vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   member.php spam prevention (https://vborg.vbsupport.ru/showthread.php?t=59263)

Ritsui 12-18-2003 08:19 PM
member.php spam prevention
 
I don't know how big of a problem this is, but with spammers getting more desperate and aggresive every day, I'd be surpised if this doesn't start happening a whole lot more.

A forum I run (vb 2.x) just got nailed by a spammer who joined and ran a POST script to iterate through userids until they emailed every user on the forums who had email enabled (well over 1,000 :eek:). This put the site at risk for termination if the emails ended up reported to Spews or Spamcop, so I added a hack to make sure it can't happen again including a minimum post count before you can use the mail functions and a floodcheck to allow only 1 email every X seconds.

I haven't put the hack in publishable form yet, but it's all available on request.

Koobi 12-19-2003 08:27 AM
Ritsui, I experienced the same problem although not all members had recieved this email (I and a few moderators did though).

Could I please have a look at the hack?
Thanks
- Bane

g-force2k2 12-19-2003 11:41 AM
It wasn't the site's fault, and the emails do get sent from the user who sent them so just report the person to their internet provider using their ip address. Hope that everything works out.

Regards,
g-force2k2

Ritsui 12-21-2003 02:33 AM
1 Attachment(s)
I contacted the user's ISP immediately, but I wouldn't expect any tangible results from that. I can't speak for others, but Roadrunner didn't give a damn about enforcing their own TOS. They said flat out that they only care if the spam itself originated from one of their address blocks.

As for the hack, please keep in mind this was written as a knee jerk only. I'm not a "vb hacker" and I won't warranty or promise to support anything. This works for me under 2.2.5 and should work under 2.3.3.

Also... CHECK YOUR LOGS. In our case, the spam was definitely run from members.php, but there are many other places in vBulletin using mail(), so they should be looked at as well.


All times are GMT. The time now is 10:25 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01076 seconds
  • Memory Usage 1,710KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (4)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete