I don't know if that has anything to do with security in a garage system, but attack on my forum, which has caused lot of problem, started from porn spambots adding lot's of vehicles with links.
I lost 40k users in few minutes. These were replaced with 170 bots. ibf_members tabel was restored without any problem, but i didn't have backup of 'uploads' folder. Whole IPGallery and avatars were pruned.
Just want you to know, but I'm not blaming anyone. I dont really know if it was security problem with ipb or garage system.
DevFuse Products (View All Products)
1
3.1.4 hacked... started from garage system
Started by
mieciu
, Jun 06 2011 11:11 AM
4 replies to this topic
#1
mieciu
-
- Customers
-
- 14 posts
Member
- IP.Board Version:IPB 3.0.x
- First Name:Pawel
Posted 06 June 2011 - 11:11 AM
#2
Michael
-
- Management
-
- 3,137 posts
Management
- Gender:Male
- Location:Australia
- IP.Board Version:IPB 3.1.x
- First Name:Michael
Posted 07 June 2011 - 04:08 AM
If you can PM me anymore information you have, I'll definitely take a closer look into this. Obviously you never can guarantee something is 100% secure, as someone is always trying to find vulnerabilities but I'm currently not aware of any exploits in IPB 3.1.4 or the Garage. Have you considered a server vulnerability or any other software you have installed on your site?
Keep up to date with DevFuse mod development and releases.
#3
mieciu
-
- Customers
-
- 14 posts
Member
- IP.Board Version:IPB 3.0.x
- First Name:Pawel
Posted 07 June 2011 - 10:58 AM
http://www.forumrowe...-kekcitremetew/
http://www.forumrowe...ler-riyabutler/
http://www.forumrowe...ler-riyabutler/
http://www.forumrowe...ler-riyabutler/
http://www.forumrowe...ler-riyabutler/
It's hard to say if it was server security fault, because there are few other sites based on phpBB, joomla, etc, and they are ok.
http://www.forumrowe...ler-riyabutler/
http://www.forumrowe...ler-riyabutler/
http://www.forumrowe...ler-riyabutler/
http://www.forumrowe...ler-riyabutler/
It's hard to say if it was server security fault, because there are few other sites based on phpBB, joomla, etc, and they are ok.
#4
Michael
-
- Management
-
- 3,137 posts
Management
- Gender:Male
- Location:Australia
- IP.Board Version:IPB 3.1.x
- First Name:Michael
Posted 07 June 2011 - 11:23 PM
I could add a captcha for add vehicles but if these bots registered they probably can bypass captcha. If you can use the spam service from IPS, that should cut down a lot of the spam. Also make sure the group permission setting "Vehicles allowed per member?" is not set too high.
I've got a few ideas to cut down on spam that I'll implement next version. If you want to try them, open a support ticket and I can provide instructions or apply the changes for you. As for the hacking, I'll need to confirm it's the Garage before doing anything.
I've got a few ideas to cut down on spam that I'll implement next version. If you want to try them, open a support ticket and I can provide instructions or apply the changes for you. As for the hacking, I'll need to confirm it's the Garage before doing anything.
Keep up to date with DevFuse mod development and releases.
#5
Breadfan
-
- Customers
-
- 105 posts
Elite Member
- Gender:Male
- IP.Board Version:IPB 3.2.x
- First Name:Kenan
Posted 01 July 2011 - 05:26 PM
I'm presuming for the garage mod you have group permissions feature? If that's the case, you can always set registered members to be able to post there and also enter a challenge question only humans would understand in order to prevent bots from registering.
Edited by Breadfan, 01 July 2011 - 05:26 PM.
Croatian multigaming clan *NOB* Mrcine
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
