Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 11-11-2011, 11:45 PM
mindhunter77 mindhunter77 is offline
 
Join Date: Jan 2006
Posts: 194
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Getting Hammered By A Spammer

Some spammer is sending a mass amount of email through my vb system, now I am loggin emails sent to a file, but that does not show the email address they are using. I would like to somehow be able to get the ips they are using so I can ban those while I find how/where they got in...

Here is a sample of the many hundreds of emails they are sending out..

Code:
SUCCESS
Fri, 11 Nov 2011 19:33:57 -0500
To: xpwarmnklj@hyrvpf.com
Subject: xpwarmnklj@hyrvpf.com
From: "the site" <the-site-email>
Auto-Submitted: auto-generated
Return-Path: site-email
Message-ID: <20111112003357.7d1a0d42309e@the-site-address.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-Mailer: vBulletin Mail via PHP
Content-Type: text/html; charset="ISO-8859-1"


Online prescription ultram,

This is a message from Ultram withdrawal symptoms ( mailto: ) from the forum-name ( forum-url).



forum-name takes no responsibility for messages sent through its system.
=====================================================
Reply With Quote
  #2  
Old 11-12-2011, 12:24 AM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by mindhunter77 View Post
...I would like to somehow be able to get the ips they are using so I can ban those while I find how/where they got in...
Assuming it's being done through an http request (to a php script), seems like you should be able to look at the server logs and find out how it's being done, and from which ip(s).
Reply With Quote
  #3  
Old 11-12-2011, 12:40 AM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by kh99 View Post
Assuming it's being done through an http request (to a php script), seems like you should be able to look at the server logs and find out how it's being done, and from which ip(s).
Im with you, definately has to be a rogue file. What mods or files have you uploaded recently to your server?
Reply With Quote
  #4  
Old 11-12-2011, 02:03 AM
mindhunter77 mindhunter77 is offline
 
Join Date: Jan 2006
Posts: 194
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Nothing, as far as mods,... searching through logs now.
Reply With Quote
  #5  
Old 11-12-2011, 03:57 AM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Turn off all options to allow guests to send emails.
Reply With Quote
  #6  
Old 11-12-2011, 04:02 AM
mindhunter77 mindhunter77 is offline
 
Join Date: Jan 2006
Posts: 194
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yea, I tried that, didn't work. =(

I stopped the mail onslaught by renaming the sendmessage.php file while I track down how they are getting in..
Reply With Quote
  #7  
Old 11-12-2011, 04:04 AM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by mindhunter77 View Post
Yea, I tried that, didn't work. =(

I stopped the mail onslaught by renaming the sendmessage.php file while I track down how they are getting in..
Do you have human verification turned on for this action?, you should, and the better defence is the Q&A
Reply With Quote
  #8  
Old 06-22-2012, 03:27 PM
tr1cky tr1cky is offline
 
Join Date: Aug 2011
Posts: 10
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Having the exact same problem, did everything the TS did and there are still outgoing messages.
Reply With Quote
  #9  
Old 06-23-2012, 07:39 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

In the adminCP, Under Email Options, make sure you have "Allow Users to Email Other Members" set to No, if you haven't already.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:33 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04881 seconds
  • Memory Usage 2,243KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete