Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Spam attack onto our shoutbox, need help please
#1
I'm Josh from pixelcarworld.com and we recently encountered a spam attack through our shoutbox. We found out it was a php injection by this site http://www.taalpalet.nl/

We're not able to get rid of it and it keeps filling up our shoutbox and banning our members. It started out as a person (I assume) banning everyone from the sb it could. It was using profile after profile that wasnt even in the system and even using the names of current members. It also had the sb rights that no regular member should be able to have.

The admin (Andy) restored the site to the way it was before the 1st attack but the injection is still there. And our forum is broken now.

If anyone knows how to combat this please reply cause were more or less at the mercy of this thing atm. Thanks.

edit: It seems to have died down for now but our forum is still broken, Andy requested a backup just a min ago so that might help.

edit 2 : Forum is back up but the php injection is still there. Not spamming again yet though.
#2
Disable it then. Obviously it's vulnerable and you can't control it.
#3
Use something else that is known to be less vulnerable and from a well-known author.

You might want to try MyShoutbox.
PGP Key (Fingerprint: 23B6 F4C0 FE2D 45AA 61A0 1E86 DB87 09DC DD87 6E40)
#4
An alternative idea is to get a Developer to review the code and patch up the injection issue. You'll most likely have to pay someone to do it.
#5
1 - Contact creator of plugin and explain the problem
2 - Etiher wait for them to fix it or delete the plugin and drop all the tables associated with that plugin if they still exist and install a more stable shoutbox, such as myshoutbox


Forum Jump:


Users browsing this thread: 1 Guest(s)