FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Bug Reports » Abusing FUD reply notification as spam source
Show: Today's Messages :: Unread Messages :: Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
Abusing FUD reply notification as spam source [message #30530] Wed, 01 March 2006 13:16 Go to next message
holger.linge is currently offline  holger.linge   Germany
Messages: 17
Registered: October 2002
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
Hi

My FUD version is somewhat outdated (2.6.6). That's deadly in this times. But i've learned my lession, so please don't beat too hard Embarassed

Obviously, my FUD-Forum has been abused as a spamsource. I've allowed anonymous postings in one of the forums. I risked being harassed by someone spamming the forum, but i rated the opportunity for a quick hello by visitors unwilling to register higher.

But now, someone not only spammed the forum, but also abused the email function. I would like to know how exactly he made it, and if it's fixed yet.

I got hundreds (*sigh*) of blocked mails like this one:

---------------------------------------------------

Return-Path: <ADMIN@MYDOMAIN>
Received: (qmail 9484 invoked by uid 501); 28 Feb 2006 04:54:29 -0000
Date: 28 Feb 2006 04:54:29 -0000
Message-ID: <20060228045429.9483.qmail@MYDOMAIN>
To: Some poor victim
Subject: New reply to poker casino597 by A voice from the shadows
From: ADMIN@MYDOMAIN
Errors-To: ADMIN@MYDOMAIN
X-Mailer: FUDforum v2.6.6
Content-Type: text/plain; charset=ISO-8859-15


To view unread replies go to http://MYDOMAIN/bbs/index.php?t=rview&goto=6737

If you do not wish to receive further notifications about replies in this topic, please go here: http://MYDOMAIN/bbs/index.php?t=rview&th=157&notify=1&opt=off

----------------------------------------------------

"A voice from the shadown" is the anonymous user name.

The targeted posting was an anonymous one with a broken link to a gambling site. All the links in all the posting looked a bit different and where all invalid.

First i thought he used the "Email too a friend", but these mails look different, and are AFAIK not acessible to anonymous users.

This spam is a reply notification, but how could one use THESE as spam?

Leaves me puzzled.

Could someone take me by the hand, and show me the light?

cu
Holger

Re: Abusing FUD reply notification as spam source [message #30546 is a reply to message #30530] Thu, 02 March 2006 09:09 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
Those e-mails looks like Forum's e-mail notification sent to people when a message is posted in a topic they are subscribed to.

In later version of forums there is a captcha test for anon posting, which significantly reduces the amount of automated forum spam.


FUDforum Core Developer
Re: Abusing FUD reply notification as spam source [message #30558 is a reply to message #30530] Thu, 02 March 2006 22:46 Go to previous messageGo to next message
xracer is currently offline  xracer   United States
Messages: 2
Registered: March 2006
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
We have been hacked also, our forums have been spammed to death by guess, however even after i block guess posting we got hit again. almost every forum is filled with spam
This is the information , however there are many IP addresses.

Guest IP: 205.134.172.130
poker casino www.online-575-poker-kiszka-blada.com


Hope that helps

.::EDIT::.

As an aditional note i am up to date with the updates using FUDforum 2.7.4.

[Updated on: Fri, 03 March 2006 02:45]

Report message to a moderator

icon4.gif  Re: Abusing FUD reply notification as spam source [message #30592 is a reply to message #30558] Fri, 03 March 2006 10:23 Go to previous messageGo to next message
holger.linge is currently offline  holger.linge   Germany
Messages: 17
Registered: October 2002
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
That's him!

Unfortunately my fellow moderators already cleansed the forum of this garbage, but i remember this sensless "poker-kiszka" URL with a random number included. I'll hold them a quick lesson in software-forensics Smile

And he's way of being lazy. Check this:

http://www.google.de/search?hl=de&q=poker+kiszka&btnG=Suche&met a=

So, what's going on here?
1) Is the attacker to stupid to spam a correct URL
2) He's just a chaotic mind going rampage
3) He's exploiting the software and testing for the real scam

No 3 is surely the less desirable one

Looks like the captcha is not working 100% optimal, as you're using a new FUD-Version. Have you also had a problem with real spam mails going out, or 'only' the forum being spammed with Messages?

cu
Holger

Re: Abusing FUD reply notification as spam source [message #30594 is a reply to message #30530] Fri, 03 March 2006 13:14 Go to previous messageGo to next message
xracer is currently offline  xracer   United States
Messages: 2
Registered: March 2006
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
I only experienced teh forums being spammed, teh mail was not touched.
Re: Abusing FUD reply notification as spam source [message #30627 is a reply to message #30594] Sun, 05 March 2006 12:00 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
Captcha only works so far, it is possible to write a captcha guesser/decoder. The ideal solution is to disable anonymous posting on the forum, to make it far trickier for a spammer to get through.

FUDforum Core Developer
Re: Abusing FUD reply notification as spam source [message #40470 is a reply to message #30627] Fri, 07 March 2008 15:29 Go to previous messageGo to next message
thebugnut is currently offline  thebugnut   Canada
Messages: 87
Registered: June 2005
Karma: 0
Member
add to buddy list
ignore all messages by this user
How do you disable anonymous posting? I can't find a setting anywhere.
Re: Abusing FUD reply notification as spam source [message #40485 is a reply to message #40470] Sun, 09 March 2008 13:31 Go to previous message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
YOu need to take a way post/reply permissions via group permission system from Anonymous user.

FUDforum Core Developer
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: Inconsistent pluralization
Next Topic: Topic description sometimes vanishes (V2.7.7 + move topic patch)
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Mon Sep 09 10:49:16 EDT 2024

Total time taken to generate the page: 0.05054 seconds