By hectormcnab on

How do I stop someone managing to create tables in the mySQL database from registered user status and only able to post to a Drupal hosted forum. The spammer created hundreds of forum postings with seemingly rubbish urls. I have now blocked the user(s) and set new users to to be approved. The spambot thingy makes a new user with variations on an email account at gmail so I'm still getting loads of account requests. Any way to stop or report this to anyone...spamcop does not work since I cant see how Drupal records header info in an email request or forward to admin. The site is not even properly live yet ...well live but not publicised.

Categories: Drupal 6.x

Comments

cayenne’s picture

cayenne commented

The mollom module and service make a fantastic antispam tool.

If the spammers are really creating tables, you have left some weird security hole open, though.

We hates spammers!

:)

yelvington’s picture

yelvington commented

Registered site users can't create MySQL tables unless you have done something very wrong, such as granting permission to use PHP, or granting administrative rights to the "authenticated user" role. If neither is true and you are actually seeing your database tables being manipulated, it is likely that your site has been compromised in some way that is not specific to Drupal. There are Windows viruses that steal your FTP password, for example, allowing crackers to log into your web server at the operating-system level.

As for spambots, any CAPTCHA applied to the registration form will stop them. I haven't seen actual spambots in quite some time. The spam registrations I see are all humans.