My forum/site has been compromised?

Started by uncleusta, March 26, 2019, 01:08:01 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

uncleusta

March 26, 2019, 01:08:01 PM
Hi,

So, I haven't issues with my site for the entire year that has been up until I recently installed SMF. I logged into the Google Search Console to see if there are any issues as I do so often to keep an eye on any potential issues and to my surprise, I see this;







I noticed a bunch of spam/bot accounts had registered so I deleted them as well as the few posts they made with spam links to suspicious/spam websites.  I've also improved the registration process (e-mail validation, answer questions, highest setting of image verification).

Is that all there is to it? How do I double check to see my site/forum isn't being hijacked by those links seen in the image?

Anyone else have a similar issue or any advice?

Thanks.

Aleksi "Lex" Kilpinen

#1
March 26, 2019, 01:14:54 PM
We all (that is, any forum admin and this site as well) have a problem with spammers. All you can do is find ways to slow them down, at best even stop them. Verification questions seem to work fairly well, if you set up a good sized pool of questions and only ask a couple at a time.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Kindred

#2
March 26, 2019, 02:08:58 PM
you see that class="bbc_link" (and the fact that it is showing up in the rss feed...?

that means that there is no compromise in this case... just spammers posting links in messages.

delete the messages, delete the accounts....   and add questions and/or other methods to stop them from registering.

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

uncleusta

#3
March 26, 2019, 02:27:56 PM
Quote from: Kindred on March 26, 2019, 02:08:58 PM
you see that class="bbc_link" (and the fact that it is showing up in the rss feed...?

that means that there is no compromise in this case... just spammers posting links in messages.

delete the messages, delete the accounts....   and add questions and/or other methods to stop them from registering.

Thank you. That was my concern, regarding the links in the RSS feed.

By deleting the posts on the forum and the spam accounts, I'm guessing that's all there is to this particular case?

Aleksi "Lex" Kilpinen

#4
March 26, 2019, 02:34:18 PM
Yes, to remove any "damage" that is all.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

delta5

#5
March 27, 2019, 09:33:06 AM
I use the stopforumspam.com plug-in
Works great and is free.

Kindred

#6
March 27, 2019, 11:48:16 AM
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

delta5

#7
March 27, 2019, 11:52:24 AM
I also use the recaptcha questions too.

njtweb

#8
March 27, 2019, 03:20:34 PM
Add a question. Mine is type this ##hockey and it's worked without issue. I also have my registration set to admin permission required for approval.
Print
Go Up Pages1
User actions
Advertisement: