The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
#1
|
|||
|
|||
email spammers hijacking blog mail mechanism
I'm unsure if this has been covered in the v4 discussion area before. I was able to find a thread in the v3 area that basically advised to do the same thing I'm showing below. But the code in the template has seemingly changed between v3.x and v4.x. Please understand that I'm merely posting this in case it may help someone who is experiencing the same issue with v4.x.
Here's the issue: Email spammers were able to use the Email Blog Entry to a fiend mechanism to send mass spam messages out from my forum site in Guest mode. The message count total reached about 1500 before I resolved the issue. This occurred within a 24-hour period. What didn't work: I first tried disabling all guest and member email functions (both in the usergroup area and the email settings area). But none of that changed anything. What did work: I used iftop in the server's root terminal to pinpoint the IP sending the traffic... Code:
65.xxx.xxx.xxx:http => 122.52.73.206:28249 68.1Kb 13.6Kb 3.41Kb <= 4.66Kb 954b 239b 65.xxx.xxx.xxx:http => 122.52.73.206:28213 0b 9.65Kb 2.41Kb <= 0b 794b 199b 65.xxx.xxx.xxx:http => 122.52.73.206:29200 160b 10.8Kb 2.71Kb <= 736b 970b 243b 65.xxx.xxx.xxx:http => 122.52.73.206:29199 2.50Kb 551b 138b <= 12.1Kb 2.48Kb 636b On the Who's Online display, I then searched for and located the spamming IP (122.52.73.206) among the connected users... Code:
Guest 11:04 AM /entry.php?7-blog-entry-6-from-The-Cobalt-Foundation&do=sendtofriend Sending Blog Entry to a Friend 122.52.73.206 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .N Take note that the forum location item is: "Sending Blog Entry to a Friend". Next, from the admin cp, I edited the blog_show_entry template to remove the following code... Code:
<vb:if condition="$show['emailentry']"> <li><a href="{vb:link entry, {vb:raw bloginfo}, {vb:raw pageinfo_sf}}"><img src="{vb:stylevar imgdir_misc}/blog/email_go.png" class="inlineimg" alt="{vb:rawphrase email_blog_entry}" /> {vb:rawphrase email_blog_entry}</a></li> <vb:if condition="$show['member']"> <li class="separator">|</li> </vb:if> </vb:if> Problem solved. As an extra precaution, I blocked IP range 122.52.73.0/24 (which shows to be based in the Philippines) at server level within my filter rules. One thing that I don't quite understand is why vB does not offer a toggle to disable the 'email blog entry to a fiend' function. That seems like a no brainer to me. |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|