Announcement

Collapse
No announcement yet.

Warning: Silent Spamming of vBulletins

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Floris
    replied
    I believe it "recognizes" the <input type="blah" value="blah2" /> type of tags and abuses that to spam web sites, etc.

    Leave a comment:


  • Steve Machol
    replied
    No, that's not the same thing. This is a virus/trojan that affects home PCs.

    Leave a comment:


  • jamesfrost
    replied
    I'm not sure which virus or trojan is doing this. I do remember reading something abut this sevral weeks ago when it first started happening.
    is this it?

    http://www.securityfocus.com/archive...8/2004-02-14/0

    Leave a comment:


  • Steve Machol
    replied
    I'm not sure which virus or trojan is doing this. I do remember reading something abut this sevral weeks ago when it first started happening.

    Leave a comment:


  • jamesfrost
    replied
    Steve

    thanks for the (incredibly! ) quick reply. Any idea what the virus is, so I can warn users about it?

    James Frost

    Leave a comment:


  • Steve Machol
    replied
    This appears to be from a virus on the affected computers that adds this when they register.

    Leave a comment:


  • jamesfrost
    replied
    We have had a few members recently who have had their homepage set to a porn site without them doing this themselves(and I believe them on this, as they have been members for a while). Don't know if it is a security hole in VB or a weak password issue. Anyone else seen something like this?

    Leave a comment:


  • ShiningArcanine
    replied
    Originally posted by I, Brian
    Hi there -

    I wanted to post this on the "Hints and Tips" board, but I don't appear to have permission to start a new thread there.

    So I'll post it here, so that the vBulletin staff can decide as to whether it is suitable or not...

    Anyway - the sad fact is that a lot of forums are being spammed without the forum administrators even being aware that problem exists.

    I call it Silent Spamming and wrote a specific article on it here, detailing what is going on, and giving three principle examples of where it is occurring:

    http://www.britecorp.co.uk/articles/...t-spamming.php

    The most relevant part is where I refer to the Silent Spamming of forums:

    http://www.britecorp.co.uk/articles/...m-spamming.php

    This is a very real problem - and, not only that, seems particularly an issue with indexed vBulletin's (note that phpbb's use a drop down box to sort memberlists out alphabetically).

    Anyway, once you've referenced the articles above - notably the second link - then please check out a live example of Silent Spamming on Forum Forum (once a vBulletin of the Month last year):

    http://www.forum-forum.com/forum/memberlist.php?s

    Almost every member on that first page of the Memberlist page is a Silent Spammer, manipulating the vBulletin memberlist to promote porn sites - all without Admin knowledge. And, yes - I have just sent Mal a warning e-mail now that I've found it on his board.

    Anyway, if anyone wants to block Silent Spammers from abusing the Memberlist, either turn it off manually in the settings (at least in vBulletin 3) - or else implemented a robots.txt file, such as this very simple example:

    Code:
    User-agent: *
    Disallow: /forum/memberlist.php
    I sincerely hope that helps some people.

    What's really sad is that all this Silent Spamming of the Memberlist is done supposedly for Search Engine Optimisation purposes - yet is extremely inefficient and ultimately serves little advantage in SEO terms.
    I have had this in robots.txt for a long time and disabled viewing of personal profiles a while before even having a robots.txt file so this doesn't affect me. ^_^

    Leave a comment:


  • I, Brian
    replied
    Btw - just for the record - if anyone wishes to link to or copy the original article to warn other forum admins about this issue, then you are welcome to so long as your credit the source (as per copyright notice).
    Last edited by I, Brian; Tue 10 Feb '04, 2:24pm.

    Leave a comment:


  • Freddie Bingham
    replied
    I created the promotions to solve this very type of issue but, in this case, I want something simpler to get rid of these parasites.

    Leave a comment:


  • tamarian
    replied
    Originally posted by Freddie
    The redirect idea can be debated for a future version but right now I am going to add an option to require a minimum of X posts before a user appears on the memberlist.
    This is already doable through the admin panel. Set a new member group, that does not get listed in the members list. Set a promotion to upgrade them to regular member after x posts.

    Leave a comment:


  • Freddie Bingham
    replied
    Originally posted by I, Brian
    A redirect script would be unacceptable to many admins and members.

    Such a script can be implemented by admins themselves if they really really want to - but, really, shutting off the memberlist from silent spamming is pretty easy and painless anyway.

    I'm curious - does the vBulletin staff see any value in this thread for the "Hints and Tips" board? That was the original intention. I'm not a technical person so what I can contribute to the larger vBulletin community is extremely limited - hopefully there's something of interest and use here, though.
    Yes, I'm glad you brought this topic up. All one has to do is view our memberlist to see that it is a problem.

    The redirect idea can be debated for a future version but right now I am going to add an option to require a minimum of X posts before a user appears on the memberlist.

    Leave a comment:


  • I, Brian
    replied
    Originally posted by buro9

    I doubt the silent spammers care less whether the users of your forum follow the links... it's probably more to foil Google and raise the pagerank rating of their sites as a wide number of 'trusted' sites would appear to link to their URL's.
    You are absolutely right - that's why they're doing it - but it's an extremely clumsy way to SEO.

    People like me value our sig links - even on our own forums - but a redirect on the member ID would hardly be painful.

    Leave a comment:


  • buro9
    replied
    A redirect would be lovely actually... I wouldn't have it take a URL though, but the users ID.

    /forum/redirect.php?s=&userId=3

    Then the URL for the userId can be checked serverside for existence, a hit logged against the user (so you could see the most popular links later in a report, and thus flag up anything weird that way too) and because it's run through your own code... you could easily have it so that only logged in users got redirected.

    I doubt the silent spammers care less whether the users of your forum follow the links... it's probably more to foil Google and raise the pagerank rating of their sites as a wide number of 'trusted' sites would appear to link to their URL's. A redirect would absolutely foil that.

    Secondly... the redirect could protect the users even more... if the links were not presented in http:// format, but the protocol stripped out and the URL exploded... it would prevent spiders crawling through via vbulletin and harvesting any e-mail addresses for spam... whilst keep them useable and the URL visible (so no-one links to goatse.cx without you knowing!).

    A redirect seems a grand idea IMO.

    Leave a comment:


  • I, Brian
    replied
    Originally posted by okrogius
    Actually, what would be the best solution IMHO is to offer an outgoing redirect script. Whether for profile urls, or for URL's in posts, would be parsed to something like http://www.example.com/out.php?uri=tada (which would then redirect to tada), possibly with script setup to not redirect any known search engine spiders. That would stop much spam in this sense, and also offer an easy way for someont to track their outgoing links.
    A redirect script would be unacceptable to many admins and members.

    Such a script can be implemented by admins themselves if they really really want to - but, really, shutting off the memberlist from silent spamming is pretty easy and painless anyway.

    I'm curious - does the vBulletin staff see any value in this thread for the "Hints and Tips" board? That was the original intention. I'm not a technical person so what I can contribute to the larger vBulletin community is extremely limited - hopefully there's something of interest and use here, though.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X