Pm Spam

[drc_ke20]

didnt pay much attention to the sender as he`s already banned (zuratikl),deleted and blocked him is the way to go i say.

[bezender]

after a bit of careful investivgation the link that he sent goes to a russian spam/phishing site called nemf.ru if u hit this site, and u don't have half way decent anti-vir etc, you could unwittingly start relaying spam. don't worry too much about itabout cos it seems to target forums

 

seems that there might be a small hole in the security software for this site that allowed the spam to get through. hope it doesnt damage anything on the servers

[JiP]

they don't spam Admin or moderators

 

I got it, so did Taz rx. So they still target RL's.

[irokin]

seems that there might be a small hole in the security software for this site that allowed the spam to get through. hope it doesnt damage anything on the servers

 

Its not really a security hole. What they're doing is nothing more than any other person who signs up is able to do. Basically they're using a human to break the CAPTCHA (reCAPTCHA is still very difficult to machine read and certainly isn't being done in this case), once they're in they setup a bot to mine the usernames of everyone whos not a admin/moderator and then send out PMs. Where there is a vulnerability is in the PM system with the lack of flood control. Even if we apply the patch and have flood control this wouldn't solve the problem, just make it slower for them. They would almost certainly persist but perhaps give us a better chance to catch them. My information is that they managed to send a PM to pretty much everyone but the admin/mods, some 6500 PMs! As I said, there is a patch for this issue but there are other issues with us applying it immediately. Most likely we wont have flood control until IPB 3.0.0 goes live but there are other measures we can take.

[Felix]

I got sent that spam PM, so they are not really overly bright.

 

Could you make it so that new members (until they reach a certain post count) have to enter in one of those image verification things, or answer a random question, before being able to send a message. Like here or here?

[Taz_Rx]

Did anybody else happen to notice just how many people were online yesterday morning???

 

Around 50 logged in users and another 50 odd guests. I assumed it was everybody checking there PM's as we all had one of these scammer PM's.

[irokin]

Could you make it so that new members (until they reach a certain post count) have to enter in one of those image verification things, or answer a random question, before being able to send a message. Like here or here?

 

Thats one of my plans. I'm also considering having default saved sent messages that you have to force off. The bot wont be expecting it and quickly fill up the sent PM box.

 

All existing PMs from that particular user have been deleted.

[ke203sge]

Good work, admins and mods. This spammer did atleast ONE good thing for rollaclub. He/she got me back on track. "Welcome back; your last visit was: Aug 25 2005, 10:18 AM" :dance: :)

 

So, I'm myself a supermoderator at Bilforumet.no ("the automotive forum") using vBulletin® v3.8.1. Never heard of PM spam before, but I'll inform my homies regarding the problem. We are neighbours to Russia, so we should have gotten alot of PM spam already. Instead we receive threads about Nike shoes and shit and Datsuns from Japan. But those bots don't even try to hide so we get spam reports almost immediately from awake users.

 

Now I have to read something like ...

new posts. Be back in a few .. years. :hmm:

:dance: from No®way

[irokin]

I believe there was another attempted spamming shortly after midnight last night but hopefully they were foiled by one of the new anti-bot measures. The reason I suspect this is there's a massive data spike on RRDTool (5 times in excess of our normal data at that time of day). Let me know if anyone's received any. It was only for a very short period so I believe they were scanning members but weren't able to send any messages.