Hi,

Our provider sent me an Email this morning, that someone uses the sendmessage.php to send spam from our accunt.
Our version is vbulletin 4.2.2 PL1

This is what we got from the provider - from where the spam was sent.

www.r-l-x.de***213.238.175.29 - - [18/Sep/2014:05:46:01 +0200] "POST /forum/sendmessage.php?do=dosendtofriend&t=139852 HTTP/1.1" 303 - "http://www.r-l-x.de/forum/sendmessage.php?do=sendtofriend&t=139852" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

Any idea where this comes from? Something new?

best regards
Michael

Do you allow guests to use the contact us if yes, then change the setting to not allow them to use it. Many spam bots use this

Or, require human verification for the action.

Any idea where this comes from? Something new?



If you go to the usergroup manager and edit a usergroup, under "Forum Viewing Permissions" there's "Can Use Email to Friend". If that's set to yes, then users in that group can use your forum to send an email message. It uses a phrase to add some lines before and after the message, but otherwise they can send any messaqge they want to any email address they want.

Thanks everybody - it was the "Forum viewing permissions" - solved it.

best regards Michael