Log in

View Full Version : Getting Hammered By A Spammer

mindhunter77
11-11-2011, 11:45 PM
Some spammer is sending a mass amount of email through my vb system, now I am loggin emails sent to a file, but that does not show the email address they are using. I would like to somehow be able to get the ips they are using so I can ban those while I find how/where they got in...

Here is a sample of the many hundreds of emails they are sending out..


SUCCESS
Fri, 11 Nov 2011 19:33:57 -0500
To: xpwarmnklj@hyrvpf.com
Subject: xpwarmnklj@hyrvpf.com
From: "the site" <the-site-email>
Auto-Submitted: auto-generated
Return-Path: site-email
Message-ID: <20111112003357.7d1a0d42309e@the-site-address.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-Mailer: vBulletin Mail via PHP
Content-Type: text/html; charset="ISO-8859-1"


Online prescription ultram,

This is a message from Ultram withdrawal symptoms ( mailto: ) from the forum-name ( forum-url).



forum-name takes no responsibility for messages sent through its system.
================================================== ===
kh99
11-12-2011, 12:24 AM
...I would like to somehow be able to get the ips they are using so I can ban those while I find how/where they got in...

Assuming it's being done through an http request (to a php script), seems like you should be able to look at the server logs and find out how it's being done, and from which ip(s).
Simon Lloyd
11-12-2011, 12:40 AM
Assuming it's being done through an http request (to a php script), seems like you should be able to look at the server logs and find out how it's being done, and from which ip(s).
Im with you, definately has to be a rogue file. What mods or files have you uploaded recently to your server?
mindhunter77
11-12-2011, 02:03 AM
Nothing, as far as mods,... searching through logs now.
ForceHSS
11-12-2011, 03:57 AM
Turn off all options to allow guests to send emails.
mindhunter77
11-12-2011, 04:02 AM
Yea, I tried that, didn't work. =(

I stopped the mail onslaught by renaming the sendmessage.php file while I track down how they are getting in..
Simon Lloyd
11-12-2011, 04:04 AM
Yea, I tried that, didn't work. =(

I stopped the mail onslaught by renaming the sendmessage.php file while I track down how they are getting in..
Do you have human verification turned on for this action?, you should, and the better defence is the Q&A :)
tr1cky
06-22-2012, 03:27 PM
Having the exact same problem, did everything the TS did and there are still outgoing messages.
kh99
06-23-2012, 07:39 PM
In the adminCP, Under Email Options, make sure you have "Allow Users to Email Other Members" set to No, if you haven't already.