Hi everyone
Just a quick question regarding a mysterious guest with no IP address.
First of all, the site is running SMF v2.0.6. Everything has always been kept up to date and well maintained.
Within the last 3-4 days there have been nearly 100 errors generated each day at various times in the SMF error log. These errors are all originating from a mysterious guest with no IP address and nearly all of them point to the file "security.php". Most of the actual error messages are "Undefined index: permissions" and then there are the critical ones like "Sorry, but you've reached your login attempts threshold. Please wait 30 seconds and try again later" but there are a number of other error messages being generated as well.
Looking at the dates and times these error messages are generated, it appears to be a bot because, for example, there are as mnany as 30-40 all generated with a matter of seconds. However, there have also been instances where they have been spread out over time.
Stop Spammer, httpBL (and more recently) Forum Firewall have been installed. Many other measures have been taken as well (captcha, various restrictions and challenges, etc). However, the mysterious guest just seems to blows right through them without leaving a single trace and since there is nothing to ban or block (IP, hostname, user agent, headers, etc) it continues.
Because of the nature of the errors and the lack of an IP address, it would be difficult to imagine that this is simply a rogue MOD (the same MODS have been installed for a long time and there have been no issues).
I guess the questions here are: Is there anything that can be done to unmask whoever (or whatever) is doing this and block them? and is this something that others have experienced as well?. Any input or recommendations on how to proceed would be really appreciated. Thanks so much!.