JAH-RasTafarI.com

I am deleting spam users when I see them, and in the process I might sometimes delete a real user by accident.

So if you get deleted, try to sign up again and make a post so I know you are not a spammer.

Hey (this is IPXninja long time member). I have some ideas to help you lock down the site and get rid of your bot problem.

I'm currently working with AI to create some pretty sick anti-bot and anti-hacker security on another site I'm working on. I'd love to tell you about it.

Keep in mind...


As I have probably said on this platform before... there are racist hackers. That is a real thing that exists. As such, the fewer black-owned social sites there are the more each one is a huge target to them. One of the worst things you can then do is to use popular software because they likely have multiple exploits already ready to go. And this also means you could have multiple hackers competing over how much they can frustrate you and crush any real activity on your site. And this is often a lonely battle because the only person who sometimes knows what's happening is the site owner / admin.

Please know that you're not alone. It is very likely that a hacker already has admin access to your forum control panel and will delete what I say. If that's the case, you may be completely isolated. I will continue to post messages for you and try to set up some way for you to contact me securely.

And please know that this forum is very necessary so don't give up.

The first thing I would do, if I were you, is move your forum into a subfolder. Do not have any commercially available or public software running at the root of your website.

Here's why.

If a hacker gains access to your software at the root then they now control your whole site. And it will look like you have no control and your real visitors and members will be blocked at the front door.

If you have a static HTML page as your home page (which I suggest) then in order to change it they would have to be able to get into your file system which is much more difficult. And if that happens then you have a different set of problems and solutions. Your static HTML page can have buttons that send guests into your forum and you could have 2 different forums so you can A/B test which one is more resistant to whoever might be hacking you.

You can then evolve from having a static HTML home page to a dynamic page with server-side code that actually fights off the bots and hackers and keep them from going further. I will repost this message if it gets deleted.

To any hackers reading this:
Jah Rastafari is not and should not be viewed as an enemy; even if you are racist and don't like black people. Jah Rastafari represents revolution against systems of oppression and is against tyrants. It is for freedom and these are ideals at the heart of any real red-blooded hacker. Not only should you leave this site alone, but actually help protect it from foreign hackers who are being paid to disrupt and spread disinformation. And if you disagree, intellectually, with what I'm saying I would invite you to create a forum account and let's talk about it.

I am using reCAPTCHA on the forum. At first a lot of bots still got through, but in the last month or two, it has gone down a lot, I hardly have to delete posts anymore.

captcha will definitely block most bot posts but not bad traffic hitting the server. And it won't really do anything to a hacker if one has gained access to the backend of the forum software. When I came last week or whenever I attempted to start posting again, the traffic to the site looked like it was being targeted by a DDoS attack; basically huge traffic spike. It made the site almost impossible to use and I had to keep reloading. So this is why I believe you still have a bot and/or hacker problem.

bots trying to register for an account or login are still using server resources. When they bump up against the captcha that stops them from dropping their payload (post) but another attempt with a new name is made. Enough of those attempts to steal your resources and slow the server down to a crawl. And that's often the intended result, not whatever random links or advertisements they're posting. It all depends on who's behind it. If it's black hat marketing farms then the slow down may be unintentional as they scan for popular forum software to create links to use your page authority to boost their properties. If it's a hacker then the slow down is what they're after and whatever else is happening is a smokescreen.

What you can do depends on how well you know PHP. I recommend working with chatGPT (free) and having it create a PHP home page for you that handles security. You can generate code that slows down the hackers/bots instead of your server. But like I said, it's better to install 3rd party apps into subfolders on your domain so you can do something custom with your root index page. This also means that search bots have to go at least 1 level deeper to even see that you're using 3rd party software.

You can also do things like renaming certain folders or files that hackers are able to predict and attack. But another thing chatGPT can do with your index PHP page is add code that creates a log file that logs bots and looks for SQL injection and other common tactics to log hacker activity. Then once you have those logs you can see what IP addresses their coming from and you can either serve them up something special on the code side or try to block them entirely server side. But a list of bots and hackers will at the very least show you what you're dealing with (which can change from day to day).