View Single Post
  #1  
Old 22 Feb 2016, 01:26
edgeless edgeless is offline
 
Join Date: Mar 2013
email spammers hijacking blog mail mechanism

I'm unsure if this has been covered in the v4 discussion area before. I was able to find a thread in the v3 area that basically advised to do the same thing I'm showing below. But the code in the template has seemingly changed between v3.x and v4.x. Please understand that I'm merely posting this in case it may help someone who is experiencing the same issue with v4.x.

Here's the issue:
Email spammers were able to use the Email Blog Entry to a fiend mechanism to send mass spam messages out from my forum site in Guest mode. The message count total reached about 1500 before I resolved the issue. This occurred within a 24-hour period.

What didn't work:
I first tried disabling all guest and member email functions (both in the usergroup area and the email settings area). But none of that changed anything.

What did work:
I used iftop in the server's root terminal to pinpoint the IP sending the traffic...


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


On the Who's Online display, I then searched for and located the spamming IP (122.52.73.206) among the connected users...


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


Take note that the forum location item is: "Sending Blog Entry to a Friend".

Next, from the admin cp, I edited the blog_show_entry template to remove the following code...


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


Problem solved.

As an extra precaution, I blocked IP range 122.52.73.0/24 (which shows to be based in the Philippines) at server level within my filter rules.

One thing that I don't quite understand is why vB does not offer a toggle to disable the 'email blog entry to a fiend' function. That seems like a no brainer to me.
Reply With Quote