SpamBots xRummer et al, bypass validate code??

[pattycake]

Quote:

Originally Posted by vijayninel

This is interesting. It also means that we could be sending mails, newsletters etc to non existing e-mail addresses. Something that could get you in trouble in the longer run.

I also own a very large forum with 150,000 members, 4 million posts... I monitor all bounced emails daily because yes, been there, done that ... it can get you black-balled by a provider for continuing to sending emails to non-existant or bogus emails. They assume you are a spammer using some list.

I revised my forum softare adding a field called "Disable Emails"... if anyone bounces an email, they get tagged with "Disable Emails'... the system will not longer send any emails to that address until the email address has been corrected.

btw: I have stopped the spambots from posting... took a bit of creative coding in the register.php script but it has been 100% effective. They can still signup like any other person but... they (and they alone) get tagged as an UnApproved Coppa user meaning... they cannot post, pm, do a sig. All I have to do is view the Coppa users ever so often. Since I don't do Coppa at my site, anyone in there is a SpamBot... one click and they all are gone.

--------------- Added [DATE]1347262898[/DATE] at [TIME]1347262898[/TIME] ---------------

Quote:

Originally Posted by ForceHSS

Maybe the email is being forward to his real email address when sent to this fake one

Nope... vBulletin sends the email to whatever email address he entered during registration... he could not enter a "cc" or a "bcc" or a forward unless the original email address was real.

Check that... if he actually owns the mail server, it could be done. He could first create the bogus email address, then disable the bogus email address, but put a .forward (or a .copy) in it, forwarding it to a real email address. But, he would have to have control over the mail server.

I really think there must be a command line to regsiter.php that will allow someone to validate without knowing that validation code.

I'm going to start pouring thru the logs to see if I can find out for sure.

--------------- Added [DATE]1347274867[/DATE] at [TIME]1347274867[/TIME] ---------------

Here's another that just validated... notice the bounced/invalid email address.

Code:

Unknown user: AnnenlySeDfef@aol.com

RCPT TO generated following response:
550 5.1.1 <AnnenlySeDfef@aol.com>: Recipient address rejected: aol.com

Original message follows.
Received: from mail.xxxxx.com [127.0.0.1] by mail.xxxxx.com with ESMTP
  (SMTPD32-8.15) id AA1C2D4300CC; Mon, 10 Sep 2012 02:43:24 -0500
Date: Mon, 10 Sep 2012 07:54:17 +0000
To: AnnenlySeDfef@aol.com
From: "xxxxx.com" <xxxxx_admin@xxxxxx.com>
Auto-Submitted: auto-generated
Return-Path: pat@xxxxk.com
Message-ID: <20120910075417.4f7bb88beeed@www.xxxx.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-Mailer: vBulletin Mail via PHP
Subject: Action Required to Activate Membership for xxxxx.com

Dear ScavaOnette,

Thank you for registering at the xxxxx.com. Before we can activate your account one last step must be taken to complete your registration.

Please note - you must complete this last step to become a registered member. You will only need to visit this URL once to activate your account.

To complete your registration, please visit this URL:
http://xxxxx.com/register.php?a=act&u=5698&i=6225256255d02fe1f3bff014b90e3920f146aece

Notice it bounced, undelivered, yet he was still able to validate. How could he validate without having the validation code??

.