​Strange Messages to Admin – Spammer (Criminal) Detected

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Ion Saliu
    Senior Member
    • Sep 2010
    • 172
    • 4.2.X
    #1

    [Forum] ​Strange Messages to Admin – Spammer (Criminal) Detected


    Axiomatic Colleagues of Mine:

    Yesterday I received an important notice from the vBulletin team. You all know about the latest threat to vB forums. Accordingly, I deleted the /install folder of my forum.

    I hadn’t had forum problems in months. Today, however, I discovered two strange messages in my Admin email. I thought they might be of interest to other forum administrators. NO, I do not experience any problems with my forums. But I believe a potential criminal has been detected. The spammer(s) act from an ISP in China: China Telecom FUJIAN.

    Following are the messages I received and my research on the IP addresses of the criminals –

    Database error in vBulletin :

    mysqli_real_connect() [<a href='function.mysqli-real-connect'>function.mysqli-real-connect</a>]: (HY000/2003): Can't connect to MySQL server on '……
    /home/……/class_core.php on line 1356

    MySQL Error :
    Error Number :
    Request Date : Wednesday, September 4th 2013 @ 06:32:30 PM
    Error Date : Wednesday, September 4th 2013 @ 06:32:51 PM
    Script : http://forums.saliu.com/register.php
    Referrer : http://forums.saliu.com/
    IP Address : 27.159.248.19
    Username :


    MySQL Error :
    Error Number :
    Request Date : Wednesday, September 4th 2013 @ 06:55:32 PM
    Error Date : Wednesday, September 4th 2013 @ 06:55:53 PM
    Script : http://forums.saliu.com/register.php
    Referrer : http://forums.saliu.com/
    IP Address : 117.27.67.15
    Username :

    IP: 117.27.67.15
    Hostname: 15.67.27.117.broad.fz.fj.dynamic.163data.com.cn
    ISP: China Telecom FUJIAN
    Organization: China Telecom FUJIAN
    Services: Recently reported forum spam source (56)

    IP: 27.159.248.19
    Hostname: 27.159.248.19
    ISP: China Telecom FUJIAN
    Organization: China Telecom FUJIAN
    Services: Recently reported forum spam source (56)


    Ion Saliu,
    International Detective At-Large
    Forums: Lottery, Lotto, Gambling, Software, Systems
    Tags: None
    • Wayne Luke
      vBulletin Technical Support Lead
      • Aug 2000
      • 74123
      #2
      You need to contact your hosting provider on why it cannot connect to the MySQL server.

      For the other messages, those aren't from vBulletin so not sure where they came from.
      Translations provided by Google.

      Wayne Luke
      The Rabid Badger - a vBulletin Cloud demonstration site.
      vBulletin 5 API

        Comment

        • Ion Saliu
          Senior Member
          • Sep 2010
          • 172
          • 4.2.X
          #3
          Mea culpa, axiomatic colleague of mine! Could I have been clearer? Obviously… given your reply!

          As I said, everything works fine in my forum. The strange messages were from me to… me! That’s how Google mail put it. In other words, I received two emails from Me to the Admin of my forums (Me, also)! Get it? Like in a comedy of errors…

          Clearly, those were two incidents of hack-attack or something like that. It was also confirmed that the two guilty IPs belong to a nest of spammers.

          I want to stress now that there is nothing wrong with my webhost or vBulletin. And nothing wrong with my forums, other than some bastards tried unsuccessfully to hack-attack my forums. I don’t send emails to myself!

          I thought it might be useful to other administrators. My tactic in such cases is to ban the IP addresses that try to do me harm.

          Best of luck, axiomatics!
            👍 1

            Comment

            • Ion Saliu
              Senior Member
              • Sep 2010
              • 172
              • 4.2.X
              #4
              Oops! Pasting from Word eats up things... like these "..."

                Comment

                • DemOnstar
                  Senior Member
                  • Nov 2012
                  • 1912
                  #5
                  Your entire post made my day.....
                  Banned the IP's already.....

                  Thanks.

                    Comment

                    • Ion Saliu
                      Senior Member
                      • Sep 2010
                      • 172
                      • 4.2.X
                      #6
                      The situation was graver, axiomatic ones! I received emails from Me to Me because a criminal registered to my forums as... Administrator!!! So, he (or they), the false administrator(s), emailed to me those messages about forum errors!

                      In fact, the criminals registered 10+ times, with the same name and email:

                      User: Th3H4ck
                      Email: [email protected]
                      User Title: Administrator

                      The registration dates were September 3 and September 4, 2013. Unfortunately, I received the vBulletin security alert on September 5, 2013. I deleted the /install folder of my forum, but the criminal(s) had already registered!

                      I deleted them criminals one by one. It is tedious. I hoped vBulletin had a Delete Users method as easy as phpBBNow (the freebie). The list has a check box to the left of each User. You check the boxes, then select the action (delete, ban, etc.) Thus, you can ban or delete a bunch of bastards in one step.

                      Best of luck, axiomatics!

                      Ion Saliu,
                      Watchdog At-Large
                      Forums: Lottery, Lotto, Gambling, Software, Systems...…Football!

                        Comment

                        Previous template Next
                        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                        Working...