After Hours

500,000 forum posts results in web host TOS violation

Knowing what's on your web servers is very iimportant
Written by David Chernicoff, Contributor on

Like a lot of technical folks I maintain a number of websites for personal and business use.  Only my business site is mission critical, and the rest are used for a variety of reasons, ranging from custom photo hosting for my photography hobby, to prototyping sites and server side applications for my clients.  So you can imagine my surprise when I received a TOS violation notice from one of my web hosting companies.

Your account is currently consuming excessive resources on our database servers. To maintain your account, we will need you to reduce the amount of databases queries on your website immediately.

If your usage of database queries is not significantly reduced within three (3) business days, we will be forced to suspend your account, as our hosting accounts are not intended for such extreme usage of queries.

 Now to the best of my knowledge, my low-traffic personal blog site wasn’t going to be breaking any database servers, and my site traffic reports confirmed that. And, after checking the control panel for my sites on the affected host, it still didn’t show me any offending applications. So a call to technical support to attempt to find out what was causing all of the database queries was in order.

A bit of research on the part of vendor tech support was able to determine that the offender was a web forum application I had installed. The tech was able to give me the subdomain link to the forum, and when I opened it up, there were almost half a million active posts on the forum, with thousands being added per day.

The only problem was, I had used the host control panel to delete the application, and it should there as not installed. To finally solve the excessive database query issue, I had to go and manually delete the files and folders for the application.

The initial problem was a simple one; I had been evaluating web forum software for a client. This meant that I would install the software, walk through it, rate on ease of use and administration, then delete the product for the next one.  This process could take a day or two, depending on my available time, and in some cases, might have taken a week, as it was not a high-priority project.

What seems to have happened was that the forum software that was causing the problem had been deleted, but a restoration of the server during an upgrade process restored the forum software, even though the site control panel showed it as uninstalled.

Over the next month, spammers found the unsecured web forum and started registering and posting automated spam.  With almost half a million posts added to the forum over the course of  11 weeks, the excessive database queries message was unavoidable.

If nothing else, this served as a good lesson on why publicly available resources, such as web forums and storage sites, need to be carefully monitored and secured. Because the forum had no actual content it was possible to see a pattern in the spam attack.  what started off as just a few fake accounts being registered over the first few days became hundreds of accounts over the next few (and thousands of messages)as the spambot originators (or their algiorithms) realized that they were being allowed to register and post content.

Editorial standards