mieciu Posted June 6, 2011 Report Share Posted June 6, 2011 I don't know if that has anything to do with security in a garage system, but attack on my forum, which has caused lot of problem, started from porn spambots adding lot's of vehicles with links. I lost 40k users in few minutes. These were replaced with 170 bots. ibf_members tabel was restored without any problem, but i didn't have backup of 'uploads' folder. Whole IPGallery and avatars were pruned. Just want you to know, but I'm not blaming anyone. I dont really know if it was security problem with ipb or garage system. Quote Link to comment Share on other sites More sharing options...
Management Michael Posted June 7, 2011 Management Report Share Posted June 7, 2011 If you can PM me anymore information you have, I'll definitely take a closer look into this. Obviously you never can guarantee something is 100% secure, as someone is always trying to find vulnerabilities but I'm currently not aware of any exploits in IPB 3.1.4 or the Garage. Have you considered a server vulnerability or any other software you have installed on your site? Quote Link to comment Share on other sites More sharing options...
mieciu Posted June 7, 2011 Author Report Share Posted June 7, 2011 http://www.forumrowerowe.org/garage/vehicle/1313-kekcitremetew-kekcitremetew/ http://www.forumrowerowe.org/garage/vehicle/1306-riyabutler-riyabutler/ http://www.forumrowerowe.org/garage/vehicle/1304-riyabutler-riyabutler/ http://www.forumrowerowe.org/garage/vehicle/1300-riyabutler-riyabutler/ http://www.forumrowerowe.org/garage/vehicle/1295-riyabutler-riyabutler/ It's hard to say if it was server security fault, because there are few other sites based on phpBB, joomla, etc, and they are ok. Quote Link to comment Share on other sites More sharing options...
Management Michael Posted June 8, 2011 Management Report Share Posted June 8, 2011 I could add a captcha for add vehicles but if these bots registered they probably can bypass captcha. If you can use the spam service from IPS, that should cut down a lot of the spam. Also make sure the group permission setting "Vehicles allowed per member?" is not set too high. I've got a few ideas to cut down on spam that I'll implement next version. If you want to try them, open a support ticket and I can provide instructions or apply the changes for you. As for the hacking, I'll need to confirm it's the Garage before doing anything. Quote Link to comment Share on other sites More sharing options...
Breadfan Posted July 1, 2011 Report Share Posted July 1, 2011 (edited) I'm presuming for the garage mod you have group permissions feature? If that's the case, you can always set registered members to be able to post there and also enter a challenge question only humans would understand in order to prevent bots from registering. Edited July 1, 2011 by Breadfan Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.