Thread: email spammers hijacking blog mail mechanism
View Single Post
  #8  
Old 02-26-2016, 11:50 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by edgeless View Post
I guess I didn't think of it and no one recommended it. Do you mean set the usergroup permission for Unregistered/Not logged in for the blog section to 'no' at "Can use Email to Friend"? It seems like it should work... but then they were somehow able to bypass the human verification system. So I'm not sure what they are doing or injecting, or where. Definitely something to try, though.

EDIT:
Actually I did try that and it did nothing. When I wrote my reply above I was somehow thinking there was a permission control item for the vB blog under Usergroups > Forum Permissions... but there's not. What I had already tried was setting Usergroups > Usergroup Manager > Unregistered/Not Logged In (and each of the other usergroups) > "Can Use Email to Friend" to 'no" but it had absolutely no effect on the spammer's ability to access the system and send his messages. In fact, that permissions change is one of the first things I tried. I'm sorry about my confusion there for a minute about the Forum Permissions list. So the only thing that has worked is what I have detailed above.
for Unregistered / Not Logged
Blog General Permissions
Put all settings to no

Blog Entry Permissions
Leave this setting to Yes
Follow Blog Moderation Setting
The rest put all to No

Blog Comment Permissions
Leave this setting to Yes
Follow Blog Comment Moderation Setting
The rest put all to No
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01108 seconds
  • Memory Usage 1,765KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete