vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Suspicious request emails sent from Forum (https://vborg.vbsupport.ru/showthread.php?t=304663)

Art Andrews 11-17-2013 04:54 PM
Suspicious request emails sent from Forum
 
From time to time, I get an email from my forum titled "Suspicious Request"

It almost always pertains to someone trying to register on the site, but never really supplies enough information to know what the exact problem is or even what is generating this email. I did my research and only see two other people who have brought this up in the two threads linked below:

http://www.vbulletin.com/forum/forum...icious-request

http://www.vbulletin.com/forum/forum...input-register

Neither seemed to get answers on the source of the email although vBulletin indicated it was a plugin and not the core software. One person thought it was cPanel, but that isn't the case because we don't run cPanel.

The content of a typical email looks something like this:

Code:
Cinput: register


Forum: http://www.therpf.com

IP: 183.160.121.253
User-agent: Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20100101 Firefox/21.0
Request: /?page=login&cmd=register
User: Unregistered

GET: array (
  'page' => 0,
  'cmd' => 'register',
  'pagenumber' => 0,
)

POST: array (
  'ajax' => NULL,
)

COOKIE: array (
  'bb_lastvisit' => 1384691004,
  'bb_sessionhash' => '7ee094053fd45c1989c8e41c6f80afb7',
  'PHPSESSID' => 'vh8f9aq3v5t6p2gpu0mf2kdoc0',
  'bb_lastactivity' => 0,
  'vbulletin_collapse' => NULL,
  'bb_referrerid' => NULL,
  'bb_userid' => NULL,
  'bb_password' => NULL,
  'bb_threadedmode' => NULL,
  'bb_userstyleid' => NULL,
  'bb_languageid' => NULL,
  'bb_skipmobilestyle' => NULL,
  'bb_fbprofilepicurl' => NULL,
  'bb_forum_view' => NULL,
  'vbulletin_sidebar_collapse' => NULL,
)
We use a number of plugins, but I can't find any that seem to be responsible for these emails. Does anyone have any idea what is generating them?

tbworld 11-17-2013 06:04 PM
If you have access to shell commands on your server, you can use 'grep' to search your files.

Art Andrews 11-17-2013 06:18 PM
I have full access to the server, but I am not sure what I would searching for.

Lynne 11-17-2013 06:43 PM
I can tell it isn't from the software, but I don't know exactly what it's from. I would guess it's from some server script.

Art Andrews 11-17-2013 08:25 PM
Could it possibly be tied to people trying to register with the facebook connect feature?

ForceHSS 11-17-2013 09:59 PM
Do you have tapatalk installed


All times are GMT. The time now is 11:38 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01134 seconds
  • Memory Usage 1,722KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (6)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete