Announcement

Collapse
No announcement yet.

How is someone sending PM's to my members?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Just got him myself. The user has not yet activated his account (false email address) but managed to spam 15 PMs before i seen it.

    I suggest anyone who has the same spam type to set the "Users awaiting email activation" to have very limited access.

    Set Maximum Recipients to Send PMs at a time: to 1
    Maximum Stored Messages: 5 or less.

    tbh unregistered users should only be allowed to send a PM to an admin if he has problems with activation.

    there is NO way i can find of doing this.
    Last edited by linksysinfo; Wed 7 Nov '07, 1:43pm.

    Comment


    • #17
      I've been hit by the buddah guy in one forum, and just got somebody begging money in another.

      For me, the easy solution would be to set it so nobody who has under x number of posts can use the PM system. That way, it would help screen users.

      By viewing the threads posted by new users before the threshold was reached, it would be easier to separate people joining just to spam from people who want to participate in legitimate discussions.

      Another way would be to set up the basic registered user level without PM priveleges, and the admins could promote legitimage users to a level that allowed PMs.

      However, after seraching the VB documentation, I can't find out how to do either of these two options.

      Can someone send me the link to make this happen?

      Thanks,
      DC

      Comment


      • #18
        This seems like a good way to approach this problem. In theory at least. Just set it up, so haven't any real life experience yet . . .


        http://www.vbulletin.com/forum/showthread.php?t=248053

        Comment


        • #19
          Like I've already stated, we've had it set up so that "Registered" users can't send PMs, but this spammer was somehow still able to do so even though he was in the Registered group.

          Comment


          • #20
            I had the same thing today. Someone in the Users awaiting Email conf with Private Messaging disabled for that group still sent out a few thousand emails.
            \

            Comment


            • #21
              Perhaps this is why they released PL2?
              EverythingKMC - A forum for the Kaiserslautern Military Community :cool:
              GermanDriversLicense.com

              Comment


              • #22
                Sorry Rachet-

                I was responding to the original post. Didn't see your "me too" until just now.

                DC

                Comment


                • #23
                  Interesting thread , I think the best to know how they did is to grab there tool wich I think could be Xrumer, I will try to get my hand on this stuff to check if the author managed to workaround because if you've been so many to be hit, there is known tool behide.
                  security community

                  Comment


                  • #24
                    I'm running PL2 and just got hit with this junk.

                    The guy was actually using someone e-mail and account. The real person that owns the account tipped me off and seemed quite familiar to what is going on. I'm very curious as to how he is doing this.

                    I recommend you all send complaint letters to his host and internet provider. They are as follows:
                    '[email protected]'; '[email protected]'

                    His IP is 78.96.82.26.

                    Capture more registrations - Advanced Guest Posting & Registration
                    Cell Phone Forums | Nikonites

                    Comment


                    • #25
                      Originally posted by class101 View Post
                      Interesting thread , I think the best to know how they did is to grab there tool wich I think could be Xrumer, I will try to get my hand on this stuff to check if the author managed to workaround because if you've been so many to be hit, there is known tool behide.
                      XRumer looks like a likely candidate.

                      Capture more registrations - Advanced Guest Posting & Registration
                      Cell Phone Forums | Nikonites

                      Comment


                      • #26
                        We got hit with this today. It was the Buddhist message, but instead of einstein, it was a Jeanette.

                        The worst part is that two of our members reported as spam the email alerting them that they got the PM (since the email includes the contents of the PM...). Their ISP, AOL, then sent an abuse report to our server saying our site was sending spam.


                        I'm about to set up a promotion to only allow those with 3 posts to use the PM feature, but the posts above, which state they had people sending them even though their group is not allowed concerns me. Was that resolved?

                        Comment


                        • #27
                          How can they have sent bcc to so many????

                          Erin Pavlina sent the following pm to over 400 people on a clients forum:

                          Sorry for PMing out of the blue. Here's the thing.

                          I wrote a book with a friend of mine. My husband keeps saying it sucks. I think he's just jealous tho.

                          He spends a lot of time on these boards, so I told him I'm going to pick a random person here, and ask them, and we ended up betting on it.

                          So go to ...... url deleted /asylum/ ... and make the call. Does it suck?

                          Thanks.
                          When I look in the database, I see that the touserarray has bcc of over 400 people in it.

                          Yet when I try and personally send a private message to so many, it limits me to the max 5 that has been setup.

                          The person had an unconfirmed email address and was still able to send to many. I have now changed the messages for that user group to not be able to send PM's.

                          But the question still remains, how could they get around the system that limits the number of pms able to be sent at one time????

                          The following is the first part of the touserarray field:

                          a:2:{s:2:"cc";a:1:{i:78;s:9:"fr1endly2";}s:3:"bcc";a:484:{i:721;s:16:"*Butterfly*Girl*";i: 712;s:10:"3daughters";i:1579;s:8:"A new me";i:1414;s:9:"Adumont75";i:1337;s:6:"akosak";i:366;s:4:"alli";i:290;s:7:"allicat";i:1697 ;s:3:"amy";i:2045;s:14:"amyswankhuizen";i:814;s:9:"angeluv73";i:2168;s:8:"angieblu";i:1206 ;s:10:"anglong123";i:1715;s:8:"anikay55";i:1276;s:3:"Ann";i:425;s:8:"anna1916";i:775;s:10: "AnnaBanana";i:2852;s:8:"anne-gro";i:1313;s:5:"AnneN";i:2917;s:14:"AnointedSpirit";i:2232;s:10:"applesauce";i:1428;s:15: "armywife2aerial";i:1230;s:8:"Aunt Bet";i:319;s:9:"aussiegal";i:2800;s:9:"av8r_wife";i:2388;s:9:"Avanterre";i:1904;s:10:"azar mywife";i:2554;s:9:"babiegirl";i:2651;s:9:"babycakes";i:2083;s:7:"bac2500";i:1357;s:7:"Bam aGal";i:637;s:13:"barefootpeach";i:341;s:10:"baynesbits";i:230;s:5:"Becca";i:893;s:11:"bec cawaters";i:841;s:10:"beckamarie";i:1466;s:8:"beckers3";i:6;s:8:"BeckySue";i:954;s:3:"bee" ;i:2357;s:7:"bev1674";i:2028;s:9:"BigMama08";i:1633;s:9:"bingoklee";i:2419;s:9:"Blankmama" ;i:243;s:7:"Blessed";i:1290;s:9:"Blue eyes";i:377;s:10:"BLUE JEANS";i:1116;s:9:"Bobbie Jo";i:1908;s:7:"BonBon1";i:2439;s:7:"bonfire";i:525;s:5:"BOOTS";i:67;s:9:"BreeChick";i:539 ;s:4:"bren";i:2230;s:12:"bryghteyes25";i:428;s:11:"bttrflyjudy";i:466;s:9:"Buckwheat";i:11 63;s:11:"butterfly73";i:334;s:6:"cabbie";i:1775;s:6:"cag524";i:1344;s:6:"camick";i:161;s:1 3:"canadianblues";i:1347;s:10:"CandyBrown";i:1477;s:6:"carylk";i:80;s:10:"Catapillar";i:27 89;s:6:"CeeCee";i:1647;s:7:"celadon";i:2616;s:11:"chabela0731";i:820;s:10:"cherish_mj";i:1 309;s:6:"Cherri";i:2224;s:10:"chicagogal";i:1402;s:6:"Chilly";i:755;s:8:"chrissyb";i:897;s :9:"christina";i:2874;s:14:"christinakroll";i:2570;s:11:"Christy0283";i:22;s:11:"christybl ue";i:1161;s:11:"chubby-Doll";i:249;s:10:"ChuppyGirl";i:1232;s:6:"cindyh";i:748;s:8:"cindylee";i:1543;s:11:"cindyl ouwho";i:517;s:5:"Ciren";i:1528;s:6:"ckrieg";i:901;s:6:"claire";i:2130;s:15:"claire-in-texas";i:2013;s:15:"clancythecamper";i:760;s:8:"cleofoxy";i:1587;s:7:"Cockney";i:504;s:8:" colosn0w";i:2190;s:17:"concernedwife2007";i:1539;s:7:"Coolata";i:2418;s:7:"Corrine";i:1165 ;s:9:"court1980";i:1380;s:12:"Court2-12-06";i:2323;s:9:"courtneey";i:714;s:8:"CraftHer";i:2;s:6:"CraigT";i:346;s:8:"CURIOUS1";i:22 2;s:10:"cynthia c.";i:1901;s:20:"daughter of the king";
                          Michael Brandon
                          Search Engine Optimize vBulletin-url rewrites,keyword selection,Google sitemap,SEOer to SEO sites
                          My SEO company - SearchMasters

                          Comment


                          • #28
                            Originally posted by tpearl5 View Post
                            I'm running PL2 and just got hit with this junk.

                            The guy was actually using someone e-mail and account. The real person that owns the account tipped me off and seemed quite familiar to what is going on. I'm very curious as to how he is doing this.

                            I recommend you all send complaint letters to his host and internet provider. They are as follows:
                            '[email protected]'; '[email protected]'

                            His IP is 78.96.82.26.
                            Erin Pavlina hit us this morning also - sent thousands of PMs in the space of an hour or so. The account was awaiting activation too.

                            I also got a dodgy looking email (to our support address) from someone claiming to be her husband Steve. Not sure why this email was sent though.

                            Comment


                            • #29
                              This is the email warning me of the spammer:
                              This is a heads up that you have a PM-spammer on your forums. For several
                              weeks someone has been signing up for dozens of different forums using other
                              people's email addresses, including mine and my wife's. I never signed up
                              for this account on your forums, so I'm not going to click the verification
                              link.

                              But even with an unverified account, you can still get spammed. This works
                              because many forums allow PM'ing for unverified accounts (the default for
                              VBulletin), so the bot will send the same PM to your members if you let it.
                              If you have PM'ing enabled for unverified accounts, he's probably
                              PM-spamming your members about his ebook right now.

                              Here's the PM the spammer tries to send (there are variations):

                              > Sorry for PMing out of the
                              > blue. Here's the thing.
                              >
                              > I wrote a book with a friend of mine. My husband keeps saying it sucks.
                              > I think he's just jealous tho.
                              >
                              > He spends a lot of time on these boards, so I told him I'm going to
                              > pick a random person here, and ask them, and we ended up betting on it.
                              >
                              > So go to http://books.zenofeller.com/asylum/asylum_chapter1_b.html and
                              > make the call. Does it suck?
                              >
                              > Thanks.

                              On the forums I administrate, he used the IP address 78.96.82.26, so you may
                              want to do a search on that via your control panel to make sure you don't
                              have other accounts that got through. I've already banned that IP on my
                              forums.

                              I also added the URL zenofeller.com to my forum's Censored Word List, so at
                              least if he tries to spam his book links again, the link won't work.

                              For more info on this spammer, see this thread on the VBulletin forums:
                              http://www.vbulletin.com/forum/showthread.php?t=238857

                              Good luck!


                              - Steve

                              Comment


                              • #30
                                Originally posted by t2dman View Post
                                Erin Pavlina sent the following pm to over 400 people on a clients forum:



                                When I look in the database, I see that the touserarray has bcc of over 400 people in it.

                                Yet when I try and personally send a private message to so many, it limits me to the max 5 that has been setup.

                                The person had an unconfirmed email address and was still able to send to many. I have now changed the messages for that user group to not be able to send PM's.

                                But the question still remains, how could they get around the system that limits the number of pms able to be sent at one time????

                                The following is the first part of the touserarray field:
                                Scary!

                                I would have to suspect it either accepts wildcards, or it's something to do with the auto-complete function.. but then again, I am quite often wrong.
                                My Live vB5 Site - NZEating.com
                                vBulletin Hosting | vBulletin Services - Need hosting for your vB? Need it installed? Something else? Let me take that hassle off your hands.

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X