You are not logged in. Please login or register.
PunBB Forums → General discussion → Attempted hack?
Something strange happened on our forums last night, it appears that the view count on any posting with zero replies suddenly shot up to around 13 thousand views. Any ideas? How can I check that the forum is still secure?
I have recently upgraded to 1.2.14.
Thanks
Ste
Hack? No 
The view count tracks the number of times a topic is looked at, that's all. Someone (or something) was obviously refreshing those topics a lot. No hack involved
Still not convinced, having checked the log files for apache I managed to track down the IP address of the machine that was hitting the forum.
This Machine read various pages on the forum 879,292 times, it was only topics that had 0 replies of which there were 28. On viewing the log files with Awstat this machine used over 5gb of bandwith. there was deffo something going on.
As I say we have narrowed it down to a specific IP address and have informed the relevant ISP.
Ste
Obviously, he wasn't using any vulnerabilities to access your board. Probably just the script that fetched empty topics in an attempt to slow/bring down the site, or use some bandwidth
Obviously, he wasn't using any vulnerabilities to access your board. Probably just the script that fetched empty topics in an attempt to slow/bring down the site, or use some bandwidth
That's pretty much what I was thinking happened as well.
Maybe someone was eager to know when a reply got posted. 
Obviously, he wasn't using any vulnerabilities to access your board. Probably just the script that fetched empty topics in an attempt to slow/bring down the site, or use some bandwidth
Yeah, but how useless it that... if you'd write a script to overload/use bandwidth, wouldn't you load topics with posts?
I noticed a lot of bandwith usage with various rss parsers/readers.
They often update to verify if there are changes in the topic/blog/site and are sometimes very badly configured with a wait time of 5 minutes (a case i had with a website using my rss feed parsed on their site).
We had something similar happen here at punbb.org about a year ago. I was able to track down the person behind it. Turns out he had written a script that grabbed a page of PunBB.org, but he had made some mistakes in the code so the script grabbed the page a couple of thousand times. He had also confused the time parameters in the scheduled cron job which meant it was pretty much running constantly. The bandwidth graphs from that month are funny looking 
PunBB Forums → General discussion → Attempted hack?
Powered by PunBB, supported by Informer Technologies, Inc.