Early this morning a spam bot managed to use my Admin account to fill my forum full of spam topics/links
Please see screen shot below...
This isn't the first time it has happened, previously it was using a moderators account.
I've got all fixes in place posted on here previously. The one thing that I have noticed is that the previous account used was account member no. 2 which was set as 'moderator' Member number 1 is that of the main Admin Member number 3 is my account, the one that was used on this occasion, set as 'admin'
The previous member number 2 account has been locked for a while now since the last incident, and I have temporarily locked the member number 3 account
There doesn't seem to have been any sign of someone logging in using either account at the time indicating that passwords were used so the spam bot must have been able to post without logging in
Can anyone shed any light on this and hopefully offer a solution?
That might have been the case as the setup.asp file had to be run this morning as well to load the variables
I'm not aware of IIS being reset though
The previous issue with member number 2 account didn't require setup.asp to be run though. The spam bot hit us a couple of times and then I locked that account. It looks as though it is now using no3 account
I would hazard a guess that whatever the bug, it uses the next active account. Locking #3 is likely to be a temporary solution until the root cause is found.
Do you have access to the IIS logs to see if the server was re-booted or IIS re-started?
Posted - 24 February 2015 : 02:46:24
