Hi,

I was running version 1.03 and two days ago a wave of spambots came along and started posting like crazy in my forum. They would create nonsense posts full of links every 2 minutes or so and I'd end up having to delete hundreds of posts in phpmyadmin.

My board is set up so only registered users can post, but these bots somehow get around it. They come up with dumb names like "car", "lesbian", "games", "home", etc. and just make post after post. However, they are not registered and can't be found within my joomla userlist. I've tried blocking those names but that doesn't help. It's almost like they're tricking my system into thinking they're registered users when they aren't.

I tried upgrading to 1.04 today and it hasn't slowed them down. Does anybody have any advice on how to stop them?

Here's some more info... When viewing the thread the name will say "home (visitor)" and when you look at their post in the latest posts section the author is listed as "guest".

Also, they switch their IP address all the time, but their email address is always This e-mail address is being protected from spam bots, you need JavaScript enabled to view it

Here's a link to my forum, if anybody would like to examine further. it's www.twolvesblog.com/forum

This is driving me insane and there's no way I can keep up with them. I'd deeply appreciate anyone who could help me out with this one.

Try the nightly builds. close your public writing (check administration options), so only registered users can post. if you want open to guest forums then you should use CAPTCHA plugin inside FireBoard.

let us know how it went.

Disallow guest posting.

Hi, thanks for responding.


I've never allowed unregistered users to post. It seems that the spambots are able to get past this and post even though they aren't registered.


I added the captcha security after upgrading to 1.04 just to see if that would stop them and it didn't.


I'll try the nightly builds and see how it goes, but it seems that these bots are just completely bypassing everything that's been established to secure the board. I was wondering if you guys had any extra tricks up your sleeves, like blocking certain email addresses that might help.

try checking your server access logs, to see how they are doing it. This will help us to see their method.

Hi,

I'm 100% self-taught on the computer. How would I go about checking the access logs and what would I be looking for to tell how they were doing it?

Sorry if that's a dumb question. I'm pretty good with this stuff for never being trained, but there are some things I just don't know how to do.

Ok, I've checked my access logs and can't find anything.

I'm even using the joomlawatch component which shows you every user and every bot accessing the site and can't find the bot. I'll watch and nobody will be accessing any of the pages necessary to create a post and posts will appear.

I'm not sure if this is some kind of PHP or SQL injection and not a bot???

Right now I've locked the 2 areas of the forum where the posts repeatedly occurred and it appears to have stopped it, although nobody else can use them either.



Here's what I think might solve the problem...

The only thing consistent is the titles of the posts and the email address of the poster. Can somebody come up with a quick code I can insert into the fireboard code to do the following:

Create a code so that if the post title is "car" then the post will not register

or

create a code so that if the poster's email address is " This e-mail address is being protected from spam bots, you need JavaScript enabled to view it " the post will not register


I'm guessing it's not rocket-science to code for that, but it's certainly above my head. If anybody could help me out, I'd be extremely grateful. This is driving me nuts!

you have to write a simple check in post.php, after if ($func=dopost)...
get the variables from following lines in post.php (after the check), like $..subject... (cant remember the name)

At the risk of sounding like a complete idiot, where is the post.php file located?

I've been looking in the components/com_fireboard folder as well as the administrator/components/com_fireboard folder and can't find it.

It's located in your template-directory