Recent Spam Emails Sent through the Forums PM System
Started by Simon, Apr 11 2009 08:54 AM
Recent Spam Emails Sent through the Forums PM System
Last week a new member registered with multiple identities with the intention of exploiting our Personal messaging system to mass send spam emails to members.
The Personal Messages contained the following information
Spam Personal Message 1
Please help
Spam Personal Message 1
Hey, See this very very funny picture))))
Both linked to a Russian website with bad intentions.
IF YOU RECEIVE ONE OF THESE PERSONAL MESSAGES PLEASE DELETE IT AND REPLY TO HIS THREAD WITH THE DETAILS OF WHO SENT IT TO YOU AND WHAT THE PM CONTAINED.
To prevent such things I already have set the forum permissions (a long time ago) so that members need to make 10 posts before having access to the pm system. The trouble is this new member made 10 posts of rubbish in minutes and then gained access to the PM system.
Initially I just deleted the posts and account, but did not ban the ip address. When our friend returned again under a different name I noticed the ip address was the same. I also ran a search for other member accounts with the same ip address and I found another three accounts. Anyway the ip address is now banned and the accounts all deleted.
When I looked into this further I found this exploit was known by the people who make the forums software and they released a patch within hours. I have installed this patch already. More details here.
http://forums.invisi...ip-board-2-3-6/
So the actions of banning the member accounts and ip address along with the fact that the pm system now has flood control that will only allow a member to send 1 pm every 30 minutes, basically means now if someone signs up to spam they will first have to make 10 posts and then will only be able send one pm every 1/2 an hour. Hardly the ideal platform for mass spamming
I think the spammer managed to send about 15 Personal Messages in all. If you were affected by this attack please accept my sincere apologies and be assured that we are aware and have taken immediate corrective action to prevent a recurrence.
Regards,
Simon
Last week a new member registered with multiple identities with the intention of exploiting our Personal messaging system to mass send spam emails to members.
The Personal Messages contained the following information
Spam Personal Message 1
Please help
Spam Personal Message 1
Hey, See this very very funny picture))))
Both linked to a Russian website with bad intentions.
IF YOU RECEIVE ONE OF THESE PERSONAL MESSAGES PLEASE DELETE IT AND REPLY TO HIS THREAD WITH THE DETAILS OF WHO SENT IT TO YOU AND WHAT THE PM CONTAINED.
To prevent such things I already have set the forum permissions (a long time ago) so that members need to make 10 posts before having access to the pm system. The trouble is this new member made 10 posts of rubbish in minutes and then gained access to the PM system.
Initially I just deleted the posts and account, but did not ban the ip address. When our friend returned again under a different name I noticed the ip address was the same. I also ran a search for other member accounts with the same ip address and I found another three accounts. Anyway the ip address is now banned and the accounts all deleted.
When I looked into this further I found this exploit was known by the people who make the forums software and they released a patch within hours. I have installed this patch already. More details here.
http://forums.invisi...ip-board-2-3-6/
So the actions of banning the member accounts and ip address along with the fact that the pm system now has flood control that will only allow a member to send 1 pm every 30 minutes, basically means now if someone signs up to spam they will first have to make 10 posts and then will only be able send one pm every 1/2 an hour. Hardly the ideal platform for mass spamming
I think the spammer managed to send about 15 Personal Messages in all. If you were affected by this attack please accept my sincere apologies and be assured that we are aware and have taken immediate corrective action to prevent a recurrence.
Regards,
Simon
Recent reports of pathogenic traits in L. innocua and L. welshimeri
Is anyone aware of any recent publications on the benefits of freeze drying?
Do you have recent regulations or articles regarding Bisphenol S?
Recent changes in ISO 22000
Recent FDA audit
[Ad]
Thanks Simon. I'll keep that in mind. Sheeesh... Spammers are gone wild on these days...
Regards,
Arya
Regards,
Arya
They really are the downside of perhaps the most amazing invention of the technological era. Unfortunately where there is money to be made there will always be pirates who want to make a quick buck at the expense of others.
Hello Simon,
Found a website that might help you identify a forum spybot from their IP address.
stopforumspam
Hope it's helpful for you to prevent them from spamming other users.
FYI
Found a website that might help you identify a forum spybot from their IP address.
stopforumspam
Hope it's helpful for you to prevent them from spamming other users.
FYI
Thanks Hongyun I will take a look. They tried again today and because they need to make 10 posts to get access to the PM system I let them get to 9 and then deleted all of his posts. We played this game for a little while until he got bored then I deleted his account and the other one registered to the same IP address. It is never ending.Hello Simon,
Found a website that might help you identify a forum spybot from their IP address.
stopforumspam
Hope it's helpful for you to prevent them from spamming other users.
FYI
They tried again today and because they need to make 10 posts to get access to the PM system I let them get to 9 and then deleted all of his posts. We played this game for a little while until he got bored then I deleted his account and the other one registered to the same IP address. It is never ending.
Told ya... The Morale lesson numero uno...
Told ya... The Morale lesson numero uno...
like hazard for this "Discussion" forum...thats make us aware to apply "HACCP" system for sparmer...
Recent reports of pathogenic traits in L. innocua and L. welshimeri
Is anyone aware of any recent publications on the benefits of freeze drying?
Do you have recent regulations or articles regarding Bisphenol S?
Recent changes in ISO 22000
Recent FDA audit
Will ISO 22000 be affected in the recent major revision of ISO 9001?
FSSC 22000 recent developments
Help for CA For Pitted Floor From Recent BRC
Recent Food Defense Failure
Recent RASFF notifications - query on chorizo recall?