Register Members List Search Today's Posts Mark Forums Read

Thread Tools
Old 18 Dec 2003, 22:19
Ritsui Ritsui is offline
Join Date: Jul 2002
member.php spam prevention

I don't know how big of a problem this is, but with spammers getting more desperate and aggresive every day, I'd be surpised if this doesn't start happening a whole lot more.

A forum I run (vb 2.x) just got nailed by a spammer who joined and ran a POST script to iterate through userids until they emailed every user on the forums who had email enabled (well over 1,000 ). This put the site at risk for termination if the emails ended up reported to Spews or Spamcop, so I added a hack to make sure it can't happen again including a minimum post count before you can use the mail functions and a floodcheck to allow only 1 email every X seconds.

I haven't put the hack in publishable form yet, but it's all available on request.
Reply With Quote
Old 19 Dec 2003, 10:27
Koobi Koobi is offline
Join Date: Sep 2003
Real name: Housni Yakoob
Ritsui, I experienced the same problem although not all members had recieved this email (I and a few moderators did though).

Could I please have a look at the hack?
- Bane
Reply With Quote
Old 19 Dec 2003, 13:41
g-force2k2 g-force2k2 is offline
Join Date: Mar 2002
It wasn't the site's fault, and the emails do get sent from the user who sent them so just report the person to their internet provider using their ip address. Hope that everything works out.

Custom vBulletin Hacker => Making Ideas Into Working Programs => No Idea Can Ever Be A Bad Idea
My vb3 Hacks
[ Posting Required Before Poll Voting ] | [ vb3 Font Color Hack ] | [ vb3 User Forum Activeness Hack ] | [ vb3 Postbit Style Option ] | [ vb3 User Ratings Hack ]
Reply With Quote
Old 21 Dec 2003, 04:33
Ritsui Ritsui is offline
Join Date: Jul 2002
I contacted the user's ISP immediately, but I wouldn't expect any tangible results from that. I can't speak for others, but Roadrunner didn't give a damn about enforcing their own TOS. They said flat out that they only care if the spam itself originated from one of their address blocks.

As for the hack, please keep in mind this was written as a knee jerk only. I'm not a "vb hacker" and I won't warranty or promise to support anything. This works for me under 2.2.5 and should work under 2.3.3.

Also... CHECK YOUR LOGS. In our case, the spam was definitely run from members.php, but there are many other places in vBulletin using mail(), so they should be looked at as well.
Attached Files
File Type: txt vb_spam_prevent.txt (3.8 KB, 33 views)

Last edited by Ritsui; 21 Dec 2003 at 04:36. Reason: add attachment
Reply With Quote

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

New To Site? Need Help?

All times are GMT. The time now is 05:29.

Layout Options | Width: Wide Color: