Serious Problem

[Rapdis]

I have been making posts now and again about bandwidth problems with my forum.

Now there is a SERIOUS PROBLEM

I closed the forum but yet there are 5 guests viewing it, this tells me sum1 has hacked it and leaching bandwidth, there is a security problem with the forum sumwhere.

i only have 700 members and my count is 44gb of bandwith this month.

This is now obvious abuse from a proff hacker.

The admin and tech staff need to get involved and help me, also help others who might experience this problem.

It seems that all members are hacked, i know for instance that bad's back is not on the forum but yet according to the image i have attached, he is viewing it.

and so are a heap of people! but yet the forum is closed!

also notice the IP for the guests, its the same, i banned 208.237.238 but yet they are here.

notice how they are viewing avatars, i got a feeling they are refreshing it thousends of times...

i need help now, asap, i cant afford this, i paid for the licence and now hosting is costing me like £300 a month.

Someone, admin, please help.

[Rapdis]

I have upgraded version 2.2.4 to 2.2.8

But the people are still there, and the person has changed his IP and still viewing avatars as you can see in the attachment.

also apparant bad's back is viewing a forum too, he is sat right next to me and is viewing nothing, how come all these people are viewing things when i have switched the forum off, there is a BIG problem somewhere.

I have also switched off the option in the usergroups so guests cant view the forum full stop...

What now?

[Rapdis]

I deleted misc.php in the meantime so avatars can't be shown

[Erwin]

If you are absolutely sure you have closed your forum, then your forum is closed.

When a member tries to access any of the pages of the forum, Who's Online will say that they are looking at that page, but what they are really seeing is the "No Permission" page. So if I was you I wouldn't worry (unless you are certain that your site has been hacked). Even with the forum closed, vB still tells you the number of people who are trying to access each page.

If you're worried, open another window, log out, log in as a registered member on a test account and try any of the pages - see on Who's Online that vB tells you that a member is looking at a page when in reality the member is getting the "No Permission" page.

[NTLDR]

Quote:

Originally posted by Rapdis
I deleted misc.php in the meantime so avatars can't be shown

misc.php doesn't deal with displaying avatars, its forum/avatar.php

[Rapdis]

but if you look carefully, its diff guests with same IP but with one number changed, and they using 44gb a month, so im sure something is wrong, what can i do?

[NTLDR]

The 2 guests with different IPs could be the same user, if those IPs are proxy's then they may have hopped proxy whislt browsing your site, like AOL does for example.

The best way is to use .htaccess to block avatar.php, attachment.php, .gif, .jpg, .jpeg and .png if you have mod_rewrite enabled on your server.

[N9ne]

It is possible to use up 44GB per month...If you don't have GZIP enabled, allow free use of avatars, sigs, attachments, etc.

The main factor would be GZIP...

[Erwin]

Same IP means nothing. It could be a popular ISP, with many members of yours using the same proxy server used by that ISP (hence the large bandwidth), so by banning that one IP you are banning all these members.

[Rapdis]

Quote:

Originally posted by NTLDR
The 2 guests with different IPs could be the same user, if those IPs are proxy's then they may have hopped proxy whislt browsing your site, like AOL does for example.

The best way is to use .htaccess to block avatar.php, attachment.php, .gif, .jpg, .jpeg and .png if you have mod_rewrite enabled on your server.

I dont have mod_rewrite enabled, what can i do now? i also think people are leaching images of the site, this might be a thing for V3.0, a inbuilt script that changes the name of the images folder and reflects that change across the forum, that would be fantastic.