Security Problem - SMF 1.6

Started by Gryphoune, September 22, 2008, 02:32:29 PM

Previous topic - Next topic

Gryphoune

I wasn't sure where to put this but I am having a problem with some ad sites posting on our boards without having posting permission. We have the guests not able to post and all registrations require approval for activation. So I am not sure how they are able to post. In addition, the poster's name is usually part of the title of the post and is not clickable as it is for members who post, so I can't trace the user and his IP.

I have gone through the Error Log and I found 3 Google IP's that I banned because they keep attempting admin actions.

So, my question is whether or not I can do anything to prevent these ad posts or is there a way to trace them in order to ban their IP?

青山 素子

Quote from: Gryphoune on September 22, 2008, 02:32:29 PM
I have gone through the Error Log and I found 3 Google IP's that I banned because they keep attempting admin actions.

Google will attempt to follow any link it finds, so you'll see that on occasion. It's perfectly fine. I advise removing the bans if you want to be indexed.


As for the accounts, are they admin approval or member activation? It is possible they are signing up to post, but then deleting their accounts. Requiring approval to delete an account should help determine this as well.

Are your boards all using local permissions, or set to global?
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


karlbenson

If you've got adsense on your forum, it will attempt to access every link that you and your users visit. (but for private areas will see login pages). It does this in order to serve relevant ads.

Gryphoune

I have registrations set to admin approval and guests have no posting permissions at all. Permissions are set by member group so when a member registers and is then approved, he is assigned a member group(s), as applicable.

This a gaming guild website and forums and is used strictly for guild communications. We do a little promoting within the games we play but we don't go spamming recruitment. This is why I have the permissions set this strict.

I don't have any ad mods on the forums but I do have the following mods installed:

Waltz Theme
Treasury
SMF Gallery
Custom Form Mod
RSS Feed Poster
Simple Awards

Also, they only post in the Off Topic Forum in the General category where there are 2 other boards they can view also. These three boards are the only ones guests can view.

Advertisement: