Announcement

Collapse
No announcement yet.

Porn Spammer hit my forum

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Originally posted by DirectPixel
    Yep, I've had both. Both are bots.
    Right, I was on a different page that I thought was the end of the thread and I had not seen them. I read forward and saw he posts. Thanks guys.

    Jake
    Jake Crause
    www.homebuiltairplanes.com

    Comment


    • Yup, MartL just registered and got three posts in. However, I caught him VERY quickly because the first thread in the first forum happens to be one that I get notified on (ironically, it's the "Free advertising" one!) on my pager. So, anytime I get a page on that thread late at night I know something is up. This is the second time in 2 days I have gotten porn bots in here.

      First, I think we should Fark them! (http://www.fark.com - they are known for taking down quite a few servers in their day...)

      Second, Does the RC2.30 with GD (???) work on IIS servers? I'd like to upgrade, but not if it's not going to do anything.

      And, finally, for those of you wanting to know what he posted, here's an edited version:

      Watch HOT chicks getting f***ed hard on videos and on webcams with sound now! Enjoy: http:// www. incredibleoffer. tv/fsw/2
      His email is [email protected] - nice and random, and using Hotmail now!

      Comment


      • Okay, now this is interesting - to me.

        I went through my IIS log files, and found an entry for a reply this bot makes:
        2003-05-13 03:43:49 213.164.6.175 - W3SVC2 WEB2 x.x.x.x 80 POST /Forums/newreply.php - 200 0 8578 503 681 HTTP/1.1 rs25.com - bbuserid=2326;+bbpassword=06a28a8efa77918d48c8a05dd6efd6fd; -
        Boring, right? Not when you compare it to the post of a REAL user:
        2003-05-13 03:11:35 63.164.59.176 - W3SVC2 WEB2 x.x.x.x 80 POST /forums/newreply.php - 200 0 2667 2641 1041 HTTP/1.1 www.rs25.com Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) bblastvisit=1039641505;+CFGLOBALS=HITCOUNT%3D58%23LASTVISIT%3D%7Bts+%272003%2D04%2D21+15%3 A56%3A54%27%7D%23TIMECREATED%3D%7Bts+%272002%2D12%2D11+14%3A26%3A24%27%7D%23;+CFID=147777; +CFTOKEN=99935771;+NICKCOLOR=14;+TEXTCOLOR=0;+bbuserid=1733;+bbpassword=fooooooooooooooo;+ ;+bbthreadview=a%3A2%3A%7Bi%3A7980%3Bi%3A1052795275%3Bi%3A7781%3Bi%3A1052795321%3B%7D;+bbl astvisit=1050552223 http://www.rs25.com/forums/newreply....&threadid=7781
        Whoa nelly! Yeah, this bot has incomplete data, and most importantly .... NO COOKIE.

        If the Jelsoft folks are listening (please) a simple fix would be to create an option that is in the admin for:

        Allow posting when no cookie is present? (Y/N)

        I think that might be just a few tiny lines of code in the newreply.php file.

        Now, if I were a PHP developer I would write something up pronto. Anyone else care to do it, please PM me or email me and let me know!

        -James

        Comment


        • krone.at?

          Anyone else get this one?

          I have image verification enabled so no registration. This is obviously a bot, but I don't know if it is a search engine or a porn spammer. 17 users online now from this address.
          Talk about pets and post pictures at Talk Pets!

          Comment


          • Originally posted by RS25.com
            If the Jelsoft folks are listening (please) a simple fix would be to create an option that is in the admin for:

            Allow posting when no cookie is present? (Y/N)
            Good idea except this would stop regular members from posting if they use sessionhash instead of cookies. Besides we added the image verification to 2.3.0 to specifically combat this problem.
            Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
            Change CKEditor Colors to Match Style (for 4.1.4 and above)

            Steve Machol Photography


            Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


            Comment


            • Originally posted by RS25.com
              Yup, MartL just registered and got three posts in. However, I caught him VERY quickly because the first thread in the first forum happens to be one that I get notified on (ironically, it's the "Free advertising" one!) on my pager. So, anytime I get a page on that thread late at night I know something is up. This is the second time in 2 days I have gotten porn bots in here.

              First, I think we should Fark them! (http://www.fark.com - they are known for taking down quite a few servers in their day...)

              Second, Does the RC2.30 with GD (???) work on IIS servers? I'd like to upgrade, but not if it's not going to do anything.

              And, finally, for those of you wanting to know what he posted, here's an edited version:



              His email is [email protected] - nice and random, and using Hotmail now!
              Yep, same thing here.
              BTW, im' in Ft. Collins... small world.
              Oh well, look like i'll have to upgrade to 2.3 although i really liked 2.2.8
              matt
              www.cystinuria.org
              www.cystinuria.org
              www.cystinuria.org/forums

              Comment


              • Originally posted by DirectPixel
                Steve, I have GD Library enabled on my server, but for some reason, the image verification is not showing up.

                Determining if your site has GD compiled is very simple. Simply go to
                your web host's control panel for your site and check to see which
                perl modules are installed. If you're getting applicants for user privileges, then it's very likely GD is not compiled. Contact your webhost's support
                and ask them to compile GD for you. If you don't have a control panel,
                then call or email your support team. If they don't know what you're taqlking about, then get another web host.

                Comment


                • I was just spammed by a port spam this morning.

                  every thread is replied to with the spam message

                  this is what i got for the IP

                  The IP Address is: 208.184.60.144. The host name is: 208.184.60.144.irevolution.com.

                  the wierd thing is he's posting as a guest with a username of MartL
                  which i thought was not allowed on my forum??

                  is there any way to mass delete guest posts by the same person?

                  Veken

                  Comment


                  • They are still up to their tricks. A bunch of signed up users, but no posts. Weird.

                    Comment


                    • It occurs to me that if we all send these email addresses a ton of junk messages and fill up their inboxes... they won't be able to receive new registration messages.

                      Of course, then WE are the spammers but... :lol:

                      Comment


                      • Okay,

                        I installed 2.3.0 RC 2 in my W2K box with IIS 5.0. Of course, the image verification does not work. In the few minutes I took to upgrade, two bots registered again.

                        So, now, what do IIS users do? I'd appreciate some assistance from the VB gurus - can I install GD on my box? It's sitting here right next to me, no hosts, no control panels, 100% access.

                        Thanks.

                        Comment


                        • Originally posted by veken
                          I was just spammed by a port spam this morning.

                          every thread is replied to with the spam message

                          this is what i got for the IP

                          The IP Address is: 208.184.60.144. The host name is: 208.184.60.144.irevolution.com.

                          the wierd thing is he's posting as a guest with a username of MartL
                          which i thought was not allowed on my forum??

                          is there any way to mass delete guest posts by the same person?

                          Veken
                          I got hit by the same guy last night. Luckily I was on line and happened to be checking my board when the attack started. (My board is not usually busy so 15 guests on all at once threw up a few red flags.) I had a few registrations all from the same IP earlier in the day which I had thought odd then so I deleted all of the ones except for the MartL one because that was the only one that activated its account. (I require registeration to view other parts of my site so I have many posters that register and never post, so that part is not unusual for my board.) The loser never managed to actually post though, tried but no posts went though. I think the only thing that saved me there was I have the board email the new users their passwords initially and they need that password to log in. I guess the bot master doesn't actually read the confirmation emails sent to it to know it needs that random password because it never actually logged into the board. It just started hitting my board with mass quantities of post attempts. Turning the board off didn't even help, the post attempts kept coming, one attempt a minute or about that, finally booted him with an htaccess file. I never had any problems like this until one of my lovely visitors listed my board as a link in their yahoo group.
                          Thanks,
                          Karri

                          Comment


                          • Image verification is now operational on my site. My host had to recompile php with GD.

                            Comment


                            • A few things.

                              I did the upgrade to 2.3 from 2.28 following the rules laid down. It was a snap! Kudos and hugs to the entire crowd at jelsoft!!!!

                              It occurs to me that if we all send these email addresses a ton of junk messages and fill up their inboxes... they won't be able to receive new registration messages.

                              Of course, then WE are the spammers but... :lol:Posted by RS25.com - Today at 05:38 AM

                              Not a good idea.

                              But here is a thought:

                              Porn is a business and relies on trade of funds for services. The biz takes in billions each year.

                              My experience is with the losses to telephone systems. Countering phreakers and the like.

                              Much of this money is being spent by people who work for companies and are doing it on expense accounts or some other means of passing cost to their company. So why not do an exhaustive study of how the pay is done, post it on the web and make the info free to every accounting department and inland revenue in the world.

                              They do it for the money. With less money available, less porn.

                              Now, that would get them in the shorts.

                              I will share what I know, but the discussion must move off this forum.

                              peace
                              Ed Shuck
                              noevalley.com

                              Comment


                              • I see your point, however I do not think of it as a legitimate business. Spamming other people's forums and email addresses is despicable by me -- and most likely wiht other people. My board was hit, and whether it amkes billions or not, young people look at this site -- as well as their parents. It is a website for the dance studio, and I do not appreciate porn spammers taking a liking to spamming my board.

                                It is a pain for me, makes the studio look bad, and is all around disgrace.

                                If you have to look at porn, maybe you should get yourself a wife or husband.
                                | DiscBurn | CD & DVD Replication services, film and VHS to DVD, and duplication equipment
                                |
                                Disc On Demand | Short-run CD & DVD duplication... all online.

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X