Announcement

Collapse
No announcement yet.

Email spam via VBulletin 4.2.2

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Email spam via VBulletin 4.2.2

    Hello everybody.
    We have a VB 4.2.2 forum, and we receive lots of "undelivered email" reports containing spam emails. Reports contain same info: all those emails were sent via class_mail.php
    Switching between smtp and php email transport won't help. Searching for suspicious scripts or changes in scripts won't help too.
    So, is there any way to stop spammers from using forum scripts to send their messages from our address?

  • #2
    Turn off "Send Email to Friends" for all groups especially guests. That is the only way they could send emails.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API - Full / Mobile
    Vote for your favorite feature requests and the bugs you want to see fixed.

    Comment


    • #3
      Originally posted by Wayne Luke View Post
      Turn off "Send Email to Friends" for all groups especially guests. That is the only way they could send emails.
      We have "send email to friends" turned off for unregistered, turned on for registered users. However, in Admincp, Settings, Options, Email Options, we have "Use Secure Email Sending" ticked to yes as this obliges users to fill in a form; they can't just see friend's email addresses. Presumably this would do the same trick and should not result in spam?

      Comment


      • #4
        Secure email sending is to to protect the emails of your users.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API - Full / Mobile
        Vote for your favorite feature requests and the bugs you want to see fixed.

        Comment


        • #5
          Originally posted by Wayne Luke View Post
          Turn off "Send Email to Friends" for all groups especially guests. That is the only way they could send emails.
          Unfortunately that was done but did not help.

          Comment


          • #6
            First solution was to remove sendmessage.php script, spam temporary stopped. However now it began again, from another script - class_mail.php
            Any solutions please?

            Comment


            • #7
              If you're using the mailqueue system then you probably have messages queued which will continue to go out even if you removed sendmessage.php. You could truncate the mailqueue table in the database, but that will also delete any legitimate message you might have queued.

              Comment


              • #8
                We totally stopped spam a month and a half ago by removing sendmessage.php. Now it began again using another vulnerability. So that's not "old" spam.

                Comment


                • #9
                  There are no vulnerabilities of this nature in vBulletin.
                  I strongly suspect you have an issue with the server somewhere, or something is misconfigured

                  If this was a vBulletin problem, given the sheer number of vB4 installations out there, and the number of spammers there are, I'm certain we'd have many reports of this.
                  MARK.B | vBULLETIN SUPPORT

                  TalkNewsUK - My vBulletin 5.6.2 Demo
                  AdminAmmo - My Cloud Demo

                  Comment


                  • #10
                    Originally posted by Jah_chel View Post
                    We totally stopped spam a month and a half ago by removing sendmessage.php. Now it began again using another vulnerability. So that's not "old" spam.

                    Oh, sorry, I missed that 1 month gap in there.

                    Comment


                    • #11
                      Originally posted by Mark.B View Post
                      If this was a vBulletin problem
                      What do you mean by saying "if"? According to reports, the spam emails are sending through class_mail.php script.

                      Comment


                      • #12
                        Had a similar problem. Logged-in SPAM users have been using entry.php?do=sendtofriend&do=sendtofriend to fill up the session table completely. This repeats every couple of days. That seems like a vulnerability to me. I went ahead and disabled send-to-friend for most of my usergroups now.
                        - the makers of VaultWiki

                        Comment


                        • #13
                          It turns out the vulnerability I noticed was not attempting to cause email SPAM but was instead attempting to cause a Denial of Service. See: http://tracker.vbulletin.com/browse/VBIV-16057
                          - the makers of VaultWiki

                          Comment


                          • #14
                            That doesn't actually fix the problem though. There are any instances where more than 5 legitimate users can come from a single ip

                            Comment


                            • #15
                              Five legitimate users with the same user ID? That doesn't make sense to me. If you want to account for guest users, you can make two limits, one for guests (higher, maybe 1000) and one for logged in users (around 5).

                              However, I don't really see a point to maintaining guest sessions for anything except registering as most forums don't allow guests to post. Note that only extra sessions would be ignored during the same 15-minute (or other expiry value) period, and only if those guest users are operating from the same IP during that time.
                              Last edited by thincom2000; Tue 6 Jan '15, 9:17am.
                              - the makers of VaultWiki

                              Comment

                              Related Topics

                              Collapse

                              Working...
                              X