PM bug? Security problem? User sent PMs, no record in user table

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • randomdriver
    Member
    • Jul 2010
    • 30
    • 3.8.x

    PM bug? Security problem? User sent PMs, no record in user table

    Two users sent me a complaint today about a Private Message. It is clearly spam.

    What is more concerning are the following:

    1. When I go to the users page in admincp they are listed as COPPA but are actually a Registered user (see screen shot)
    Click image for larger version

Name:	11-22-2011 2-05-06 PM.jpg
Views:	1
Size:	92.2 KB
ID:	3722238

    When I look at their data in MySQL I see they have zero for "pmtotal"

    When I look at the pmtext table. I find entries for the userid when I SELECT * FROM pmtext where fromuserid=<userid>

    So the user has clearly sent PMs, but the profile is showing zero. Very concerned about this.
  • randomdriver
    Member
    • Jul 2010
    • 30
    • 3.8.x

    #2
    OK, I'm guessing pmtotal = a users inbox total.

    When I pull the dropdown from the user menu in the above screen shot and select the option to view PM Statistics, I get zero for this user.

    Mostly worried that my forums are getting hacked by some a*hole

    Comment

    • TheNewOne
      Senior Member
      • Aug 2011
      • 1033
      • 4.2.5

      #3
      if theres nothing in pmtotal or pmunread could just mean he deleted them

      Comment

      • TheNewOne
        Senior Member
        • Aug 2011
        • 1033
        • 4.2.5

        #4
        looking at your ss it says he is a coppa user because that has been clicked in his profile if you look at the left ss just below skype name

        Comment

        • jmottle
          Member
          • Apr 2003
          • 93
          • 3.0.0 Release Candidate 4

          #5
          I had a similar incident today. Members are receiving PM spam messages via email, but nothing shows up in their PM boxes on the forum and when I log into the spammers account there are no records of any PMs being sent. Has our forum hacked? Obviously this spammer has figured out some way to hack the system.

          Comment

          • Lynne
            Former vBulletin Support
            • Oct 2004
            • 26255

            #6
            If the PM Spammer isn't saving his messages in the Sent box, then nothing will show up and he will have a PM total of 0.

            Please don't PM or VM me for support - I only help out in the threads.
            vBulletin Manual & vBulletin 4.0 Code Documentation (API)
            Want help modifying your vbulletin forum? Head on over to vbulletin.org
            If I post CSS and you don't know where it goes, throw it into the additional.css template.

            W3Schools &lt;- awesome site for html/css help

            Comment

            • jmottle
              Member
              • Apr 2003
              • 93
              • 3.0.0 Release Candidate 4

              #7
              yes, but there are no PMs in any of the inboxes of the recipients either.

              Comment

              • Lynne
                Former vBulletin Support
                • Oct 2004
                • 26255

                #8
                How can you say they received the message but then say it's not in their inbox? Where did they see it?

                Also, have you, or any of your mods, gone to the PM Spammers user in the admincp and selected Delete all private messages sent by this user?

                Please don't PM or VM me for support - I only help out in the threads.
                vBulletin Manual & vBulletin 4.0 Code Documentation (API)
                Want help modifying your vbulletin forum? Head on over to vbulletin.org
                If I post CSS and you don't know where it goes, throw it into the additional.css template.

                W3Schools &lt;- awesome site for html/css help

                Comment

                • jmottle
                  Member
                  • Apr 2003
                  • 93
                  • 3.0.0 Release Candidate 4

                  #9
                  I've gone into the accounts of the people who reported the spam and there were no PM in their inbox. I could not delete the PMs sent by the spammer as it said no PM had ever been sent.

                  Comment

                  • Lynne
                    Former vBulletin Support
                    • Oct 2004
                    • 26255

                    #10
                    I really don't know what happened then. I don't see how they can report a spam PM that they never saw.

                    Please don't PM or VM me for support - I only help out in the threads.
                    vBulletin Manual & vBulletin 4.0 Code Documentation (API)
                    Want help modifying your vbulletin forum? Head on over to vbulletin.org
                    If I post CSS and you don't know where it goes, throw it into the additional.css template.

                    W3Schools &lt;- awesome site for html/css help

                    Comment

                    • jmottle
                      Member
                      • Apr 2003
                      • 93
                      • 3.0.0 Release Candidate 4

                      #11
                      Because they only received it via email.

                      Comment

                      • Lynne
                        Former vBulletin Support
                        • Oct 2004
                        • 26255

                        #12
                        Then somebody removed them. I'd suggest looking through your control panel logs. And, if you really think the PM Spammer did it, then look through your access_logs and see what he did.

                        Please don't PM or VM me for support - I only help out in the threads.
                        vBulletin Manual & vBulletin 4.0 Code Documentation (API)
                        Want help modifying your vbulletin forum? Head on over to vbulletin.org
                        If I post CSS and you don't know where it goes, throw it into the additional.css template.

                        W3Schools &lt;- awesome site for html/css help

                        Comment

                        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                        Working...