Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 02-22-2016, 12:26 AM
edgeless edgeless is offline
 
Join Date: Mar 2013
Posts: 115
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default email spammers hijacking blog mail mechanism

I'm unsure if this has been covered in the v4 discussion area before. I was able to find a thread in the v3 area that basically advised to do the same thing I'm showing below. But the code in the template has seemingly changed between v3.x and v4.x. Please understand that I'm merely posting this in case it may help someone who is experiencing the same issue with v4.x.

Here's the issue:
Email spammers were able to use the Email Blog Entry to a fiend mechanism to send mass spam messages out from my forum site in Guest mode. The message count total reached about 1500 before I resolved the issue. This occurred within a 24-hour period.

What didn't work:
I first tried disabling all guest and member email functions (both in the usergroup area and the email settings area). But none of that changed anything.

What did work:
I used iftop in the server's root terminal to pinpoint the IP sending the traffic...

Code:
65.xxx.xxx.xxx:http                                                                                      => 122.52.73.206:28249                                                                                       68.1Kb  13.6Kb  3.41Kb
                                                                                                         <=                                                                                                           4.66Kb   954b    239b
65.xxx.xxx.xxx:http                                                                                      => 122.52.73.206:28213                                                                                          0b   9.65Kb  2.41Kb
                                                                                                         <=                                                                                                              0b    794b    199b
65.xxx.xxx.xxx:http                                                                                      => 122.52.73.206:29200                                                                                        160b   10.8Kb  2.71Kb
                                                                                                         <=                                                                                                            736b    970b    243b
65.xxx.xxx.xxx:http                                                                                      => 122.52.73.206:29199                                                                                       2.50Kb   551b    138b
                                                                                                         <=                                                                                                           12.1Kb  2.48Kb   636b

On the Who's Online display, I then searched for and located the spamming IP (122.52.73.206) among the connected users...

Code:
Guest 	11:04 AM 	/entry.php?7-blog-entry-6-from-The-Cobalt-Foundation&amp;do=sendtofriend Sending Blog Entry to a Friend 	122.52.73.206
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .N

Take note that the forum location item is: "Sending Blog Entry to a Friend".

Next, from the admin cp, I edited the blog_show_entry template to remove the following code...

Code:
<vb:if condition="$show['emailentry']">
	<li><a href="{vb:link entry, {vb:raw bloginfo}, {vb:raw pageinfo_sf}}"><img src="{vb:stylevar imgdir_misc}/blog/email_go.png" class="inlineimg" alt="{vb:rawphrase email_blog_entry}" /> {vb:rawphrase email_blog_entry}</a></li>
	<vb:if condition="$show['member']">
	<li class="separator">|</li>
	</vb:if>
</vb:if>

Problem solved.

As an extra precaution, I blocked IP range 122.52.73.0/24 (which shows to be based in the Philippines) at server level within my filter rules.

One thing that I don't quite understand is why vB does not offer a toggle to disable the 'email blog entry to a fiend' function. That seems like a no brainer to me.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:39 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03391 seconds
  • Memory Usage 2,213KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (3)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete