Forum HACKED by account Guests
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=28980
Printed Date: 01 April 2026 at 4:05pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: Forum HACKED by account Guests
Posted By: jwmagno
Subject: Forum HACKED by account Guests
Date Posted: 25 November 2010 at 2:34pm
|
Last night a user hacked our forum using the account "Guests". They posted many messages and I'm not sure how they did that. What should I do? I have about 20 posts under this account. We require registration for all posts so how did they use this account?We are freaking out here we have used this forum for years and have paid for upgrades to stay current.
|
Replies:
Posted By: WebWiz-Bruce
Date Posted: 25 November 2010 at 3:17pm
|
I very much doubt the issue is due to the Guest account being hacked. Anyone not registered or logged in runs under the Guest Account so everyone has access to this account. Guests or in other words the Guests Account then has the same permissions placed on it any other account would, but with a few extra restrictions added such as not being able to send PM's and having to use CAPTCHA to post. You may also be mistaken that a Guest has posted. If you delete a member from the admin area, so that topics do not get 'disjointed' with missing posts and posts created under the account would be shown as being posted by a 'Guests' once the member is deleted. If you are not running the latest release you should also upgrade your forum as allot of work was done to protect the forum from cross form forgery requests where hidden links, images, forms, etc, can be used to trick a registered user in to submitting content of changing admin settings without them knowing.
------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: jwmagno
Date Posted: 25 November 2010 at 3:31pm
|
They used the account named "Guests". Yes that is plural. Trouble is I cannot delete this member. There is no Guest account when I search the member directory.
I just went in and changed the password for that account.
How do you explain the over 25 posts to that account? We are running 9.61.
Thanks for your help.
|
Posted By: WebWiz-Bruce
Date Posted: 25 November 2010 at 3:50pm
|
Unfortunately without access to your forum, database, and log files I can not tell you what the issue might be. As long as you keep Web Wiz Forums up to date there are no vulnerabilities that would cause this. Most of the time when people have these issues it's due to lack of security such as easy to guess passwords, giving admin access to other accounts, or bad security on the server. If you have renewed your upgrade protection then you would have support as well and you should fill in a support ticket from your Client Area account so that we can go in and have a look at your forum and find what the issue is. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: jwmagno
Date Posted: 25 November 2010 at 3:55pm
|
Can you at least tell me if "Guests" is a valid account? It's part of the Guest group.
|
Posted By: WebWiz-Bruce
Date Posted: 25 November 2010 at 3:58pm
|
The built in 'Guests' account can not be deleted as all unregistered user run under this account. Without this account your forum would not run hence why you can not delete this account. The only way for someone to have posts under the 'Guests' account is either a member was deleted and their posts have been updated to show as being posted under the 'Guests' account, or the Guest account was given 'Create New Topic' or 'Post Reply' permissions.
------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: jwmagno
Date Posted: 25 November 2010 at 4:02pm
|
I think I know what happened now.
We had a spammer register in the forum under "course555". They then added a bunch of posts.
I went in and deleted the member since that would be easier than removing each one individually.
That explains how they all ended up in the "Guests" account.
Going forward what is the easiest way to batch delete spammer posts like this without deleting the member? Basically I want a batch way to delete all of a members posts.
Thanks for the assistance.
|
Posted By: WebWiz-Bruce
Date Posted: 25 November 2010 at 4:15pm
|
The best thing to do is to suspend the account, that way when using email activation of new members that person can not register again under the same email address. The only way to delete the posts at present is to go through and delete each post that they made. You can use the search by member option in the forums search to locate the posts made by that member more easily. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: jwmagno
Date Posted: 25 November 2010 at 4:25pm
| Thanks Bruce. Seems that in our panic we created our own problem here. |
Posted By: WebWiz-Bruce
Date Posted: 25 November 2010 at 5:52pm
|
Are looking at adding a new feature to Web Wiz Forums, some type of 'Nuke Spammer' button that will suspend the members account, block there email address, and delete their posts. Which should make things simpler. There is also a guide on the page below on protecting your forum from spammers:- http://www.webwiz.net/webwizforums/kb/spam_prevention.asp" rel="nofollow - http://www.webwiz.net/webwizforums/kb/spam_prevention.asp ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: 123Simples
Date Posted: 25 November 2010 at 6:20pm
Bruce - I think the Nuke Spammer option sounds really great. It would be a welcome addition to the web wiz forum software  ------------- http://www.123simples.com/" rel="nofollow - Visit 123 Simples Web Design |
WebWiz-Bruce wrote:Posted By: billd3
Date Posted: 29 November 2010 at 2:36pm
|
Amen to that - as I've stated in another post here.. We have at least a spammer a day, sometimes two. Ah, the negatives of being found and popular! We have an unwritten rule that any mod who suspends a user also puts their name in the comments section and why, then the spammers posts are moved into a graveyard. We then periodically clean out the graveyard. That way if someone gets a bit over-anxious and kills a post that really isn't to be killed, we can review and move it back. Sort of a purgatory for posts........ I'd love it if the "new option" would comment automatically as to what mod took the nuke action and gave the option to move instead of delete posts, but delete would be ok - hide might be good, too. Whatever works best for all....... ------------- BillD http://theamcpages.com http://theamcforum.com |
Posted By: merlinmags
Date Posted: 14 December 2010 at 4:39pm
|
I made a small mod to our forum (v9.66) to add a "Kill spammer" option to each post. Then when we spot an obvious spammer posting nonsense with lots of dodgy links, we click once to:
1. delete all users posts
2. reset stats for each thread and forum affected
3. change user 'notes' to say "spammer"
4. set user non-active and suspend them
It wasn't too hard, if you know your ASP. I did write a SQL stored procedure to make things a bit easier though. Nothing complicated though.
|