Phpbb spam

I have been receiving some spam over the last few days, where users with weird names and weird emails sign up.

What I don’t understand is, I set the configuration so that only the admin will approve when a new member joins but they seem to manage to get in!

Also, my friend uses phpbb and he does not have problems like this!

What do I do :frowning:


If these users are “getting in” (I assume you mean they have become authorized users) without your approval while you have admin approval required, you may have:

  1. Someone else having access to your admin credentials (check your logs for activity in the admin area that is not consistent with when you were actually doing admin work on the site)

  2. You may have been exploited where another user has gained admin privileges.

  3. You may have been exploited by users being able to avoid the admin approval.

Is your phpbb the latest version? What do your logs show in the way of abnormal activity?

I wish I could help more, but those are the places I would start investigating.


Is there another possibility that they get directly in his database to modify user rights or so?

PromoCode [color=#CC0000]FULL_97_OFF <-click prefilled[/color] = host 1 yr for $22.4 ; [color=#CC0000]LIFE_IP_67_OFF[/color] = 2 yrs + IP for $123.8

Sure, if he gave them his password, or they somehow got it from him.
Possibilities might include an exploit in phpBB, where the attacker could read the contents of his config.php file (I believe that’s what the phpBB one is called anyways… I forget atm). Though that would mean he has completely opened access to that database from the Control Panel.
I suppose they could have also guessed one of his passwords, including his account password, and just used that.

Many “possibilities” you could make up, but no real way for us to find out until some preliminary checks are made by the OP. That would include changing all of his passwords, upgrading to the latest version of phpBB (if he hasn’t already), and checking apache logs for unusual activities (which would be a HUGE pain probably).

Or you could all just be overthinking the problem; admin verification doesn’t stop new accounts from registering: It just stops them from posting. (All she said was that the bots were signing up; she didn’t say anything about posting.)

Go ahead and look at some of the effective spam solutions available.
Very little to do with either emus or farmers!

That’s a very good point! :slight_smile:

I should be more careful about making assumptions when I respond to some of these.