How is someone sending PM's to my members?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • engineco16
    Member
    • Feb 2005
    • 93
    • 3.0.7

    How is someone sending PM's to my members?

    Somehow, someone is sending spam PM's to my members on the forums. The only way I'm finding out is from email failure notices and people telling me. They're even inidividually addressed to the individual! Any ideas? Here's one of the complete emails I've received. Thanks!

    Return-Path:<> Delivered-To:[email protected] Receivedqmail 21536 invoked by uid 0); 3 Aug 2007 21:55:45 -0000 X-Scanned-By:qmail-clamscan 0.2 Received:from smtp.neospire.net (66.111.111.26) by mx1-3.neospire.net with SMTP; 3 Aug 2007 21:55:45 -0000 Received-Spfass (mx1-3.neospire.net: local policy designates 66.111.111.26 as permitted sender) Receivedqmail 19848 invoked for bounce); 3 Aug 2007 21:55:45 -0000 Date:3 Aug 2007 21:55:45 -0000 From:[email protected] [Add to Address Book]</SPAN>To:[email protected] [Add to Address Book]</SPAN>Subject:failure notice
    qmail-send at smtp.neospire.net: permanent delivery error.<[email protected]>:Sorry, I wasn't able to establish an SMTP connection. (#4.4.1)I'm not going to try again; this message has been in the queue too long.--- Below this line is a copy of the message.Return-Path: <[email protected]>Received: (qmail 16214 invoked by uid 0); 30 Jul 2007 17:55:45 -0000Received: from unknown (HELO two.neospire.net) (66.111.101.3) by smtp.neospire.net with SMTP; 30 Jul 2007 17:55:45 -0000Received: (qmail 32066 invoked by uid 1558); 30 Jul 2007 18:00:59 -0000Date: 30 Jul 2007 18:00:59 -0000To: [email protected]ubject: New Private Message at SoCalRailFan ForumsFrom: "SoCalRailFan Forums" <[email protected]>Auto-Submitted: auto-generatedMessage-ID: <[email protected]>MIME-Version: 1.0Content-Type: text/plain; charset="ISO-8859-1"Content-Transfer-Encoding: 8bitX-Priority: 3X-Mailer: vBulletin Mail via PHPDO NOT REPLY TO THIS EMAIL!***************************Dear donald_railfan,You have received a new private message at SoCalRailFan Forums from einstein,entitled "Greeting".To read the original version, respond to, or delete this message, you must login here:http://www.socalrailfan.com/forums/private.phpThis is the message that was sent:***************Hello,I'm new here and just wanted to say "hi" How's it going?"Buddhism has the characteristics of what would be expected in a cosmicreligion for the future: it transcends a personal God, avoids dogmas andtheology; it covers both the natural & spiritual, and it is based on areligious sense aspiring from the experience of all things as a meaningfulunity" - Albert Einstein---einsteinhttp://stein.freehostia.com***************Again, please do not reply to this email. You must go to the following page toreply to this private message:http://www.socalrailfan.com/forums/private.php All the best,SoCalRailFan Forums
  • Steve Machol
    Former Customer Support Manager
    • Jul 2000
    • 154488

    #2
    First, ban that member. Second, delete all the PMs he sent. You can do this in the Quick User Links in his account in the Admin CP.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    Comment

    • engineco16
      Member
      • Feb 2005
      • 93
      • 3.0.7

      #3
      I must be missing it, but what user sent it? Thanks.

      Comment

      • engineco16
        Member
        • Feb 2005
        • 93
        • 3.0.7

        #4
        I guess another thing is how and why all of a sudden am I getting people signed up that are spammers when I have several verifications steps yet they're getting through them.

        Comment

        • Steve Machol
          Former Customer Support Manager
          • Jul 2000
          • 154488

          #5
          The user that sent this was einstein:

          You have received a new private message at SoCalRailFan Forums from einstein
          Verifications don't stop spammers if they they use a real email address. People can still register and spam.

          This might help:

          How to Reduce Spam and Registration Bots
          Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
          Change CKEditor Colors to Match Style (for 4.1.4 and above)

          Steve Machol Photography


          Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


          Comment

          • creativepart
            Senior Member
            • Jan 2006
            • 293
            • 3.8.x

            #6
            Today 75 of my members got this exact same Buddhist Spam as Private Messages before I stopped it.

            Here is the content of the PM:

            Hi,
            I'm new here, how's it going?

            "Buddhism has the characteristics of what would be expected in a cosmic religion for the future: it transcends a personal God, avoids dogmas and theology; it covers both the natural & spiritual, and it is based on a religious sense aspiring from the experience of all things as a meaningful unity" - Albert Einstein

            ---
            buddha
            http://two.xthost.info/buddha4
            How can this be done? More importantly how can this be prevented.

            Paul Green

            Comment

            • michael_s
              New Member
              • Dec 2005
              • 1
              • 3.5.x

              #7
              I just got hit by this issue. I have removed the messages and deleted 'einstien' but how can I prevent this from happening again?

              Comment

              • bigwater
                Senior Member
                • Jan 2007
                • 592

                #8
                Same thing here. Same user. Same message. 115 times in 1-1/2 hours. According to the mods that reported it to me, the user was bouncing back and forth between the member list and PM at rapid fire speed.I queried "select pmtextid,touserarray from pmtext where fromuserid = 'einstein' order by pmtextid asc" and fired the result set off to another member of our staff who likes to bird dog this kind of stuff. She reported back that it appeared that "he" was sorting the member list by last online and sending the PMs that way.I googled "einstein spam", and uncovered threads on numerous boards around the net all reporting this exact same problem.I'm wondering if we have a new bot that needs to be dealt with.
                Anybody who says "it can't be done" will usually be interrupted by somebody who is already doing it.

                Comment

                • AdrianH
                  Senior Member
                  • Sep 2007
                  • 508

                  #9
                  I used to get this sort of thing several times a day on my form when it was run on phpbb2.
                  No matter what mods and security enhancements I added they walked around them daily,since using VBulletin this has not happened once.

                  I use the Captcha and the date of birth requirement which uses 3 drop down menus and I think that stops a lot of Bots as they normally write to a text field.

                  I hardened my forum by adding some mods from VBulletin.org. and this means only the most determined manual spammer can access the board.

                  http://www.vbulletin.org/forum/showthread.php?t=135094 IS Bot.

                  This mod looks at registration speed,if it is faster than a human can type the registration fails.

                  http://www.vbulletin.org/forum/showthread.php?t=131314 No Spam.

                  This is an additional Captcha with a difference, you can set as many questions as you wish and they have to be read and answered to proceed with registration.

                  http://www.vbulletin.org/forum/showthread.php?t=131314 Track guest visists.

                  This one tracks guest visits, I love this as I see the attempted registrations from all those spammers that have failed.

                  http://www.vbulletin.org/forum/showthread.php?t=156444 One touch cleanup control.

                  And this one is for the spammer or troll that registers manually, one press of the button and all their work disappears and they are banned instantly.

                  I love the way you can add and remove these mods in VBulletin it is a superb forum system and after years of the pleasures of phpbb and battling with the menaces that populate the internet I find it a dream to work with.

                  Comment

                  • richpal
                    Senior Member
                    • Aug 2006
                    • 164
                    • 3.6.x

                    #10
                    We were affected by einstein the spammer a couple of days ago who used the email address [email protected]

                    I noticed he joined up, confirmed his email address and answered the unique no spam question so appeared genuine, then stayed on the forum for hours without posting a message on the forum - It was only when I noticed he was looking at the member list then private messaging that I realised something wasn't quite right. I banned him and have now deleted all his spam messages.

                    What is the best way to deal with new users to limit their powers to either post spam on the forum and deny them the ability to use private messaging until they have contributed a few posts to the forum, is it best to create a new newbie 'usergroup' and change the permissions. I believe that usergroup 2 is fixed so I assume that is the one I modify, and create a new usergroup with the default permissions?

                    Comment

                    • Basscat
                      Member
                      • Jan 2005
                      • 70
                      • 3.8.x

                      #11
                      This guy also uses the user name dharma. He hit my site a few weeks ago. He starts at the beginning of your members list and spams away. He is wise, and deletes his pm from his sent items folder after he sends it.

                      Do yourself a favor. Create a new member with a username that starts at or near the beginning of your members list. ie 124895, andrew, 1abe, etc... With this username, use an email address you check daily. Set the usergroup settings to "Send Notification Email When a Private Message is Received".

                      This will not eliminate them, but will allow you to catch them in the very beginning.

                      Comment

                      • Jorrit787
                        Senior Member
                        • Nov 2005
                        • 188
                        • 3.8.x

                        #12
                        At least his site has been taken down...

                        404 Not Found!

                        This site has been deleted due to abuse!


                        -- Admin
                        EverythingKMC - A forum for the Kaiserslautern Military Community :cool:
                        GermanDriversLicense.com

                        Comment

                        • Verbose
                          Member
                          • Jul 2005
                          • 46
                          • 3.0.3

                          #13
                          How to prevent (some) PM Spam!

                          All my members have received PM spam today from a new user named "Sue" who was in the "(COPPA) Users Awaiting Moderation" usergroup.

                          Here is the contents of her spam:

                          Sorry to msg you out of the blue. Here's the thing.

                          I wrote a book together with a friend. My boyfriend keeps saying it's no good. I think he's just jealous tho. He's a big time poster here, so I told him I'm going to pick a random person here, and ask them, and we ended up betting on it.

                          So go to http:// books. zenofeller. com/ asylum /asylum_chapter1.html and call it either way. Good or no good.

                          Thanks.

                          I just looked around in my AdminCP and saw that I had to change the usergroup settings for the following usergroups or else pretty much any new unconfirmed users could start PM spamming:

                          "Maximum Stored Messages:
                          If you set this to 0 users from this usergroup will not be able to use private messaging."

                          Unregistered / Not Logged In
                          Users Awaiting Email Confirmation
                          (COPPA) Users Awaiting Moderation

                          Comment

                          • Wayne Luke
                            vBulletin Technical Support Lead
                            • Aug 2000
                            • 73976

                            #14
                            Originally posted by creativepart
                            How can this be done? More importantly how can this be prevented.
                            Just because it is spam doesn't mean it is being done by a bot or automatically. There is no way to prevent humans from registering at your site except to take it down. That probably isn't an acceptable solution.

                            A lot of people are going to a moderated new user system where users cannot use PMs and all their messages are pre-moderated before going public. This keeps their message out of view until you can handle it. After they have a few legitimate messages, then they are promoted to a usergroup with more permissions. You can use vBulletin's Usergroup Promotions to handle this. However someone could still register, post the 10 or so good messages and then spam once promoted. We can't do anything about intent.
                            Translations provided by Google.

                            Wayne Luke
                            The Rabid Badger - a vBulletin Cloud demonstration site.
                            vBulletin 5 API

                            Comment

                            • Ratchet
                              New Member
                              • Mar 2003
                              • 24
                              • 3.6.x

                              #15
                              We have PMs disabled for our "Registered" group, yet this spammer managed to spam our board with PMs containing the same message Verbose posted. We're trying to figure out how he managed to do it.

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...