NYIntensity wrote:
For my education, (and to sate my curiosity), what other options did you have? I've always used fail2ban, but I don't know if that would actually help in this case.
Well the main problem here was the way Drupal hooked in to the phpbb3 back-end (enabling phpbb3 users to sign in to the front page etc.). Ever since I did that years ago I've seen people trying to exploit that implementation specifically.
If you noticed the times we were getting hundreds of spam registrations to the boards, those were actually coming from drupal and not phpbb3 itself.
I could have upgraded drupal (it was overdue)...I could have disassociated drupal from the forums...but ultimately I didn't think drupal was adding much value here (I'm not sure if any humans even went to the main page) so I decided just nixing it was the easiest, and most secure option.