@admin, moderators: Disable Anonymous-Guest-Postings

michael.habbe · Post by **michael.habbe** » 04 Mar 2006, 11:38

Just have a look around the forum, you see what i mean.

jelv · Post by **jelv** » 09 Mar 2006, 00:01

I'm starting to get a bad feeling about the way things are going with Mantis. Are the developers losing interest?

If they cared they'd be concerned about the way things looked to visitors on these forums.

They need to update to the latest phpBB and disable Guest posting ASAP.

michael.habbe · Post by **michael.habbe** » 09 Mar 2006, 00:40

I have posted a bug into the bugtracker, perhabs someone sees the problem!?

http://bugs.mantisbt.org/view.php?id=6797

Narcissus · Post by **Narcissus** » 09 Mar 2006, 00:49

Unless I'm mistaken, I believe anonymous posting was disabled 3 or 4 days ago...

Narcissus · Post by **Narcissus** » 09 Mar 2006, 01:03

Hmmm... I spoke too soon :)

Although it's been disabled, it still seems as though they're getting through.

My apologies guys!

jelv · Post by **jelv** » 09 Mar 2006, 01:19

Is this forum running version 2.0.19?

Post by **vboctor** » 09 Mar 2006, 01:25

I'm not sure which version of phpBB is powering this forum. Ken is the one who installed it and is the admin for it. I've sent him an email regarding this issue.

Hopefully it will be sorted out soon. I've been getting a lot of spam on my blog as well. This was improved by upgrading the b2evolution version. I suspect we may need to disable guest posting + upgrade to latest version of phpBB (if applicable).

Sorry for the inconvenience.

Regards,
Victor

Post by **vboctor** » 09 Mar 2006, 21:41

Users must now be logged-in in order to start new topics or reply to existing ones. Hopefully this will get rid of the spam.

I will try to clean up the existing span entries as much as I can. I didn't find a way to allow easy deletion of a related group of threads (e.g. submitted from the same IP or have some similar characteristic). So for now, it will be a manual process.

Regards,
Victor.

jelv · Post by **jelv** » 09 Mar 2006, 21:59

If you are not on the latest version, disabling guest posting may not solve the problem. They could be exploiting an SQL insertion vulnerability.

Post by **vboctor** » 09 Mar 2006, 22:02

At the moment, we are using phpBB 2.0.11, I can see they are up to phpBB 2.0.19 now. I will do an upgrade when I get a chance, but I have to check with Ken first what sort of customisation he did to the code when he installed it. For example, this instance supports links to bugs in our bug tracker by using # and bug number.

If the spam continues, then this will become more of a priority.

Regards,
Victor

jelv · Post by **jelv** » 09 Mar 2006, 22:13

vboctor wrote:At the moment, we are using phpBB 2.0.11

Oh dear! That version has many well known vulnerabilities.

You've been very, very, very lucky to have only been spammed. I had forums running 2.0.11 and just after Christmas they got hacked with obscenities and anti-gulf war slogans.

Post by **vboctor** » 09 Mar 2006, 22:27

OK, you got me worried there. I will hopefully upgrade it this weekend :)

Regards,
Victor.

michael.habbe · Post by **michael.habbe** » 09 Mar 2006, 23:06

If you want, i can help to delete the spam.