This is mainly for any of the webadmin types out there, specifically those who setup discussion forums on websites. This embarrassing tale concerns PHPBB, the very popular free bulletin board system.
On Saturday night, I started receiving e-mail warnings from my web host, telling me that my bandwidth limit had almost hit the monthly limit. This was a bit odd considering the fact that that particular server gets relatively little traffic. There are a couple of blogs hosted on it, but that is about it. The main site itself is not used by anybody.
After some digging, I discovered that about 24 gigs of bandwidth was used, and mostly by a Google bot. I’ve not known Google bots to be terribly malicious, but then after further analysis of my web stats, I noticed that most of the search terms were pretty disgusting combinations of porn terms. Then, I saw that the most accessed page on that site was “/forum/viewtopic.php”.
Uh-oh.
When I went to check out the forum that I had installed a couple of years ago on there, I was shocked to see that it had been completely overrun with complete trash. All eight or so of the forum categories had thousands and thousands of posts in them, all totalling over 56,000 posts worth of viagra, but mostly porn spam!
I immediately deleted all the forum tables and then deleted the files on there, so there will definitely not be any more traffic of that nature on that site.
Lesson learned: if you install any kind of web forums, make sure you:
- Always update them to the latest version, which often has security fixes and whatnot.
- Don’t actually abandon the forum for a year or two!
- Turn on the flag that requires that every user account be approved before it is allowed to make any posts whatsoever.
56,000? That’s a lot of porn.