Archives

We had our very first spam post today! I looks like we are on the map now.

Hi Tom:

___Just read the banned guys post. I guess we have reached a new height (or is it a new low ;)), haven’t we?

___Good Luck

___Wayne

Be careful, there are tons of vulnerabilities kicking around
for PHP-based bboard packages. Priuschat and others have been
knocked over a couple of times now. Being on the radar doesn't
just mean spam...
.
_H*

Yup. I can believe that. I figure it is just a matter of time before we are hacked. I read every new release, and if it says it fixes a vulnerability I'll apply the patch. Even doing that though there is no guarantee that we won't get hit.

Pardon my analogy, but the determination of spammers to post where they clearly are not welcome reminds me of a sexual compulsion - aren't they persistant? :(

Maybe some of this is automated. If a person is doing this - what a loser!!!

Serously, I'd record the IP addresses in case this goes serial. It could be coming from the same IP address and could be blocked from the site level.

Hi Chuck:

___Although Tom is all over this, those that go ballistic attempting to cause havoc usually have a history with the site vs. this one hit wonder … Let us hope it is an isolated incident?

___Hobbit, thanks for the heads up. If I knew even 10% of what Tom does behind the scenes, I would probably be afraid to post myself let alone worry about our first of many spammers and malicious malcontents yet to come ;)

___Good Luck

___Wayne

I think it had to be a human. I don't remember, but I think we have image verification AND email verification in order to register. I don't know of many bots that can get around image verification.

I think it was probably a spammer, but just totally clueless as to why they spend the time to post something so unwelcome.

Again, I'd stress get the IP address of the people that do this. If it's the same hacker, or spammers, they can be blocked or monitored.

In the case it might be a hacker with an axe to grind (doubtful in this instance), I'd contact the internet providers they use. One little e-mail to the hacker from his internet provider will probably put an abrupt end to his fearless attacks, esp. if it turns out it was done from work. ;)

Hi Chuck:

___When the guy signed up, his IP is recorded internal to VBulletin. If something were to come of it, we have that. No sense in getting all worked up about a simple spammer just yet.

___The small amount of time and effort it takes to sign up is still a substantial investment for someone wanting to spam a board. I just do not see his/her point to sign up, go through the optical verification, go through the E-Mail authentication and setup only to post a single post that would have him/her banned within 1 hour of it being created?

___Good Luck

___Wayne

I don't think we have been hacked yet - just a common spammer.

And yes, it seems like the spammer just wasted their time - and Tom's. :confused:

I just do not see his/her point to sign up, go through the optical verification, go through the E-Mail authentication and setup only to post a single post that would have him/her banned within 1 hour of it being created?Tell me about it. Evan, Tag, and I are kept on our toes by the one-time spammers and flamers that apparently really do have that much time on their hands.

We use the Admin CP to block their IP and suspend the user from posting. One nice thing that Priuschat does is that it will not validate multiple screen names to the same email address. Therefore a spammer would need to generate multiple email addresses to generate multiple screen names. I realize that they probably automate that process, but it's still one more step they have to take.

Oh and congrats on your inaugural spam!! :Banane38:

Hi Tony:

___As large as PC is, do you see this kind of activity once per month, week, or as much as once a day? Tom caught the SOB before I even saw it but just wondering if all sites go through the spam/hack attacks as they grow and the number of occurrences?

PS: Did you see my questioning post about amount of electricity to make gallon of gasoline? I would be interested in your comments as well.

___Good Luck

___Wayne

Last week, a few (or more) punks organized at some "Impala SS" forum. They launched a planned attack of PC, starting new threads, posting severely obscene pictures, and bouncing from thread to thread flaming and trolling. For a couple hours, we were receiving "report a post" emails at a rate of one every two minutes. Seriously.

Evan, Tag, and I were trying to figure out why. All we could come up with is that it was their version of fun.

On average, we receive spam one every couple weeks; trolls every once and a while. Enough to keep us on our toes but not enough to overwhelm.

Betcha the IP came from somewhere offshore...
.
I forget, does the signup process include a "cookie dance"
via email, where a random tag must be successfully mailed to
a valid address and then returned? That would probably drop a
reasonable roadblock in the way of lusers just out to spam.
.
As far as other stuff ... not that I know jack about vbulletin
or any of the others, but I'd say check ALL user input for valid
character sets, lengths, and SQL injection attempts...
.
_H*

Yeah. It requires e-mail confirmation. As far as sql injection I can only hope that input is validated. The software is pretty mature and I know they do occasionally put out security updates.

Hi All:

___Spammer #2 just bit the dust. What is going on around here? 2 spammers in as many days? I guess this means we are a real online community now ;)

___Good Luck

___Wayne

If the signup requires an email handshake, is any sanity-checking
done on what the email addr is, i.e. if it's some expendable hotmail
or AOL nonsense can it be viewed with a bit more skepticism? Or
is that part entirely automated? If I was presented with a list
of email addrs for people purportedly wanting to sign up to
something, I could probably give you a subset right off that would
be suspect. And if spam response was consistently coupled with
notes to abuse@whatever-provider pointing out that the owner of
the email account in question was using it in connection with
spamming, that might raise the bar some...
.
Then again, that would require that the ISPs actually care, which
inexplicably isn't the case -- by ignoring the problem, they're
just making way *more* work for themselves long-term.
.
_H*

Well I wondered what this Thread was all about, and now I know.

Interesting.

Terry

Hobbit. It is entirely automated. You have to click on a link in your email to register. So in theory you can trace it down by who owns the domain of the mail server. These spammers are all off shore so it would be a waste of time to report them.