Our guild has been plagued by a hacker as of late and now they've struck ouor website.

First, I thought I recalled a way to ban by IP? Can you point me there please?

Second, they created pages of obcene posts on the forums, is there a way to mass-delete all messages by particular user?

The site is wulfpack.dkpsystem.com

Admin --> Security --> Ban List



Not that I know of, but here's some friendly advice.

Go to your Admin Panel. Go to the section that says Characters and Accounts. Click the link that says Website Accounts. At the top there is a checkbox that says "Authorization Required to create account". Check that box off.

If you do this, then you will receive an alert when people try to create an account that says the account name and asks if you want to approve, deny, or do nothing.

As it is right now, anyone with 30 seconds of free time can create an account on your site and troll your forums. It isn't hacking, and doesn't require any skill of any kind.

Thanks for your advice, I made the change.

Hopefully Chops will say that he can do a mass delete on those posts! In fact he might want to ban that ip for all of dkpsystem...

Done.

Thanks!!

Any chance you could restore those posts or have a activity log that shows what he did? We contacted the university and they want evidence of what the person actually did. They said theyre interested in finding out who it was.

Sorry about this.

This might be tough. They were both posted and deleted between backup runs (at night), which means that they were not backed up.

If you need the university to contact me, I can verify this if you direct them to the contact us page.

Do you remember the time that they were posted? I can try to do a hard search through the binary logs, but that is every transaction in the system, which means they are huge, and plentiful. I'd need a rough time, otherwise I'll be sitting here for a very long time.

Around 1030 pm central last night

just fyi, i sent them an email with jsut the screenshot of their website access with ip and ID

I referred them to the contact us link as you requested

appreciate your help regardless.

Thanks. I'll do what I can to help, but I scoured the log files looking for the info and was unable to find it. One thing is for sure, those log files weren't designed for human eyes, they are for communicating with the other servers.

At the very least, they'll have my testimony.