PHP mail()'s function does use sendmail.
Getting hit hard with spam through the "contact us" form
Collapse
X
-
Thats the obvious solution, but it defeats the purpose of having the link though because in our experience, (and probably the majority of other boards), is that it's usually unregistered users that will have an enquiry, whereas registered members will use the PM system.Comment
-
I "opened up" my .htaccess file just for the hell of it, and now I'm getting hit with a drug spam e-mail every 20 minutes.
YES, IMAGE VERIFICATION IS TURNED ON!
So, I'm wondering - what's the point of going through the trouble of verifying an CAPTCHA image, just to send the same drug spam to one person over and over and over again. I have a sneaking suspicion that some Ukrainian hackers have beaten vBulletin's CAPTCHA system.Cyburbia Forums - a third place for urban planners
http://www.cyburbia.org/forumsComment
-
-
Cyburbia, when i click your forum link it now asks to download the index.php.
Zach, the suggestion of disabling contact us for guests is an obvious "temp" fix but like i said previouslyit defeats the purpose of having the link because in our experience, (and probably the majority of other boards), it's usually unregistered users that will have an enquiry, whereas registered members will use the PM system.
Cyburbia, is it possible you can change your "contact us" address temporarily then see if you still get the spam.Comment
-
Cyburbia, when i click your forum link it now asks to download the index.php.
Zach, the suggestion of disabling contact us for guests is an obvious "temp" fix but like i said previously Somehow they are bypassing the image verification.
Cyburbia, is it possible you can change your "contact us" address temporarily then see if you still get the spam.
Do you want me to change the forum email address, or the name of the "contact us" script? My logs are showing that the IP from the Ukraine/Belarus is visiting the contact form.Cyburbia Forums - a third place for urban planners
http://www.cyburbia.org/forumsComment
-
"Contact Us Link" from using sendmessage.php to a mailto address. Obviously with that mail option the image verification is disabled, but then the mailto process will not be as automated for a bot to get through. See how it goes for a few days, and if no spam gets through then revert back to sendmessage.php with the image verification turned on "Yes, but verify image".
Or alternatively leave sendmessage.php in place but do as Zach suggested and disable the "Contact Us" for guests. Turn it off temporarily for a few days and hopefully the bots will get bored and leave you alone.
It is strange though that your image verify doesn't seem to deter them. As i said previously i was getting the same spam as you but when i turned on "Yes, but verify image" (only had it on "Yes" originally) it worked and i have had no more spam since.Last edited by Reverend; Sun 11 Jun '06, 2:51pm.Comment
-
The bots are hitting sendmessage.php.Cyburbia Forums - a third place for urban planners
http://www.cyburbia.org/forumsComment
-
I've attached what one of their spammed messages looks like.
Here's what my log looks like.
85.255.117.18 - - [11/Jun/2006:06:06:20 -0400] "POST /forums/sendmessage.php HTTP/1.1" 403 521 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:06:35:21 -0400] "POST /forums/sendmessage.php HTTP/1.1" 403 521 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:07:04:30 -0400] "POST /forums/sendmessage.php HTTP/1.1" 403 521 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:07:29:45 -0400] "POST /forums/sendmessage.php HTTP/1.1" 403 521 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:07:52:26 -0400] "POST /forums/sendmessage.php HTTP/1.1" 403 521 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:08:15:33 -0400] "POST /forums/sendmessage.php HTTP/1.1" 403 521 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:08:38:52 -0400] "POST /forums/sendmessage.php HTTP/1.1" 403 521 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:09:01:46 -0400] "POST /forums/sendmessage.php HTTP/1.1" 403 521 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:09:25:43 -0400] "POST /forums/sendmessage.php HTTP/1.1" 403 521 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:09:50:18 -0400] "POST /forums/sendmessage.php HTTP/1.1" 403 521 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:10:13:37 -0400] "POST /forums/sendmessage.php HTTP/1.1" 403 521 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:10:35:47 -0400] "POST /forums/sendmessage.php HTTP/1.1" 403 521 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:10:57:59 -0400] "POST /forums/sendmessage.php HTTP/1.1" 403 521 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:11:22:41 -0400] "POST /forums/sendmessage.php HTTP/1.1" 403 521 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:11:45:56 -0400] "POST /forums/sendmessage.php HTTP/1.1" 403 521 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:12:07:31 -0400] "POST /forums/sendmessage.php HTTP/1.1" 403 521 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:12:28:54 -0400] "POST /forums/sendmessage.php HTTP/1.1" 200 2723 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:12:50:39 -0400] "POST /forums/sendmessage.php HTTP/1.1" 200 2743 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:13:19:31 -0400] "POST /forums/sendmessage.php HTTP/1.1" 200 2715 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:13:42:03 -0400] "POST /forums/sendmessage.php HTTP/1.1" 200 2739 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:14:04:19 -0400] "POST /forums/sendmessage.php HTTP/1.1" 200 2715 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:14:26:21 -0400] "POST /forums/sendmessage.php HTTP/1.1" 200 2715 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:14:48:29 -0400] "POST /forums/sendmessage.php HTTP/1.1" 200 2723 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:15:17:59 -0400] "POST /forums/sendmessage.php HTTP/1.1" 200 2687 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:15:40:18 -0400] "POST /forums/sendmessage.php HTTP/1.1" 200 2711 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:16:00:18 -0400] "POST /forums/sendmessage.php HTTP/1.1" 200 2703 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:16:20:27 -0400] "POST /forums/sendmessage.php HTTP/1.1" 200 2723 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:16:40:15 -0400] "POST /forums/sendmessage.php HTTP/1.1" 200 2711 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:16:59:06 -0400] "POST /forums/sendmessage.php HTTP/1.1" 405 325 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:17:42:30 -0400] "POST /forums/sendmessage.php HTTP/1.1" 405 325 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:18:04:45 -0400] "POST /forums/sendmessage.php HTTP/1.1" 405 325 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:18:28:14 -0400] "POST /forums/sendmessage.php HTTP/1.1" 405 325 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:18:49:39 -0400] "POST /forums/sendmessage.php HTTP/1.1" 405 325 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:19:11:20 -0400] "POST /forums/sendmessage.php HTTP/1.1" 405 325 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:19:35:10 -0400] "POST /forums/sendmessage.php HTTP/1.1" 405 325 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:19:56:24 -0400] "POST /forums/sendmessage.php HTTP/1.1" 405 325 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:20:17:49 -0400] "POST /forums/sendmessage.php HTTP/1.1" 200 2587 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.255.117.18 - - [11/Jun/2006:20:37:49 -0400] "POST /forums/sendmessage.php HTTP/1.1" 200 2583 "http://www.cyburbia.org/forums/showthread.php?t=18553" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
I've got another in the same range, hammering at a nonexistent Moveable Type script.
It's coming from a hosting company called Inhoster in the Ukraine, through an IP block in Belarus. Inhoster is notorious for hosting malware, spyware, spamming scripts, and so on.
Here's the IP range, in convenient "just add it to your .htaccess file" form.
deny from 85.255.112.
deny from 85.255.113.
deny from 85.255.114.
deny from 85.255.115.
deny from 85.255.116.
deny from 85.255.117.
deny from 85.255.118.
deny from 85.255.119.
deny from 85.255.120.
deny from 85.255.121.
deny from 85.255.122.
deny from 85.255.123.
deny from 85.255.124.
deny from 85.255.125.
deny from 85.255.126.
deny from 85.255.127.
deny from 195.95.218.
deny from 195.95.219.
deny from 195.225.176.
deny from 195.225.177.
deny from 195.225.178.
deny from 195.225.179.
Attached FilesLast edited by cyburbia; Sun 11 Jun '06, 5:32pm.Cyburbia Forums - a third place for urban planners
http://www.cyburbia.org/forumsComment
-
I just checked out the form, and image verification is missing!
However, in my settings:
Something's wrong.Cyburbia Forums - a third place for urban planners
http://www.cyburbia.org/forumsComment
-
Comment
-
-
Image verification will always be missing if you are logged in. If you are not logged in, then you will get the CAPTCHA.ManagerJosh, Owner of 4 XenForo Licenses, 1 vBulletin Legacy License, 1 Internet Brands Suite License
Director, WorldSims.org | Gaming Hosting Administrator, SimGames.net, Urban Online EntertainmentComment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment