FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Bug Reports » there seems to be a way in 3.0.5 for spammers to mail
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
icon4.gif  there seems to be a way in 3.0.5 for spammers to mail [message #186338] Wed, 02 July 2014 23:15 Go to next message
Alex.H is currently offline  Alex.H   Germany
Messages: 3
Registered: July 2014
Location: Germany, Kiel
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
Hi,

I'am fairly new to fudforum. I installed it some days ago and found after some days lots of random generated users registering. All with location, occupation and some other data.

When the number of users hit 180 I took the time to enable the three plugins to battle spam:
  • BotScout
  • Stop Forum Spam
  • Recaptcha
Then I banned all suspicious users.

It slowed the process, but did not stop it.

Then I got a message from my hoster, my forum is generating lots of email traffic. Lots more then it should generate.

So I did this:
  • enabled the aproval by admin option
  • deleted all banned accounts and some more, which registered since my massban action
  • disabled the option, user can sent email to other users

I suspect that last option kind of unsecure. Apparently those spammer used my forum to send emails even to addresses not used by my forum members.

Is this a known problem? Is there some kind of fix?

Where could I find the logs, to find out, what is really going on?
icon4.gif  Re: there seems to be a way in 3.0.5 for spammers to mail [message #186357 is a reply to message #186338] Sun, 06 July 2014 07:20 Go to previous messageGo to next message
Alex.H is currently offline  Alex.H   
Messages: 3
Registered: July 2014
Location: Germany, Kiel
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
Could someone tell me please, where to find the "mail log" of this forum?

There must be a way how the spammers abuse my version. I would like to find it, so this problem could be closed.

Otherwise it would be only a question of time, I'am forced to migrate to another forum software. I only need to aprove one fake user and the spamming will start again.

So please help me!
Re: there seems to be a way in 3.0.5 for spammers to mail [message #186563 is a reply to message #186357] Thu, 02 October 2014 14:30 Go to previous messageGo to next message
cpreston is currently offline  cpreston   United States
Messages: 160
Registered: June 2012
Location: Oceanside
Karma: 6
Senior Member
add to buddy list
ignore all messages by this user
I don't believe the forum has the ability to mail non-members. There's certainly nothing in the interface to allow that.

I would start by looking at the mail logs of the server itself. First see if there is actual mail being sent by your server. If it is sent, then it would show what user sent it, and that would show you that it was (or wasn't) sent by FUDforum. I'm not sure how long you keep you mail logs on that server, or when this alleged spamming happened, but hopefully you still have the logs from the timeframe when this happened and you can look at them. If you don't have the logs, it would be useful to see the full email details of even one of the emails that cause the issue.

I say this because it's also likely that no actual mail came from your server. Someone could have spoofed your server and/or email addresses on that server.

May I ask what kind of system you are running this on? Linux/windows? What kind of mail system does it use? Do you have root/admin privileges on that server?
Re: there seems to be a way in 3.0.5 for spammers to mail [message #186665 is a reply to message #186563] Thu, 06 November 2014 17:21 Go to previous message
Alex.H is currently offline  Alex.H   
Messages: 3
Registered: July 2014
Location: Germany, Kiel
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
It's a linux box. I have sadly no root or admin account and no possibility to access any mail logs.

I was only informed by our admin, that this forum is generating lots of mail traffic.

As a countermessure I deleted lots of users without any posts, activated every spam protection and added a selfwritten verification plugin. The capchas were simply not enough.
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: This forum- Clicking on the "How To" forum logs me out
Next Topic: Splitting Topics
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Aug 23 19:22:45 EDT 2017

Total time taken to generate the page: 0.00826 seconds