Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Reload this Page spam being sent through Email To Friend - can't stop it
FAQ Community Calendar Today's Posts Search

Reply
Page 3 of 4 12 3 4
 
Thread Tools Display Modes
  #21  
Old 10-12-2012, 02:01 AM
doob doob is offline
 
Join Date: Dec 2009
Posts: 127
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Use Mailqueue System was set to Yes. It looks like bounce backs are comeing in about 1 second after the mail is sent based on the mailer daemon info and the header. It does seem like I'm flooded with bounce backs for a short time, and then there's a gap before the next batch burries my email. I'm still a little unclear on how this function works but it sounds like if I set it to "no" then emails would just go out instantly rather than in some sort of batched delay.

I ticked off "Enable Email features?" and bounce-backs stopped dead. I guess I'll need to wait and see if that's a real indicator or related to the Mailqueue System.

I already disabled in the usergroups Email to a Friend and Email to Members but I like and want the other features so don't look forward to having to rewrite this stuff.

Report Bad Post
'Contact Us' Link
Email a Member
Email this Page to a Friend
New Post Notifications to Members
Reply With Quote
  #22  
Old 10-12-2012, 02:06 AM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
DO you have vbseo? if so is it up to date?
Reply With Quote
  #23  
Old 10-12-2012, 03:35 AM
doob doob is offline
 
Join Date: Dec 2009
Posts: 127
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
No VBSEO not installed.

I'm VERY curious to see if the bounce-backs are stopped by ticking off that "Enable Email features?".

I think I'm at an impass and can only "wait and see" now.
Reply With Quote
  #24  
Old 10-12-2012, 04:01 AM
WEBDosser's Avatar
WEBDosser WEBDosser is offline
 
Join Date: Oct 2001
Location: @ MyPC
Posts: 824
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Sneeky little bugger's them hackers.. most of mine where from china some from korea and a few from the US, and they don't have to be on your site to do it not even as a guest.

If you have access to the server look for brute force attack logs too..
Reply With Quote
  #25  
Old 10-12-2012, 01:01 PM
Xp.Warrior Xp.Warrior is offline
 
Join Date: Mar 2012
Posts: 142
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
ohoooo ?
Reply With Quote
  #26  
Old 10-12-2012, 03:00 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by doob View Post
No VBSEO not installed.

I'm VERY curious to see if the bounce-backs are stopped by ticking off that "Enable Email features?".

I think I'm at an impass and can only "wait and see" now.
If you turn off email, then yes, they will stop because now your site is sending out NO email at all.
Reply With Quote
  #27  
Old 10-14-2012, 01:22 AM
doob doob is offline
 
Join Date: Dec 2009
Posts: 127
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
My understanding was that registration emails would still be sent and that there is a potential that the email being sent could be impostering vbulletin based mail.

It does look like the bounce backs have completely stopped so question 1 is if Email to Friend and Email Members is individually disabled in all usergroups can I trust that those functions are truly disabled?

The next question is if any one has found specific holes in the other email functions that I should look at.
Reply With Quote
  #28  
Old 10-14-2012, 08:21 PM
kpmedia's Avatar
kpmedia kpmedia is offline
 
Join Date: Jan 2008
Posts: 136
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
You should also consider blocking the stupid-long script at the server level. For Linux, use mod_security, and for Windows use URLScan 3. Some of those injections use common query strings that serve no legitimate purpose.

The "email to friend" function is really nothing more than an open proxy in my opinion, and I'd leave it turned off. Or at best, only enable it for users that have been members longer than "X" amount of days (as in months). That last one would probably require some if/then/else comments custom added into some files, or as a custom plugin. I use things like that to limit access to certain site features.

You could even leverage htaccess/web.config or in-file PHP to block certain /8 or /16 IP ranges, to prevent use of that file. One one of my sites, we've start to block the register.php page from China subnets, because something like 0.01% was legitimate. (An alternative contact form is available for those wrongly blocked, which allows manual account creation.)

@WEBDosser : "and a few from the US" ... and those were likely Chinese users from USA based VPS used as cheap VPN/proxy. Certain hosting subnets should also be blocked. You just have to be diligent about checking server logs, and spotting trends -- and then blocking the bad incoming traffic routes.

You can also limit mail at the mail server itself. cPanel has nice plugins from Config Server, to help with this. And then you can configure the mail server.

If you're on shared hosting -- and therefore have no real server access -- then this would be a good reason/excuse to migrate to a VPS. You simply need more control to block things as you see fit.

Best of luck to you.
Reply With Quote
  #29  
Old 10-15-2012, 02:55 AM
doob doob is offline
 
Join Date: Dec 2009
Posts: 127
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
What exactly do you mean by "stupid long scripts". Are you talking Vbulletin default files or what?
Reply With Quote
  #30  
Old 10-21-2012, 12:28 PM
kpmedia's Avatar
kpmedia kpmedia is offline
 
Join Date: Jan 2008
Posts: 136
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by doob View Post
What exactly do you mean by "stupid long scripts". Are you talking Vbulletin default files or what?
Exploit injections GET/POST with encoded chars in a URL that is hundreds/thousands of chars long.
Stupid long scripts.

You may need a server admin. Good security is difficult to DIY, especially if you're not skilled in that area.
Reply With Quote
Reply
Page 3 of 4 12 3 4

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 11:12 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04113 seconds
  • Memory Usage 2,255KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete