vBulletin Mods

I doubt this mod was the vulnerability. Once someone gains access to your file system they can exploit any file they want.

My bad - you were correct. Somehow, they got access to my AdminCP (which I renamed from default long ago) and were injecting PHP redirect code into the plugins. I have ensured there are no rogue admin accounts and all passwords have been reset and further secured my AdminCP with .htaccess and voila, the redirects have stopped. :up:

Thankfully, the VPS my board sits on was not compromised in any way.

If you have the filestore hack you will have to do more than that. You will need to check and clean your files and your database.

A good place to start is in the diagnostics within your admincp and look for debase64 added to any of those files.. Mark has a guide on this if you search.

Better to start a new thread though or post in an existing thread about this hack if you need too so we do not go off topic here.

GlowHost is secure. I have been using it for many years on many sites and never had a security issue with it. :up:

Thanks, I found that old thread and did all of that as a follow-up to boot. :up:

I realize this hasn't been updated in a while and this is probably not worth bringing up but...

For the last few weeks I've had some very persistent spammers causing me headaches. Firstly they're starting off using new email addresses (all gmail) and clean IP addresses from SFS's perspective. They register, then put spam info into their profile fields, such as name. I do the easy cleanup immediately and their data is submitted to SFS as expected. The issue is that since this appears to be automated, they simply register again immediately using the same IP and email, and I have to manually cleanup registrations from the same email/ip multiple times.

I believe this is because of the caching function of GSOM. If only the bad query results (i.e. this name/email/ip is listed in the db), rather than all query results, then this wouldn't be a problem. And, doing it this way wouldn't add unnecessary burden to SFS's servers because valid users aren't constantly trying to register. Caching clean results isn't necessary.

I'm going to comb through the code myself to see if I can cobble something together but I'm not a dev so I don't have high hopes for success.

You should install the New Racaptcha plug in.. http://www.vbulletin.org/forum/misc...._new_recaptcha

That was the first thing I did but it didn't help, not even a little bit.

I have been running a couple of modifications which can help make a few dollars with the Glowhost Spam-O-Matic plug in.

Here it is Click Here.

Is an extented data privacy statement necessary when this mod is installed?
Like for sending user IPs and email adresses to Akismet and StopForumSpam?

Hmm funny you say this. I'm dealing with the same issue right now. Slowly enabling addons one at a time and looking for updates. I haven't enabled this yet and no redirects so far.

In the past couple of months I have seen a big increase in spam posts, and the automoderation in this addon doesnt seem to be working like I expect it should. For instance, I have it set to automoderate posts with more than 1 link, but I frequently see posts get through with more than 1 link. I also have "live stream" and "live streaming" listed in my bad words, but almost every spam posts contains these words. Only maybe 10% of spam posts actually end up in moderation.

Any ideas what could be wrong?

This product hasn't been updated in over four years and it has major security holes. It should probably be removed from the downloads section and quarantined. That's what is wrong.

What would you recommend that I do for spam protection then? It's a real problem on my board and akismet doesnt catch it.

StopForumSpam will catch a good deal of it if set up to check both IP addresses and e-mail addresses. Unfortunately, it won't catch everything.

The new Recaptcha will catch virtually all spambots but human spammers can still bypass it.

I find the most effective spam tool is still using the Question And Answer function. If you ask questions that only real people with a genuine interest in your forum can answer, and that don't have "yes" or "no" or "true" or "false" type answers it will stop most of the spam most of the time.

If, for example, you are a math forum, and you ask "How many pieces of pii are in a circle?" only a math nerd would even understand the question. It's not something answerable by a bot or most human spammers.

I had the same issue but I can help you fix this. The issue is that the code only looks for "http" urls and not "https", among others when acting on the auto moderation.

Download this plugin and extract the files on your drive. Open the file named "product-glowhostspamomatic.xml" with a text editor.

Search for all instances of this line; I believe there are two of them.

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

Replace that line so that it looks like this:

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

This change will catch all variations of URLs being posted in your forum, not just if they start with http or https so this does a much better job of catching spam.

Under Admin > Manage Products > Add/Import Product:
Once you've made the changes, you can install the plugin again but make sure to select the radio button to "Allow Overwrite".