Mantis Bug Tracker - Forums

Just have a look around the forum, you see what i mean.

I'm starting to get a bad feeling about the way things are going with Mantis. Are the developers losing interest?

If they cared they'd be concerned about the way things looked to visitors on these forums.

They need to update to the latest phpBB and disable Guest posting ASAP.

I have posted a bug into the bugtracker, perhabs someone sees the problem!?

http://bugs.mantisbt.org/view.php?id=6797

Unless I'm mistaken, I believe anonymous posting was disabled 3 or 4 days ago...

Hmmm... I spoke too soon :)

Although it's been disabled, it still seems as though they're getting through.

My apologies guys!

Is this forum running version 2.0.19?

I'm not sure which version of phpBB is powering this forum. Ken is the one who installed it and is the admin for it. I've sent him an email regarding this issue.

Hopefully it will be sorted out soon. I've been getting a lot of spam on my blog as well. This was improved by upgrading the b2evolution version. I suspect we may need to disable guest posting + upgrade to latest version of phpBB (if applicable).

Sorry for the inconvenience.

Regards,
Victor

Users must now be logged-in in order to start new topics or reply to existing ones. Hopefully this will get rid of the spam.

I will try to clean up the existing span entries as much as I can. I didn't find a way to allow easy deletion of a related group of threads (e.g. submitted from the same IP or have some similar characteristic). So for now, it will be a manual process.

Regards,
Victor.

If you are not on the latest version, disabling guest posting may not solve the problem. They could be exploiting an SQL insertion vulnerability.

At the moment, we are using phpBB 2.0.11, I can see they are up to phpBB 2.0.19 now. I will do an upgrade when I get a chance, but I have to check with Ken first what sort of customisation he did to the code when he installed it. For example, this instance supports links to bugs in our bug tracker by using # and bug number.

If the spam continues, then this will become more of a priority.

Regards,
Victor

vboctor wrote:At the moment, we are using phpBB 2.0.11

Oh dear! That version has many well known vulnerabilities.

You've been very, very, very lucky to have only been spammed. I had forums running 2.0.11 and just after Christmas they got hacked with obscenities and anti-gulf war slogans.

OK, you got me worried there. I will hopefully upgrade it this weekend :)

Regards,
Victor.

If you want, i can help to delete the spam.