Tweet
Hi Folks,
For the last 36 hours I have been watching an unregistered user who has been connected to our boards continuously (tho I didn't stay up all night
).
He appears as 'Guest' in the "Who's Online" listing, but has spent all of his time trying to access the forum without registering. or at least I think he has.
His activities at different times get shown as 'Editing a Post', 'Reporting a Post', 'Sending Post to a Friend', 'Quoting Post', or 'Moderator Duties'. Unregistered users are not allowed to do any of the above and, since we noticed this activity, Guests are not allowed to even view the boards any more (for the moment).
When a guest tries to perfrom any of the activities listed above, they are taken to the 'You are not allowed to do this. Register or Log In' page. Since he has not registered (neither his ip, nor the subnet he is on has ever been used by a registered user) I can only conclude that it is some kind of attempt to guess a Username/Password combination that will let him masquerade as someone else.
I have banned his ip and subnet, but banning only seems to apply to registered users. (So at least he will be banned if he DOES guess a password.)
Turning off the boards for a period makes no difference as he is already past the Homepage stage, so he can apparently carry on regardless.
Anyone seen this kind of activity before? Can anyone see what it might be if not a hacking attempt? How can I kick him off the boards without shutting down the servers themselves? A restart of Apache should have removed him, but failed.
Thanks for any ideas!
For the last 36 hours I have been watching an unregistered user who has been connected to our boards continuously (tho I didn't stay up all night
).He appears as 'Guest' in the "Who's Online" listing, but has spent all of his time trying to access the forum without registering. or at least I think he has.
His activities at different times get shown as 'Editing a Post', 'Reporting a Post', 'Sending Post to a Friend', 'Quoting Post', or 'Moderator Duties'. Unregistered users are not allowed to do any of the above and, since we noticed this activity, Guests are not allowed to even view the boards any more (for the moment).
When a guest tries to perfrom any of the activities listed above, they are taken to the 'You are not allowed to do this. Register or Log In' page. Since he has not registered (neither his ip, nor the subnet he is on has ever been used by a registered user) I can only conclude that it is some kind of attempt to guess a Username/Password combination that will let him masquerade as someone else.
I have banned his ip and subnet, but banning only seems to apply to registered users. (So at least he will be banned if he DOES guess a password.)
Turning off the boards for a period makes no difference as he is already past the Homepage stage, so he can apparently carry on regardless.
Anyone seen this kind of activity before? Can anyone see what it might be if not a hacking attempt? How can I kick him off the boards without shutting down the servers themselves? A restart of Apache should have removed him, but failed.
Thanks for any ideas!
Comment