Spambots posting in threads
- Thread starter tepictoton
- Start date
Sure, we've been under attack by spammers for several weeks. For every one that successfully posts, I've deleted at least two that didn't complete registration. I think that a spambot starts an account but there has to be a human to confirm the process. They attack in the middle of the night my time (Eastern) so the threads stay up for a few hours. They are using VPNs that are also widely used by real members, so we can't just block their providers. Even if that would work, @vtac would have to do it and he's not available.
Moving this to Community Discussion where it belongs.
Moving this to Community Discussion where it belongs.
GreenHopper
20 going on 60
@pakalolo
I don't know if this is helpful or not but thought I'd pass on the intel.
Below is a Xenforo community forum thread that's quite old but I think relevant to this forums platform.
I'm assuming as mods you'll likely have access to the 'Options > Spam Management' features.
Block spam COMPLETELY with no addons
Might be worth a look.
Sorry if the info is out of data or irrelevant to the issue at hand.
I don't know if this is helpful or not but thought I'd pass on the intel.
Below is a Xenforo community forum thread that's quite old but I think relevant to this forums platform.
I'm assuming as mods you'll likely have access to the 'Options > Spam Management' features.
Block spam COMPLETELY with no addons
Might be worth a look.
Sorry if the info is out of data or irrelevant to the issue at hand.
tepictoton
Well-Known Member
Thanks for reply. Hope a way is found to stop this, first and foremost so the mods can spend their time moderating and not just deleting these fake accounts.
Guess it is not said enough, so I will just say thx moderators for keeping this place 'clean'
Guess it is not said enough, so I will just say thx moderators for keeping this place 'clean'
Hackerman
User
Yeah, that happens with boards. LOL
Most boards I visit are terribly under protected. We are using version 1.5.13 here and it has more than a couple exploits. A user with some hacking knowledge could easily escalate his privs to admin and look around the private forum and the mod forum to see what's going on. Then, return his privs to user and no one would know
I'm sure the mods will clean it up.
Most boards I visit are terribly under protected. We are using version 1.5.13 here and it has more than a couple exploits. A user with some hacking knowledge could easily escalate his privs to admin and look around the private forum and the mod forum to see what's going on. Then, return his privs to user and no one would know
I'm sure the mods will clean it up.
Thanks for the tip, but only @vtac has the powers needed to change those options.
@tepictoton, your gratitude is appreciated. Today was excessive.
GreenHopper
20 going on 60
Ah OK, might be difficult to address without access to those settings. Maybe @vtac would be willing to grant you guys the access you need.
Hackerman
User
!! No active administrator??? Really? That's not great. LOL
I was doing a little reading and this forum appears to be terribly out of date. If one of the mods want me to, I could probably escalate your privs to admin so you can clean this up.
Still, the forum needs upgraded to version 2.x. This version is still supported but I am reading more and more about weaknesses and exploits in this version.
And, https should be considered anyway. In case you haven't noticed, most forums have gone that way already.
Just keep hoping that no one here pisses off a decent hacker and they decide to shut the entire site down. I'll bet I could do it in less than 24 hours and I don't do much hacking any more. Someone with current knowledge of this program could probably do some serious damage... as well as stealing all the user data and passwords from the database.
(just a quick note on that topic to all users. Please do not use the same username and password from site to site. It is really bad practice. If an unprotected site gets hacked and your username and password are compromised, a good hacker will try those same un/pw combinations on ebay, paypal, and wherever they can get to your financial account info. If you are using the same un/pw combination at unprotected and weak sites as you are on paypal and your banking and credit card sites like Capital One, I suggest you change it.... today. LOL Just a word of caution from an old retired hacker... LOL)
Good luck.
I was doing a little reading and this forum appears to be terribly out of date. If one of the mods want me to, I could probably escalate your privs to admin so you can clean this up.
Still, the forum needs upgraded to version 2.x. This version is still supported but I am reading more and more about weaknesses and exploits in this version.
And, https should be considered anyway. In case you haven't noticed, most forums have gone that way already.
Just keep hoping that no one here pisses off a decent hacker and they decide to shut the entire site down. I'll bet I could do it in less than 24 hours and I don't do much hacking any more. Someone with current knowledge of this program could probably do some serious damage... as well as stealing all the user data and passwords from the database.
(just a quick note on that topic to all users. Please do not use the same username and password from site to site. It is really bad practice. If an unprotected site gets hacked and your username and password are compromised, a good hacker will try those same un/pw combinations on ebay, paypal, and wherever they can get to your financial account info. If you are using the same un/pw combination at unprotected and weak sites as you are on paypal and your banking and credit card sites like Capital One, I suggest you change it.... today. LOL Just a word of caution from an old retired hacker... LOL)
Good luck.
Last edited:
Likes2vape
Well-Known Member
i have been noticing a ton of spam on here lately. What’s up with all of it? I thought you had to be verified before becoming a member. I hope it stops soon really messes up the new post section.
gunmetalshark
Glass Addict
Seems like a DHGate Vendor isnt too happy how he got rated on here 
Hackerman
User
This forum is so weak and full of exploits. I have tried to warn several mods about it but ......
These are just bots. If you all knew what I could do to this forum, you would totally freak out. And, it IS going to happen. Not IF.... WHEN.
I don't want to scare everyone but let me give some advice.....
Do NOT use the same username and password on weak sites like this as you use on eBay or Paypal or, heaven forbid, your banking sites. The first thing a hacker will do with your un/pw is try that combination at eBay, Paypal and Citicorp.
Let's take a theoretical situation. Let's say a new user with vast hacker experience joins here and buys a product that you all recommend. When he gets the item it is substandard and the new user posts here about it.
All the fan boys bash him and call him a liar. He gets pissed.....
OK, first thing he would do is escalate his account to admin. Real easy here. Then he would reduce all mods and admins privs to USER and then delete their accounts. SO, no mods to stop him now.
Then, just for kicks a favorite trick of mine was to make all members an admin. This was always fun as you would see the straight acting members like the guitar noodler reading everyone else's PM's LOL
Then, the database is downloaded and decrypted. There are web sites all over that specialize in storing hackers data for them so other hackers can share. Jorge's site's database is dumped and loaded there. I posted about that some time ago. This is why you see one bot got through and then he told the other bots so more came along within 20 minutes to an hour. If it's not stopped there will be more bots than members in a few days.
So, now all your personal data, all you private messages, all your posts info and data are out there for anyone to use.
I don't mean to be a scare monger but these things are all happening every day to sites everywhere. I used to do them just for kicks. There are still plenty of people out there doing this. Fact is, when you all pissed me off, you were only about 2 keystrokes from all this happening.
Just a word to the wise....
DO NOT use similar passwords at secure sites
DO NOT put personal information in Private Messages
DO NOT think you are secure on the internet. YOU'RE NOT.
Use common sense and remember what the internet is each time you use it. It can be a wonderful thing but it can also be a major nightmare. Just think if this forum were compromised and the database destroyed. Think of all the information that would be lost.
When was the last time the database for this forum was backed up?
Feel free to ask questions. I'll help in any way I can.
These are just bots. If you all knew what I could do to this forum, you would totally freak out. And, it IS going to happen. Not IF.... WHEN.
I don't want to scare everyone but let me give some advice.....
Do NOT use the same username and password on weak sites like this as you use on eBay or Paypal or, heaven forbid, your banking sites. The first thing a hacker will do with your un/pw is try that combination at eBay, Paypal and Citicorp.
Let's take a theoretical situation. Let's say a new user with vast hacker experience joins here and buys a product that you all recommend. When he gets the item it is substandard and the new user posts here about it.
All the fan boys bash him and call him a liar. He gets pissed.....
OK, first thing he would do is escalate his account to admin. Real easy here. Then he would reduce all mods and admins privs to USER and then delete their accounts. SO, no mods to stop him now.
Then, just for kicks a favorite trick of mine was to make all members an admin. This was always fun as you would see the straight acting members like the guitar noodler reading everyone else's PM's LOL
Then, the database is downloaded and decrypted. There are web sites all over that specialize in storing hackers data for them so other hackers can share. Jorge's site's database is dumped and loaded there. I posted about that some time ago. This is why you see one bot got through and then he told the other bots so more came along within 20 minutes to an hour. If it's not stopped there will be more bots than members in a few days.
So, now all your personal data, all you private messages, all your posts info and data are out there for anyone to use.
I don't mean to be a scare monger but these things are all happening every day to sites everywhere. I used to do them just for kicks. There are still plenty of people out there doing this. Fact is, when you all pissed me off, you were only about 2 keystrokes from all this happening.
Just a word to the wise....
DO NOT use similar passwords at secure sites
DO NOT put personal information in Private Messages
DO NOT think you are secure on the internet. YOU'RE NOT.
Use common sense and remember what the internet is each time you use it. It can be a wonderful thing but it can also be a major nightmare. Just think if this forum were compromised and the database destroyed. Think of all the information that would be lost.
When was the last time the database for this forum was backed up?
Feel free to ask questions. I'll help in any way I can.
Last edited:
TeeJay1952
Well-Known Member
StickyShisha2
Well-Known Member
I assume I'm doing right by reporting these Chinese spammers as soon as I see them in the morning. I do notice that they usually all get deleted within a short time after I report the new member spammer
Please continue to report them. We do examine every new registration but sometimes a spammer slips through and starts posting threads.
Hackerman
User
I always hesitate to report spam posts. If there have only been 2 or 3 views of the post, I will report it.
However, if there have been like 30 views, I hate to click the 'report' icon and report it because I feel like the mods have already received 20 reports already from the 30 viewer and me sending one more report is like spamming the mods. LMAO
Does that make sense? LOL
However, if there have been like 30 views, I hate to click the 'report' icon and report it because I feel like the mods have already received 20 reports already from the 30 viewer and me sending one more report is like spamming the mods. LMAO
Does that make sense? LOL
We'd rather have too many reports than none, so please don't hesitate to report spam. It makes no more work for us if there is one report or 100, so don't worry about that.
Thanks.
Andreaerdna
If God is the answer, then the question is wrong
Maybe restrict possiblilty to create a new thread only to users with at least 10 - 50 posts ?
I do that as well. Faster we report it, the faster the mods can remove the account.
Magic9
Plant Enthusiast
Is it possible to remove the timer for reporting spam? When someone is posting a lot of spam, I have to wait X amount of time before reporting a new one. Does it even matter? Should I just report one of the messages since I'm assuming the account gets banned. Or is reporting them all beneficial?
I didn't know there was such a timer.
Reporting one thread per spammer is enough. It doesn't matter if you report more than one, but it's not necessary. I don't know if that timer can be changed, but even if it can we won't have the ability to do it until @vtac returns.