FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Bug Reports » Abusing FUD reply notification as spam source
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
Abusing FUD reply notification as spam source [message #30530] Wed, 01 March 2006 18:16 Go to next message
holger.linge is currently offline  holger.linge   Germany
Messages: 17
Registered: October 2002
Karma: 0
Junior Member
Hi

My FUD version is somewhat outdated (2.6.6). That's deadly in this times. But i've learned my lession, so please don't beat too hard Embarassed

Obviously, my FUD-Forum has been abused as a spamsource. I've allowed anonymous postings in one of the forums. I risked being harassed by someone spamming the forum, but i rated the opportunity for a quick hello by visitors unwilling to register higher.

But now, someone not only spammed the forum, but also abused the email function. I would like to know how exactly he made it, and if it's fixed yet.

I got hundreds (*sigh*) of blocked mails like this one:

---------------------------------------------------

Return-Path: <ADMIN@MYDOMAIN>
Received: (qmail 9484 invoked by uid 501); 28 Feb 2006 04:54:29 -0000
Date: 28 Feb 2006 04:54:29 -0000
Message-ID: <20060228045429.9483.qmail@MYDOMAIN>
To: Some poor victim
Subject: New reply to poker casino597 by A voice from the shadows
From: ADMIN@MYDOMAIN
Errors-To: ADMIN@MYDOMAIN
X-Mailer: FUDforum v2.6.6
Content-Type: text/plain; charset=ISO-8859-15


To view unread replies go to http://MYDOMAIN/bbs/index.php?t=rview&goto=6737

If you do not wish to receive further notifications about replies in this topic, please go here: http://MYDOMAIN/bbs/index.php?t=rview&th=157&notify=1&opt=off

----------------------------------------------------

"A voice from the shadown" is the anonymous user name.

The targeted posting was an anonymous one with a broken link to a gambling site. All the links in all the posting looked a bit different and where all invalid.

First i thought he used the "Email too a friend", but these mails look different, and are AFAIK not acessible to anonymous users.

This spam is a reply notification, but how could one use THESE as spam?

Leaves me puzzled.

Could someone take me by the hand, and show me the light?

cu
Holger

Re: Abusing FUD reply notification as spam source [message #30546 is a reply to message #30530] Thu, 02 March 2006 14:09 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
Those e-mails looks like Forum's e-mail notification sent to people when a message is posted in a topic they are subscribed to.

In later version of forums there is a captcha test for anon posting, which significantly reduces the amount of automated forum spam.


FUDforum Core Developer
Re: Abusing FUD reply notification as spam source [message #30558 is a reply to message #30530] Fri, 03 March 2006 03:46 Go to previous messageGo to next message
xracer is currently offline  xracer   United States
Messages: 2
Registered: March 2006
Karma: 0
Junior Member
We have been hacked also, our forums have been spammed to death by guess, however even after i block guess posting we got hit again. almost every forum is filled with spam
This is the information , however there are many IP addresses.

Guest IP: 205.134.172.130
poker casino www.online-575-poker-kiszka-blada.com


Hope that helps

.::EDIT::.

As an aditional note i am up to date with the updates using FUDforum 2.7.4.

[Updated on: Fri, 03 March 2006 07:45]

Report message to a moderator

icon4.gif  Re: Abusing FUD reply notification as spam source [message #30592 is a reply to message #30558] Fri, 03 March 2006 15:23 Go to previous messageGo to next message
holger.linge is currently offline  holger.linge   Germany
Messages: 17
Registered: October 2002
Karma: 0
Junior Member
That's him!

Unfortunately my fellow moderators already cleansed the forum of this garbage, but i remember this sensless "poker-kiszka" URL with a random number included. I'll hold them a quick lesson in software-forensics Smile

And he's way of being lazy. Check this:

http://www.google.de/search?hl=de&q=poker+kiszka&btnG=Suche&met a=

So, what's going on here?
1) Is the attacker to stupid to spam a correct URL
2) He's just a chaotic mind going rampage
3) He's exploiting the software and testing for the real scam

No 3 is surely the less desirable one

Looks like the captcha is not working 100% optimal, as you're using a new FUD-Version. Have you also had a problem with real spam mails going out, or 'only' the forum being spammed with Messages?

cu
Holger

Re: Abusing FUD reply notification as spam source [message #30594 is a reply to message #30530] Fri, 03 March 2006 18:14 Go to previous messageGo to next message
xracer is currently offline  xracer   United States
Messages: 2
Registered: March 2006
Karma: 0
Junior Member
I only experienced teh forums being spammed, teh mail was not touched.
Re: Abusing FUD reply notification as spam source [message #30627 is a reply to message #30594] Sun, 05 March 2006 17:00 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
Captcha only works so far, it is possible to write a captcha guesser/decoder. The ideal solution is to disable anonymous posting on the forum, to make it far trickier for a spammer to get through.

FUDforum Core Developer
Re: Abusing FUD reply notification as spam source [message #40470 is a reply to message #30627] Fri, 07 March 2008 20:29 Go to previous messageGo to next message
thebugnut is currently offline  thebugnut   Canada
Messages: 87
Registered: June 2005
Karma: 0
Member
How do you disable anonymous posting? I can't find a setting anywhere.
Re: Abusing FUD reply notification as spam source [message #40485 is a reply to message #40470] Sun, 09 March 2008 17:31 Go to previous message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
YOu need to take a way post/reply permissions via group permission system from Anonymous user.

FUDforum Core Developer
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Inconsistent pluralization
Next Topic: Topic description sometimes vanishes (V2.7.7 + move topic patch)
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 15:39:47 GMT 2024

Total time taken to generate the page: 0.02547 seconds