I just did a quick modification to the signup form to ask a simple maths question, and that stopped all the spam.

So that made it easy

cheers
Sam