For those whose sites had spam links added:


Just curious, but what is your Google PR? I know Simon’s is high, sine I know what his site is, but I’m curious about others.

The reason I wonder is because DH stated that many of the exploited FTP accounts weren’t touched–just logged in, directory index, logged out.

I was wondering if they were building a domain list, then just going back after the sites with high PR, hoping to stay under the radar.

A PR 8 link is much better than a bunch of PR 0 links, so it would make sense to do that rather than hammer every single index page & increase your chances of being noticed.

:stuck_out_tongue: Save up to $96 at Dreamhost with ALMOST97 promo code (I get $1).
Or save $97 with THEFULL97.


The site of mine that got destroyed (completely wiped) had an excellent google rank.


That’s a really interesting point. That might explain why I’ve been fooled with twice already.

si-blog | Keystone Websites
Save $97 on yearly plans with promo code [color=#CC0000]SCJESSEY97[/color]


That sounds about right, since as far as I can tell, none of my sites were touched.

I’ve checked everything, and they look alright. I have a 0 rank, since my site is really new and I don’t use it that much for other people.

That email from Dreamhost freaked me out, but I changed all of my passwords.


I had 6 accounts affected, all the domains from those sites have around a pagerank of 5, only one had been modified, and it only yesterday (around 3am, at -7GMT). I’m not sure there’s any real pattern to it, but I CAN tell you what IP addresses they logged in from, every account that DH reported to me shows FTP logins from two particular IPs starting around Sunday.

I’m not going to share them however as both are IPs assigned to another hosting company, and I’m willing to bet that the account(s) used to do the logins from those IP were hacked as well. I wouldn’t be surprised if the attackers logged into those accounts from yet another set of hacked accounts, and so on. I doubt they’re traceable from this route, you’d have to follow the money from the spam they were touting to ever find them (and even then you probably would have trouble).


Well, the spammed high PR sites and untouched low/no PR sites would seem to go with it.

But anyone that wants to stay under the radar doesn’t delete sites. Unless it’s multiple people taking advantage of the same hole, but for different purposes.

Has anyone had any type of defacement, other than spam links, or just having everything deleted?

:stuck_out_tongue: Save up to $96 at Dreamhost with ALMOST97 promo code (I get $1).
Or save $97 with THEFULL97.


I am getting more spam as time goes on. I have found referers of adult web sites accessing my website. I beleive they are only accessing to create an account for phpbb 2 as they can display their web site in the members list area even though they have not been approved yet. And since the search engines have access to the members list, the spammers win(for now). So each day I am deleting spam accounts and possibly a few that aren’t.

My website


That’s an unrelated problem. We are talking about hacked accounts that insert spam into your webpages, rather than just the regular spam headaches.

si-blog | Keystone Websites
Save $97 on yearly plans with promo code [color=#CC0000]SCJESSEY97[/color]


Sounds like referer log spam, which is no biggie if you’re not making your logs public.

I just tried two plug-ins that killed just about all phpBB spam. One is called (I think) “A Better Captcha” and the other one just disables entering a website at sign-up. I forget what that one’s called, but it was mentioned in a big spam bot thread over at the phpBB forums.

It doesn’t keep it from being added to the profile later, but it keeps bot from getting that free memberlist.php link–if they get past the better captcha. :wink:

Also, add the “delete member” plugin. I forget if that’s what it’s really called, but it lets you (when logged in as an admin) delete users from just about anywhere, including memberlist.php.

:stuck_out_tongue: Save up to $96 at Dreamhost with ALMOST97 promo code (I get $1).
Or save $97 with THEFULL97.


Thanks for the tips, I was kind of holding my breath while I was waiting for phpbb to go gold.
Yeah I figured that out after I was done with the second thread.

My website


Those mods are pretty quick and easy–definitely worth it. I think the captcha change is actually what kills most of it, though.

I forgot another one that’s a must. There’s another mod that allows you to make it so new users can’t start a thread until they have so many posts (set by you). They can reply to one, but not start one. It seems most bots are programmed to start one, so that kills a lot of them off as well.

I had a few accounts get by, but without a URL, so they weren’t getting a link. No posts, so I left them there to watch and see if they’d come back to either add their link, or post spam. None came back.

:stuck_out_tongue: Save up to $96 at Dreamhost with ALMOST97 promo code (I get $1).
Or save $97 with THEFULL97.