Joomla! Discussion Forums

A few days back, my site was hit by spammers looking to post spam on my commenting system. JomComment. My server admins blocked the offending IP addresses. Now, I'm having issues with my nightly mySQL dump. Further research shows that I have what appears to be 5 million rows of data in the jos_messages table.

Q: What exactly should reside in the jos_messages table? How can I rectify the situation?

Q: Is there a way to help prevent this type of attack?


Thanks in advance.
Chris

Um, messages. I know, that didn't help much.

That is what one of mine contains, another sites table is empty. They are messages that look like when I was testing submitting articles from the front end. I could be wrong and I would make a successful backup of the table before doing anything just in case. I would then use phpMyadmin to empty the table.

Yeah, use phpMyAdmin to empty the table.

Then I would install sh404SEF. You might have some hiccups with your website after installing it (especially if you already use another 3rd party SEF program), but it includes a great security component that works with Project Honey Pot.

Two reasons why you should use sh404sef:

1) Anti-flood control.

sh404sef has a setting that will allow you to activate anti-flood control, which is essentially what happened to you. You can also activate it only for forms (like messages), so that people wont flood your database.

2)Project Honey Pot.

While Project Honey Pot is primarily intended to stop email harvesters from grabbing emails off of your webpage, it also will set up "traps" for people who continually attempt to access your webpage over and over again (as would be the case with a spammer). If all the spammer is only running a script (and isn't watching it run), eventually a "Trap" page will pop up that will be easy for a human being to spot and evade, but a bot might fall into the trap (hence the name, "Honey Pot). If it does, the IP address will be blacklisted and the spammer will no longer be able to access the page. The additional benefit of this is that his IP address will be broadcasted to everyone that uses Honey Pot, so he won't be able to spam any other websites that are members of the HoneyPot anti-spam coallition.

Hope that helps.