FUDforum - خوراک RDF
http://fudforum.org/forum/index.php
there seems to be a way in 3.0.5 for spammers to mail
http://fudforum.org/forum/index.phpindex.php?t=rview&goto=186338&th=123556#msg_186338
I'am fairly new to fudforum. I installed it some days ago and found after some days lots of random generated users registering. All with location, occupation and some other data.
When the number of users hit 180 I took the time to enable the three plugins to battle spam:
BotScout
Stop Forum Spam
Recaptcha
Then I banned all suspicious users.
It slowed the process, but did not stop it.
Then I got a message from my hoster, my forum is generating lots of email traffic. Lots more then it should generate.
So I did this:
enabled the aproval by admin option
deleted all banned accounts and some more, which registered since my massban action
disabled the option, user can sent email to other users
I suspect that last option kind of unsecure. Apparently those spammer used my forum to send emails even to addresses not used by my forum members.
Is this a known problem? Is there some kind of fix?
Where could I find the logs, to find out, what is really going on?
]]>Alex.H2014-07-03T03:15:04-00:00Re: there seems to be a way in 3.0.5 for spammers to mail
http://fudforum.org/forum/index.phpindex.php?t=rview&goto=186357&th=123556#msg_186357
There must be a way how the spammers abuse my version. I would like to find it, so this problem could be closed.
Otherwise it would be only a question of time, I'am forced to migrate to another forum software. I only need to aprove one fake user and the spamming will start again.
So please help me!]]>Alex.H2014-07-06T11:20:25-00:00Re: there seems to be a way in 3.0.5 for spammers to mail
http://fudforum.org/forum/index.phpindex.php?t=rview&goto=186563&th=123556#msg_186563
I would start by looking at the mail logs of the server itself. First see if there is actual mail being sent by your server. If it is sent, then it would show what user sent it, and that would show you that it was (or wasn't) sent by FUDforum. I'm not sure how long you keep you mail logs on that server, or when this alleged spamming happened, but hopefully you still have the logs from the timeframe when this happened and you can look at them. If you don't have the logs, it would be useful to see the full email details of even one of the emails that cause the issue.
I say this because it's also likely that no actual mail came from your server. Someone could have spoofed your server and/or email addresses on that server.
May I ask what kind of system you are running this on? Linux/windows? What kind of mail system does it use? Do you have root/admin privileges on that server?]]>cpreston2014-10-02T18:30:35-00:00Re: there seems to be a way in 3.0.5 for spammers to mail
http://fudforum.org/forum/index.phpindex.php?t=rview&goto=186665&th=123556#msg_186665
I was only informed by our admin, that this forum is generating lots of mail traffic.
As a countermessure I deleted lots of users without any posts, activated every spam protection and added a selfwritten verification plugin. The capchas were simply not enough.]]>Alex.H2014-11-06T22:21:16-00:00