1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacked, then massively spammed!

Discussion in 'Troubleshooting and Problems' started by Tom7, Jan 5, 2013.

  1. Tom7

    Tom7 New Member


    Please note that I was mistaken in my original post: I was not hacked after all. I thought that because the spam cleaning links were gone, that someone altered my site before hitting me. I now know better. (Thanks again, Peter).

    I am a new xenforo owner (forums.basketballogy.com).

    Tonight is a NIGHTMARE and I need to know what happened, how to fix it, and how to prevent it from happening again.

    In a span of just a few minutes we got hit by hundreds of spam messages in what looks to be a coordinated attack of several users or a bot logged in as several users.

    More troubling though, is they must have hacked my site first because all tools to stop spam have been removed. We (my moderators and I) cannot ban them or remove the spam.

    All I could think of to do was quickly log in to the admin panel and mark all the categories as private, so now they should not appear to the spammers for them to hit.

    Next I went through the users currently logged in and manually typed the user names of spammers logged in into the admin panel and banned them that way. But even though they are banned, they are still logged in.

    Now I don't know what to do. They have effectively closed down my site.
  2. hellreturn

    hellreturn Active Member

    If you have backup of your files and DB:

    1. Remove every files from your FTP.
    2. Change your SSH password.
    3. Secure your VPS if it is if not ask your host to look at security issues.
    4. Change all your passwords.
    5. Scan your PC with good antivirus and malaware scans.
    6. Re-upload back up files and database.

    If not, I would suggest to create a ticket so XF staff can help you out directly. Slavik is Ace in helping :)
    Chris D and Tom7 like this.
  3. Tom7

    Tom7 New Member

    Thanks for the tips; I'll see what I can do but I hired someone to set up my forums for me, so I cannot do most of what you suggest. Yet.

    I've been spending time reading here of others who have been hacked and trying to learn from what I am reading.

    Meanwhile, here is some of what I've learned for the benefit of others:
    • Beware the unnamed visitors -- particularly with IP addresses in the Ukraine and Beijing. They have been lurking, waiting for all moderators and admins to not be logged in, THEN they hit.
    • The spammers create accounts LONG before they use them. These "sleeper agents" lie dormant, then all at once they come on together and hit you.
    • Given that there has been absolutely no content on my forums site for nearly 4 hours now (because I marked all the forum categories "Private" to make them quickly disappear from spammers' view), there is no reason for "guests" with IPs from the Ukraine and China to be lurking on the site for 18+ minutes -- especially since the spammers who hit me posted from Ukraine and Chinese IP addresses, so since the attack I have been banning the IP addresses of those guests who come to my empty site and lurk. Sure, they could be legit, but with IPs like: " baiduspider-180-76-5-100.crawl.baidu.com" I'll take my chances.
  4. SchmitzIT

    SchmitzIT Well-Known Member

    It was us who helped Tom set up his site :)

    I just logged in and disabled the Spam Manegment registrations by setting them to 0. This probably is why the spam tools were unavailable, as the spammers simply waited until the default period configured expired. By disabling the options, the spam tool will always be there, ready for Tom and his moderators to slam-dunk them.

    I also installed XenUtiles to set up a Kobe and Michael Jordan block at the gates, hopefully preventing most spammers from successfully registering to begin with.

    The baiduspider is a spider for a search-engine (Baidu, the Chinese version of Google), by the way. You probably don't want to block those.
    Tom7 likes this.
  5. Tom7

    Tom7 New Member

    And to correct myself in my first, thread starting post...

    I was NOT hacked!

    I was naive.

    I didn't realize that my spammer settings was the reason the ban links were missing.


    Once again Peter, THANK YOU for all you've done to help me. You are the best!
    tafreehm likes this.
  6. tafreehm

    tafreehm Well-Known Member

    also read this: http://xenforo.com/community/resources/dealing-with-forum-spam.980/
    Jake Bunce and Tom7 like this.
  7. Tom7

    Tom7 New Member

  8. oman

    oman Well-Known Member

    Probably worth putting in an interactive Captcha like KeyCAPTCHA. It works very well.
    Tom7 and Shyuan like this.
  9. Tom7

    Tom7 New Member

    The default captcha, ReCaptcha basically did nothing to curtail this spam attack; I'll look into KeyCAPTCHA. Thanks.
  10. Shyuan

    Shyuan Well-Known Member

    I second that. I like keyCaptcha too for helping me out. :)
    Tom7 likes this.
  11. Tom7

    Tom7 New Member

    Thanks, I really appreciate your guys' help, and look forward to the day when I may know enough to help out some newbie too. :cool:
    Shyuan likes this.
  12. MattW

    MattW Well-Known Member

    I'll 3rd KeyCaptcha, I'm running it on all my sites (XF, phpBB3, WordPress and OpenCart)
    Tom7 and Shyuan like this.

Share This Page