Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 12-18-2003, 08:19 PM
Ritsui Ritsui is offline
 
Join Date: Jul 2002
Location: Lake Arrowhead, CA
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default member.php spam prevention

I don't know how big of a problem this is, but with spammers getting more desperate and aggresive every day, I'd be surpised if this doesn't start happening a whole lot more.

A forum I run (vb 2.x) just got nailed by a spammer who joined and ran a POST script to iterate through userids until they emailed every user on the forums who had email enabled (well over 1,000 ). This put the site at risk for termination if the emails ended up reported to Spews or Spamcop, so I added a hack to make sure it can't happen again including a minimum post count before you can use the mail functions and a floodcheck to allow only 1 email every X seconds.

I haven't put the hack in publishable form yet, but it's all available on request.
Reply With Quote
  #2  
Old 12-19-2003, 08:27 AM
Koobi Koobi is offline
 
Join Date: Sep 2003
Location: Colombo, Sri Lanka
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ritsui, I experienced the same problem although not all members had recieved this email (I and a few moderators did though).

Could I please have a look at the hack?
Thanks
- Bane
Reply With Quote
  #3  
Old 12-19-2003, 11:41 AM
g-force2k2 g-force2k2 is offline
 
Join Date: Mar 2002
Location: Everywhere you wanna be..
Posts: 1,608
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It wasn't the site's fault, and the emails do get sent from the user who sent them so just report the person to their internet provider using their ip address. Hope that everything works out.

Regards,
g-force2k2
Reply With Quote
  #4  
Old 12-21-2003, 02:33 AM
Ritsui Ritsui is offline
 
Join Date: Jul 2002
Location: Lake Arrowhead, CA
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I contacted the user's ISP immediately, but I wouldn't expect any tangible results from that. I can't speak for others, but Roadrunner didn't give a damn about enforcing their own TOS. They said flat out that they only care if the spam itself originated from one of their address blocks.

As for the hack, please keep in mind this was written as a knee jerk only. I'm not a "vb hacker" and I won't warranty or promise to support anything. This works for me under 2.2.5 and should work under 2.3.3.

Also... CHECK YOUR LOGS. In our case, the spam was definitely run from members.php, but there are many other places in vBulletin using mail(), so they should be looked at as well.
Attached Files
File Type: txt vb_spam_prevent.txt (3.8 KB, 33 views)
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:45 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.09192 seconds
  • Memory Usage 2,201KB
  • Queries Executed 14 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (4)post_thanks_box
  • (4)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit_info
  • (4)postbit
  • (1)postbit_attachment
  • (4)postbit_onlinestatus
  • (4)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • postbit_attachment
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete