Caught a Spammer and Now I'm Banned from my own site?

Sam Mustafa · November 16, 2016, 10:08:47 PM

A couple of hours ago I caught a Russian spammer who had created an account and was posting links to Russian sites. I banned his IP address and member name, and suddenly I'm banned from my own website... as is, apparently, everybody else.

I get this message on the login screen: "Sorry Guest, you are banned from using this forum!
Spammer
This ban is not set to expire."

I've banned members before and never had this problem. How do I fix it? How do I get back in?

Sir Osis of Liver · November 16, 2016, 10:19:18 PM

Can you register a new account?

Sam Mustafa · November 16, 2016, 10:23:16 PM

No, I can't get past the announcement that I'm banned.

Sir Osis of Liver · November 16, 2016, 10:24:34 PM

Can you change your ip?

Sam Mustafa · November 16, 2016, 10:26:50 PM

How do I do that? You mean, just log in from a different router?

Sir Osis of Liver · November 16, 2016, 10:31:32 PM

You probably won't be able to login, but you should be able to register, then go into your database and change id_group in smf_members to 1 for new member.

Or, you can go into smf_ban_groups and delete the row for your admin account.

Sam Mustafa · November 16, 2016, 10:36:11 PM

Just going to the page locks me out. I can't get past that "banned" message to do anything.

QuoteOr, you can go into smf_ban_groups and delete the row for your admin account.

Can you explain that to a newb? How, exactly do I do that? Where do I start?

Woraphat · November 16, 2016, 10:36:27 PM

In my area, unless people have a dedicated IP, turning the router off, wait a few seconds and turn it back on will get us a different IP.

If your IP is in the banned list, you cannot register.

Sam Mustafa · November 16, 2016, 10:41:49 PM

No, everybody is banned. Everybody gets the same message and block. Nobody can get past that screen. I've got complaints coming in from all over the world.

Like I said, I've banned spammers before but never seen this sort of thing happen.

What do I do?

Sir Osis of Liver · November 16, 2016, 10:42:06 PM

You access your database with the MySQL database section of your host control panel, load phpMyAdmin, select the db, then the smf_ban_groups table, Browse, and it'll display all rows, one for each ban. Find your admin account, delete the row. Backup the db before you do anything to it. You can Export with phpMyAdmin, or better, use control panel backup if you have that feature.

Sir Osis of Liver · November 16, 2016, 11:08:08 PM

Hmm, looks like you'd also have to go into smf_ban_items to clear your ip.

Sir Osis of Liver · November 16, 2016, 11:19:11 PM

Hee hee, was just able to duplicate the problem by banning a member and setting ip trigger to *.*.*.*. SMF really shouldn't allow that, it bans everyone from accessing the forum. You have to delete the ip ban in smf_ban_items, then clear your browser. Once you're back in, change your admin password first thing and remove admin access from any other admins until you figure out who did this.

Kindred · November 17, 2016, 12:08:54 AM

Yet another reason to never use the ban by ip address ... seriously, spammers just pick up another ip very easily and you are more likely to hit a real user... stop the spammers from ever registering in the first place and you don't have to worry about bans

rgregory · November 17, 2016, 08:06:35 AM

Hi Guys,

I'm helping Sam try to clear this up as I'm slightly more comfortable poking around in databases.

Here is a couple of screenshots of the ban_items and ban_groups DB's, I'm not sure what to delete. I deleted the last row (14) in the IP bans to see if that helped. I can't see where the admin group is banned?

Do these screenshots help?

Thanks guys, it helps to have some folks with such awesome knowledge looking at this!

Illori · November 17, 2016, 08:16:27 AM

you cant ban per group, easiest way to resolve the issue would be to backup those tables and clear the rows from the tables and see if you can log in after that. unless you really need one of the bans you can leave the rows out of the tables.

Kindred · November 17, 2016, 08:25:58 AM

4,100 hits on row 12?

If that is a real ban, then you should be using .htaccess , not the forum... otherwise, that looks like a definite possibility for your problem.
(especially if the host added a proxy server lately, in which case, basically, ALL connections look like they are coming from that one IP.)

Sam Mustafa · November 17, 2016, 11:16:29 AM

OK, I followed Sir Osis' instructions (thanks! very clear once I got into the database), and I found the ban row for that spammer. So I deleted his ban, and suddenly the whole world is back to normal.

Admin was never banned. There were only a handful of old bans from a few years ago.

Does anyone have any idea why banning this one guy would shut down the whole Forum, and un-banning him would open it all up again?

I've done bans before and never had this problem.

Kindred · November 17, 2016, 11:32:22 AM

See my statement above.

Basically, do not use IP addresses to ban people.

Sam Mustafa · November 17, 2016, 11:34:26 AM

Lesson learned, thanks. But does anybody know why using IPs to ban people was fine in the past, but in this case it would ban everybody?

Kindred · November 17, 2016, 11:36:59 AM

Quote from: Kindred on November 17, 2016, 08:25:58 AM
(especially if the host added a proxy server lately, in which case, basically, ALL connections look like they are coming from that one IP.)

News:

Caught a Spammer and Now I'm Banned from my own site?