vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Security Problem??? (https://vborg.vbsupport.ru/showthread.php?t=314377)

THX_Ultra 09-18-2014 06:13 AM
Security Problem???
 
Hi,

Our provider sent me an Email this morning, that someone uses the sendmessage.php to send spam from our accunt.
Our version is vbulletin 4.2.2 PL1

This is what we got from the provider - from where the spam was sent.

www.r-l-x.de***213.238.175.29 - - [18/Sep/2014:05:46:01 +0200] "POST /forum/sendmessage.php?do=dosendtofriend&t=139852 HTTP/1.1" 303 - "http://www.r-l-x.de/forum/sendmessage.php?do=sendtofriend&t=139852" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

Any idea where this comes from? Something new?

best regards
Michael

ForceHSS 09-18-2014 06:27 AM
Do you allow guests to use the contact us if yes, then change the setting to not allow them to use it. Many spam bots use this

Max Taxable 09-18-2014 06:37 AM
Or, require human verification for the action.

kh99 09-18-2014 01:12 PM
Quote:
Originally Posted by THX_Ultra (Post 2515587)

Any idea where this comes from? Something new?
If you go to the usergroup manager and edit a usergroup, under "Forum Viewing Permissions" there's "Can Use Email to Friend". If that's set to yes, then users in that group can use your forum to send an email message. It uses a phrase to add some lines before and after the message, but otherwise they can send any messaqge they want to any email address they want.

THX_Ultra 09-19-2014 03:43 PM
Thanks everybody - it was the "Forum viewing permissions" - solved it.

best regards Michael


All times are GMT. The time now is 07:10 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01106 seconds
  • Memory Usage 1,714KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (5)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete