Announcement

Collapse
No announcement yet.

How is someone sending PM's to my members?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Steve Machol
    replied
    Originally posted by SuperJETT View Post
    On my board, new users are not allowed to pm until they have 5 posts. The 'user' that sent the pm's had zero posts, but was able to send out 176 pm's in short order, bypassing the requirement for 5 posts somehow.
    That is not possible with the default vB code if the permissions are set correctly.

    Please see this thread on how to make your vBulletin more secure:

    http://www.vbulletin.com/go/secure

    If you are still being hacked after doing all of this, then they are most likely doing this by accessing your server. You need to contact your host about this.

    Leave a comment:


  • SuperJETT
    replied
    Originally posted by Steve Machol View Post
    What official response are you expecting? People spam. It happens.
    On my board, new users are not allowed to pm until they have 5 posts. The 'user' that sent the pm's had zero posts, but was able to send out 176 pm's in short order, bypassing the requirement for 5 posts somehow.

    I feel like it's an exploit by a script, not a person that signed up because the timestamps on the pm's were too consistent and because of my controls/limits that prevent normal people from doing this. I've had many users say that the 5 post minimum is silly, so I know that works for normal users.

    I made a few more changes to prevent this, we'll see what happens.

    An idea I've thought of would be to expand on the time limit between pm's, so it's an incremental number, say 10 seconds, then 15 for the next, then 20 for the next, etc etc. After say 10 minutes with no pm, the limit resets to normal. Trying to send 176 pm's would at that point require ~15 minutes between pm's, and I doubt a spammer is going to wait that long, however for a normal person, that extra time wouldn't be a factor and would reset fairly quickly.

    Leave a comment:


  • toejam
    replied
    I had this same problem with pm spamming. I think the default setting was that users waiting for email confirmation were allowed to pm and email members.

    I created a newbie usergroup until 3 posts are made. I turned the PMs and email members off until they make x posts.

    It gives me some protection and piece of mind knowing they have to post and moderators can see if the posts are legit.

    Leave a comment:


  • Steve Machol
    replied
    What official response are you expecting? People spam. It happens.

    Leave a comment:


  • Jorrit787
    replied
    I'm just amazed by the continuing lack of an official response to this.

    Leave a comment:


  • SuperJETT
    replied
    Got hit by the buddhism one. 176 pm's before an admin deleted the account.

    However, I have a setting where you have to have 5 posts to be able to pm, so it's obviously an exploit.

    vbulletin team, this needs digging into.

    One other note, the script apparently doesn't fill in the numbers in a username for the subject. Anyone that has a username with a number such as test123test will have the subject with that name minus the numbers, ex. Re: testtest

    Leave a comment:


  • gopherhockey
    replied
    Just got hit by Buddha last night... did something in 3.7 make it easier for them to do or is that just coincidence. What do people do to stop this... the person did register.

    I ran a "delete users sent PMs" before removing the user, but I am still getting reports from people... it appears to not have completely flushed out their sent PMs or something. Any other way to rip out this PM?

    Leave a comment:


  • nova4708
    replied
    Yep, I've gotten hit by Lollergirl twice. Looks like some kind of script. I've also gotten the 'my book sucks please read it' one and the buddhist one three times.

    I've made it so unverified users can no longer send PMs, but I'm not sure that's going to stop anything.

    The worst thing about it is the lollergirl one is porn, and a lot of my users are under 18. Not very family friendly, and hurts my reputation as a forum owner.

    Leave a comment:


  • tpearl5
    replied
    Something is wrong.

    I got hit today with porn spam to members pm boxes! The user is 'lollergirl' does not have a valid e-mail address, in fact it used my domain. When viewing pm stats on this user it says 1. The IP looks like a proxy and resolves to Romania

    Leave a comment:


  • oz_moses
    replied
    got me too.

    Is there a way to allow a maximum of 5 messages to be sent for any user with under 5 posts? This way new users can still contact me if they have difficulty with the site, however spammers will be stopped at 5..

    Leave a comment:


  • Silver_2000
    replied
    I also got hit

    I still think its a script - seems that large forums are reporting that 400 messages are being sent - same in our case 4x0 messages


    If a member was manually sending PMs they would be awfully busy and consistent to send spam to 400 members of all these various forums...
    if the permissions are working the max at a time they could send is 5

    Maybe Im wrong but I doubt that its likley that these tens of thousands of personalized Pms are being manually typed by someone..
    Last edited by Silver_2000; Mon 11 Feb '08, 3:01pm.

    Leave a comment:


  • TruckZMod
    replied
    Jeannette got me too...

    It would be interesting to see what's been exploited. I believe this one was tapping into the Calendar, peeking into events well into 2011 on the site.

    Leave a comment:


  • Freezerator
    replied
    I got him to, i already had max stored pm's to 0 on the users awaiting e-mail confirmation?

    Leave a comment:


  • flynnibus
    replied
    Originally posted by Wayne Luke View Post
    Just because it is spam doesn't mean it is being done by a bot or automatically. There is no way to prevent humans from registering at your site except to take it down. That probably isn't an acceptable solution.
    No - but its clear when you have such a repeatable pattern and high speed that the stuff is being done by software. If the registration is done automatically or not is only one piece of this.

    Originally posted by Steve Machol View Post
    Not sure I follow this but PMs are turned off by default for unverified accounts. What is your exact question or problem?
    No they are not - at least - its not effective.

    The defaults are

    Maximum Stored Messages:If you set this to 0 users from this usergroup will not be able to use private messaging.

    That is set to 50

    Maximum Recipients to Send PMs at a timeo not set this too high for performance reasons (set to 0 to disable)

    This setting is set to 0

    Yet - a user is still able to send PMs. Its my understanding from the description that the second setting should disable sending PMs - but it does not - at least in 3.6.8

    Originally posted by Kerry-Anne View Post
    Check your permissions on the Users Awaiting Email Confirmation usergroup and set the max stored PMs to 0 to prevent them from sending PMs.
    Yes, but that also would prevent users from receiving them would it not? Shouldn't the second setting prevent sending?

    ... and yes, we saw the Jenette varient of this spammer today.

    Leave a comment:


  • justlost
    replied
    Originally posted by Kerry-Anne View Post
    Check your permissions on the Users Awaiting Email Confirmation usergroup and set the max stored PMs to 0 to prevent them from sending PMs.
    Thank you! Mine was set to 50 but is now zero.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X