I am a complete beginner at web design of any kind and was really enjoying a classical piano forum I set up using phpBB3. I had about 20 members and conversation was good and then I received this noticed from my web host:

Dear Richard,
Thank you for your message to the support team.

Please see most common queries for user richauv_richauv:

1.Time: 92% (19568 sec)
Amount: 83% (1080 queries)
Rows Examined/Sent: 4.37959e+09 / 0
Avg. Query Exec/Lock Time: 18 / 0 sec.
Used databases: [richauv_pianotechniqueforum]
Query example: use richauv_pianotechniqueforum; SELECT m.word_id FROM phpbb_search_wordmatch m, phpbb_search_wordlist w WHERE w.word_text IN ('100', '1954', '2fear', '3gpp', '403', '60s', '6packbabe', '9080', 'action', 'active', 'activities', 'address', 'adopting', 'adult', 'adulte', 'adulto', 'advance', 'advertising', 'aerobics', 'aficionado', 'africa', 'african', 'agency', 'air', 'airdrie', 'alexis', 'alley', 'alphacool', 'alta', 'altavista', 'altura', 'aluminum', 'amanda', 'amateur', 'amateurs', 'amber', 'american', 'amerikanischer', 'amor', 'amore', 'amoreena', 'amp', 'amsterdam', 'amy', 'anais', 'anal', 'analisis', 'analog', 'analysis', 'anal ... [too long]

You should fix these queries and agree to optimize/normalize your database.

Should you have any further questions, please feel free to contact us anytime, we are available 24/7.

They are reluctant to help me in fixing this problem. They use MySQL accessed through phpMyAdmin. If anyone can instruct me about preventing this type of forum spam, I would really appreciate it. If it's too complicated to teach a beginner, I would be willing to hire for help. Thanks!

Looks like a dictionary attack on the forum database, even the dumbest of hosts (and there are a lot) must realise that you are not in control of such queries.

There is probably a way to prevent queries with more than 'X' words in the search pattern being sent to the DB server. The phpBB forums would probably be the best starting point.

Yes,
i am agree with chrishirst. he have good ideas and i think you follow them. it's very helpful to you

Try changing hosts, and then let's try to figure out how to beat your hacker friend.

Thank you all so much! I will pursue your advice and come back if more help is needed.

I was given some good advice on the phpBB3 forum about settings I can change to prevent this type of attack, but my web host is still insisting that I fix the database before they reactivate the forum. Financial issues prevent me from switching right away and they've been helpful in other matters... Are there any steps I can take to repair remnants of this attack? How can I fix this database or is my web host pulling my leg? Once again, thanks so much!

They are pulling more than just your leg.

There is nothing to "fix" in the database because the attack is not directly to the DB server, it is being done via the forum search script, so it is the search script that needs "fixing".
And "normalising" the database is simply not something that you can do, unless you want to undertake completely rewriting the forum code.

The bots have probably moved on to a new set of victims by now as well.

I have looked for bots to see if I could get one to generate users on my forum to hopefully make it look a bit better for new users so they will talk more but I cant seem to find any, have no idea where these people get them from and what reason they would have to attack unless they are in competition