Announcement

**cyburbia** · Sun 11 Jun '06, 10:19pm

Originally posted by ManagerJosh View Post

Image verification will always be missing if you are logged in. If you are not logged in, then you will get the CAPTCHA.

D'oh! (hits self on head)

Okay, lemme' log out and see what appears.

There's the CAPTCHA.

Somebody is either typing in a CAPTCHA every 20 minutes, or the Ukranians have cracked it.

**ManagerJosh** · Sun 11 Jun '06, 11:19pm

Check your server logs to see if there are any repeated GET requests for the CAPTCHA.

**Floris** · Mon 12 Jun '06, 12:16am

3.6.0 will have a much better captcha support.

**pulsorock** · Mon 12 Jun '06, 2:29pm

Originally posted by cyburbia View Post

D'oh! (hits self on head)

Okay, lemme' log out and see what appears.

LOL the same happened to me. I turned on the image verification and didn't saw it. Until I logged out....

I hope this helps to avoid the spam I'm getting thru sendmessage.php

**Floris** · Tue 13 Jun '06, 8:17am

I have noticed an increase in spam too, even with image verification. If I have the time I will investigate the apache log files to see how they've done it or if they use a unique useragent string or something to make blocking them easier.

**Undertoad** · Mon 3 Jul '06, 1:20pm

Here's how I deal with it, via "Contact Us Options":

Even with image verification off, this simple method worked perfectly.

No spammer ever figured out that they should change the default setting. Every legitimate contact us user changed the setting.

Gmail's spam filtering picked up only the spam messages. Problem solved.

**Sergio68** · Mon 3 Jul '06, 3:28pm

Check Here

**bboy** · Tue 4 Jul '06, 9:31am

Undertoad! Great suggestion, I just added this to my site. There's using your noggin'

**simsim** · Tue 4 Jul '06, 10:13pm

Originally posted by Undertoad View Post

Here's how I deal with it, via "Contact Us Options":

Even with image verification off, this simple method worked perfectly.

No spammer ever figured out that they should change the default setting. Every legitimate contact us user changed the setting.

Gmail's spam filtering picked up only the spam messages. Problem solved.

Yea another proof imagination is more important than knowledge.

**flosoft** · Wed 2 Aug '06, 3:57pm

I think they are even smarter! They hacked the entire contact us script of VB! Take a look at this header:

Code:

Received: (qmail 19317 invoked by uid 33); 2 Aug 2006 07:04:19 +0200
Date: 2 Aug 2006 07:04:19 +0200
To: [email protected]
Subject: [email protected]
From: "Flosoft.biz" <[email protected]>
Auto-Submitted: auto-generated
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-Mailer: vBulletin Mail via PHP

VBulletin needs to fix this before they release 3.6!! This is an major bug in their system.

**Floris** · Wed 2 Aug '06, 4:40pm

I think you're incorrect. I don't see how they've done that. X-mailed: vbulletin mail via php is correct, that's the internal vbmail();

Which version of vbulletin are you using, are you still getting hit? do you have image verfication on? try upgrading to 3.6

**flosoft** · Wed 2 Aug '06, 4:45pm

Originally posted by Floris View Post

I think you're incorrect. I don't see how they've done that. X-mailed: vbulletin mail via php is correct, that's the internal vbmail();

Which version of vbulletin are you using, are you still getting hit? do you have image verfication on? try upgrading to 3.6

I'm using version 3.5.2.
Image Verification is active.
I will try 3.6 as soon as the stable candidate is out, but I suppose from the other posts that they also have these problems with 3.6.

Florian

**Floris** · Wed 2 Aug '06, 4:49pm

Changes are they are using a potential xss exploit to bypass permissions and use sendmessage.php anyway. Upgrade to at least 3.5.4

**flosoft** · Wed 2 Aug '06, 4:52pm

Originally posted by Floris View Post

Changes are they are using a potential xss exploit to bypass permissions and use sendmessage.php anyway. Upgrade to at least 3.5.4

Well, I'll wait for 3.6 and tell you then what the result is

I'm to lazy to upgrade all the system for now

**Freesteyelz** · Wed 2 Aug '06, 5:13pm

The funny thing is that I rarely receive spam through my contact e-mail address. I tend to get spam through my forum account e-mail address. The two e-mail accounts are separate.

Originally posted by Sergio68 View Post

Check Here

Interesting.

Announcement

Getting hit hard with spam through the "contact us" form

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment