How is someone sending PM's to my members?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • tpearl5
    Senior Member
    • Jul 2001
    • 547
    • 4.2.X

    #46
    Something is wrong.

    I got hit today with porn spam to members pm boxes! The user is 'lollergirl' does not have a valid e-mail address, in fact it used my domain. When viewing pm stats on this user it says 1. The IP looks like a proxy and resolves to Romania

    Capture more registrations - Advanced Guest Posting & Registration
    Cell Phone Forums | Nikonites

    Comment

    • nova4708
      New Member
      • Sep 2006
      • 7

      #47
      Yep, I've gotten hit by Lollergirl twice. Looks like some kind of script. I've also gotten the 'my book sucks please read it' one and the buddhist one three times.

      I've made it so unverified users can no longer send PMs, but I'm not sure that's going to stop anything.

      The worst thing about it is the lollergirl one is porn, and a lot of my users are under 18. Not very family friendly, and hurts my reputation as a forum owner.

      Comment

      • gopherhockey
        Senior Member
        • Jul 2002
        • 123
        • 3.6.x

        #48
        Just got hit by Buddha last night... did something in 3.7 make it easier for them to do or is that just coincidence. What do people do to stop this... the person did register.

        I ran a "delete users sent PMs" before removing the user, but I am still getting reports from people... it appears to not have completely flushed out their sent PMs or something. Any other way to rip out this PM?
        www.morcmtb.org

        Comment

        • SuperJETT
          New Member
          • Mar 2006
          • 24
          • 3.5.x

          #49
          Got hit by the buddhism one. 176 pm's before an admin deleted the account.

          However, I have a setting where you have to have 5 posts to be able to pm, so it's obviously an exploit.

          vbulletin team, this needs digging into.

          One other note, the script apparently doesn't fill in the numbers in a username for the subject. Anyone that has a username with a number such as test123test will have the subject with that name minus the numbers, ex. Re: testtest

          Comment

          • Jorrit787
            Senior Member
            • Nov 2005
            • 188
            • 3.8.x

            #50
            I'm just amazed by the continuing lack of an official response to this.
            EverythingKMC - A forum for the Kaiserslautern Military Community :cool:
            GermanDriversLicense.com

            Comment

            • Steve Machol
              Former Customer Support Manager
              • Jul 2000
              • 154488

              #51
              What official response are you expecting? People spam. It happens.
              Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
              Change CKEditor Colors to Match Style (for 4.1.4 and above)

              Steve Machol Photography


              Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


              Comment

              • toejam
                Member
                • Sep 2007
                • 40
                • 3.6.x

                #52
                I had this same problem with pm spamming. I think the default setting was that users waiting for email confirmation were allowed to pm and email members.

                I created a newbie usergroup until 3 posts are made. I turned the PMs and email members off until they make x posts.

                It gives me some protection and piece of mind knowing they have to post and moderators can see if the posts are legit.

                Comment

                • SuperJETT
                  New Member
                  • Mar 2006
                  • 24
                  • 3.5.x

                  #53
                  Originally posted by Steve Machol
                  What official response are you expecting? People spam. It happens.
                  On my board, new users are not allowed to pm until they have 5 posts. The 'user' that sent the pm's had zero posts, but was able to send out 176 pm's in short order, bypassing the requirement for 5 posts somehow.

                  I feel like it's an exploit by a script, not a person that signed up because the timestamps on the pm's were too consistent and because of my controls/limits that prevent normal people from doing this. I've had many users say that the 5 post minimum is silly, so I know that works for normal users.

                  I made a few more changes to prevent this, we'll see what happens.

                  An idea I've thought of would be to expand on the time limit between pm's, so it's an incremental number, say 10 seconds, then 15 for the next, then 20 for the next, etc etc. After say 10 minutes with no pm, the limit resets to normal. Trying to send 176 pm's would at that point require ~15 minutes between pm's, and I doubt a spammer is going to wait that long, however for a normal person, that extra time wouldn't be a factor and would reset fairly quickly.

                  Comment

                  • Steve Machol
                    Former Customer Support Manager
                    • Jul 2000
                    • 154488

                    #54
                    Originally posted by SuperJETT
                    On my board, new users are not allowed to pm until they have 5 posts. The 'user' that sent the pm's had zero posts, but was able to send out 176 pm's in short order, bypassing the requirement for 5 posts somehow.
                    That is not possible with the default vB code if the permissions are set correctly.

                    Please see this thread on how to make your vBulletin more secure:



                    If you are still being hacked after doing all of this, then they are most likely doing this by accessing your server. You need to contact your host about this.
                    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                    Change CKEditor Colors to Match Style (for 4.1.4 and above)

                    Steve Machol Photography


                    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                    Comment

                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...