The reason for the random IP's is bot net. One reason for the requests is to get list of usernames and then try to brute force password. Over the Summer there was accounts on a lot of sites getting compromised because of poor passwords and it wasn't just phpBB.
Default permissions in phpBB deny access to memberlist.php and they will get login box. You probably have registered "user" that has obtained all the usernames through memberlist.php, might be the IP you mentioned with all the activity. They can also be obtained by scraping the posts which are public.
The random IP's might be using memberlist.php to get login box trying to obfuscate their intentions in the logs. Once they have login box they can enter username and try common passwords or they might have list of associated usernames and passwords to try. The default is they will get blocked after 3 failed attempts for username but that can be circumvented if they have captcha broken. Default for IP is 50 failed attempts (which seems ridiculously high). That results in access denied for 6 hours.
Open phpbb_users table with phpMyadmin, the column user_login_attempts is probably pegged at 99 for many users.
-------------------------------------------------------
You can help prevent this by removing passwords on old inactive accounts. Change both occurrences of
Default permissions in phpBB deny access to memberlist.php and they will get login box. You probably have registered "user" that has obtained all the usernames through memberlist.php, might be the IP you mentioned with all the activity. They can also be obtained by scraping the posts which are public.
The random IP's might be using memberlist.php to get login box trying to obfuscate their intentions in the logs. Once they have login box they can enter username and try common passwords or they might have list of associated usernames and passwords to try. The default is they will get blocked after 3 failed attempts for username but that can be circumvented if they have captcha broken. Default for IP is 50 failed attempts (which seems ridiculously high). That results in access denied for 6 hours.
Open phpbb_users table with phpMyadmin, the column user_login_attempts is probably pegged at 99 for many users.
-------------------------------------------------------
You can help prevent this by removing passwords on old inactive accounts. Change both occurrences of
INTERVAL 10 YEAR for how far back you want to go. The one caveat is If the user that hasn't visited in 10 yeas comes back they will have to reset password.Code:
UPDATE phpbb_users SET user_password = '0' WHERE user_regdate < UNIX_TIMESTAMP(DATE_SUB(CURDATE(), INTERVAL 10 YEAR)) AND user_lastvisit < UNIX_TIMESTAMP(DATE_SUB(CURDATE(), INTERVAL 10 YEAR)) AND user_id != 1;Statistics: Posted by thecoalman — Wed Mar 05, 2025 11:24 pm