Caroby,
Sorry, this'll be a long story....
Truth is, spammers as a rule are so mundane, I really don't know what the point is in doing this stuff. If they're here in the states, I'd say its probably a script-kiddie who's some lame wannabe and thinks it kewl to be a general pita. CA's loaded with em... Probably a good majority work for MS and Symantec...
With an application like VBulliten, security is difficult because anyone who owns the software, and even anyone who's tested it, has the source code. So, they can set up a test system and spend time attempting to exploit holes in it. It's also possible that back-doors are written in, though I wouldn't say that with VBulliten. And see, the code is so big, you simply don't have time to look through it all to see if there's a hole in it. A person couldn't read all the stuff in a year, much less understand it. There's sites out there that make note of all the holes in software that's available open source. Virtually everything has holes that can be exploited IFF it is set up on a server that's configured loosely. Even if they are not, you can have issues.
I have a hosting account on GoDaddy for my personal stuff. Back years ago for the PA 1000 Yard Club, I also ran a virtual dedicated server for a few years. Then GoDaddy added features on the shared hosting that did what I needed the VDS for so I dropped that, but I still have a test system at my house and will always. GoDaddy themselves offer various programs for use on their systems that are open source (free). One, a program called CopperMine Photo Gallery I used years back. This software is installable onto your account right from their hosting account control center. They supply it.
It is MALICIOUS....
At one point, GD contacts me and says there's a security breech on MY hosting account, and they've shut down the DNS to it. After calling they say it's coming from a folder within the Coppermine software that THEY provided (but somehow it's still my fault???). It was both sending email, and modifying files on my hosting account so that every page that got loaded caused a cross site scripting violation. (CSS Violation, not to be confused with Cascaded Style Sheets CSS).
So, I had to completely delete the Coppermine crap, and go clean up Alllll sorts of files that had stuff appended to them. There were HTML IFrames appended to the end of all the PHP files various places. So I cleaned it up. And without Coppermine on the system anymore, the holes were plugged. (I don't write bs with holes...). After I was done, I did some investigating into this because I could pretty clearly see that IFffff they had been really nasty, they coulda caused a boatload more problems than what they did. If that had been me and I was the one actually trying to be nasty, there is quite literally no limit to how bad it could have been. These people didn't want to do that stuff. They also made ZERO effort to cover their tracks. As if they wanted it to be easy to fix. Once it's possible to modify a file, you have absolute control over all the files in the hosting account. You also have the ability to see login info for database servers, and just go raise hell if you don't mind going to jail should you happen to piss of the wrong person. (Like the one IBM guy did years back). IBM sorta made an example with him that you really don't wanna f with their stuff.
For somebody who's just making posts and adding links, there's no damage being done so that you simply have to deal with yourself. If this is coming from CA or anywhere in the USA, well, you can still ban blocks of ips, just don't do huge blocks. If it's Verizon, well, they switch IPs pretty often so you'd have to hit a bigger range. But for all the US Cable companies, you can just do 256 addresses at a time. It's unlikely they can change addresses much more than that and who cares if 256 IPs are gone? You could also do an sql statement like SELECT ALL FROM USERS WHERE LASTIP LIKE "123.234" and see if any real member on the system will be affected, and who. Nobody important? uhhK, Bye!
All told though, these posts are really no big deal by comparison to the crap Wilbur was dealing with a while back. And even those, they were not trying to be nasty, they just wanted to be a pita. If they'd have wanted to get serious, they couda got serious.
As an aside, just fyi, nobody "Breaks" into anything. What happens is, somebody leaves the doors open, and then lies to cover their incompetent ass. Management generally isn't smart enough to know this so they buy it and perpetuate the lie. Take SQL Injection Attacks in PHP for instance. Using PHP, it is virtually impossible to do an SQL injection attack because ZEND (makes PHP), years ago did away with the possibility of multiple SQL statements in the same function call. It simply won't do it. So, you have to go out of your way to make it possible by other means. Now, look around the internet and you'll still see boatload of people who say this is a huge problem, it's all bs. The problems are elsewhere and they're put there by the folks who supply the stuff. For what reason, I do not know. I know that my own systems that I wrote entirely, have zero holes in em. And I mean, zero.
I.T. background... well, a little
