1. What does SSTB mean? See our glossary of acronyms.
    Dismiss Notice

Spambots posting in threads

Discussion in 'Community Discussion' started by tepictoton, Apr 28, 2018.

  1. tepictoton

    tepictoton Well-Known Member

    Messages:
    1,475
    Location:
    a funny place called earth
    So,

    It seems the forum is experiencing a lot of 'chinese threads'

    Anybody knows what is going on?

    I will tag a mod here just to make sure it is noticed.

    So @pakalolo any idea
     
  2. pakalolo

    pakalolo RoboMod v4.0a (unstable) Staff Member

    Messages:
    8,826
    Location:
    Other side of your screen
    Sure, we've been under attack by spammers for several weeks. For every one that successfully posts, I've deleted at least two that didn't complete registration. I think that a spambot starts an account but there has to be a human to confirm the process. They attack in the middle of the night my time (Eastern) so the threads stay up for a few hours. They are using VPNs that are also widely used by real members, so we can't just block their providers. Even if that would work, @vtac would have to do it and he's not available.

    Moving this to Community Discussion where it belongs.
     
  3. GreenHopper

    GreenHopper 20 going on 60

    Messages:
    1,683
    @pakalolo

    I don't know if this is helpful or not but thought I'd pass on the intel.

    Below is a Xenforo community forum thread that's quite old but I think relevant to this forums platform.

    I'm assuming as mods you'll likely have access to the 'Options > Spam Management' features.

    Block spam COMPLETELY with no addons

    Might be worth a look.

    Sorry if the info is out of data or irrelevant to the issue at hand.
     
    Vape Donkey 650 likes this.
  4. tepictoton

    tepictoton Well-Known Member

    Messages:
    1,475
    Location:
    a funny place called earth
    Thanks for reply. Hope a way is found to stop this, first and foremost so the mods can spend their time moderating and not just deleting these fake accounts.

    Guess it is not said enough, so I will just say thx moderators for keeping this place 'clean'
     
    looney2nz, boon and Vape Donkey 650 like this.
  5. Hackerman

    Hackerman The Fool

    Messages:
    324
    Location:
    Moronica
    Yeah, that happens with boards. LOL

    Most boards I visit are terribly under protected. We are using version 1.5.13 here and it has more than a couple exploits. A user with some hacking knowledge could easily escalate his privs to admin and look around the private forum and the mod forum to see what's going on. Then, return his privs to user and no one would know ;)

    I'm sure the mods will clean it up.
     
  6. pakalolo

    pakalolo RoboMod v4.0a (unstable) Staff Member

    Messages:
    8,826
    Location:
    Other side of your screen
    Thanks for the tip, but only @vtac has the powers needed to change those options.

    @tepictoton, your gratitude is appreciated. Today was excessive.
     
    RUDE BOY and GreenHopper like this.
  7. biohacker

    biohacker fully melted

    Messages:
    6,679
    Is @vtac MIA again? Looks like he was around only a few months ago in some capacity.
     
    Vapor_Eyes and GreenHopper like this.
  8. GreenHopper

    GreenHopper 20 going on 60

    Messages:
    1,683
    Ah OK, might be difficult to address without access to those settings. Maybe @vtac would be willing to grant you guys the access you need.
     
    biohacker likes this.
  9. Hackerman

    Hackerman The Fool

    Messages:
    324
    Location:
    Moronica
    !! No active administrator??? Really? That's not great. LOL

    I was doing a little reading and this forum appears to be terribly out of date. If one of the mods want me to, I could probably escalate your privs to admin so you can clean this up.

    Still, the forum needs upgraded to version 2.x. This version is still supported but I am reading more and more about weaknesses and exploits in this version.

    And, https should be considered anyway. In case you haven't noticed, most forums have gone that way already.

    Just keep hoping that no one here pisses off a decent hacker and they decide to shut the entire site down. I'll bet I could do it in less than 24 hours and I don't do much hacking any more. Someone with current knowledge of this program could probably do some serious damage... as well as stealing all the user data and passwords from the database.

    (just a quick note on that topic to all users. Please do not use the same username and password from site to site. It is really bad practice. If an unprotected site gets hacked and your username and password are compromised, a good hacker will try those same un/pw combinations on ebay, paypal, and wherever they can get to your financial account info. If you are using the same un/pw combination at unprotected and weak sites as you are on paypal and your banking and credit card sites like Capital One, I suggest you change it.... today. LOL Just a word of caution from an old retired hacker... LOL)

    Good luck.
     
    Last edited: Apr 28, 2018
    looney2nz, Whisper, Helios and 7 others like this.
  10. Likes2vape

    Likes2vape Well-Known Member

    Messages:
    1,297
    Location:
    On top of a Magic Mountain
    i have been noticing a ton of spam on here lately. What’s up with all of it? I thought you had to be verified before becoming a member. I hope it stops soon really messes up the new post section.
     
  11. gunmetalshark

    gunmetalshark Well-Known Member

    Messages:
    151
    Seems like a DHGate Vendor isnt too happy how he got rated on here :D :D :D :D
     
    Fat Freddy, Squiby and Kozzmozz like this.
  12. Hackerman

    Hackerman The Fool

    Messages:
    324
    Location:
    Moronica
    This forum is so weak and full of exploits. I have tried to warn several mods about it but ......

    These are just bots. If you all knew what I could do to this forum, you would totally freak out. And, it IS going to happen. Not IF.... WHEN.

    I don't want to scare everyone but let me give some advice.....

    Do NOT use the same username and password on weak sites like this as you use on eBay or Paypal or, heaven forbid, your banking sites. The first thing a hacker will do with your un/pw is try that combination at eBay, Paypal and Citicorp.

    Let's take a theoretical situation. Let's say a new user with vast hacker experience joins here and buys a product that you all recommend. When he gets the item it is substandard and the new user posts here about it.

    All the fan boys bash him and call him a liar. He gets pissed.....

    OK, first thing he would do is escalate his account to admin. Real easy here. Then he would reduce all mods and admins privs to USER and then delete their accounts. SO, no mods to stop him now.

    Then, just for kicks a favorite trick of mine was to make all members an admin. This was always fun as you would see the straight acting members like the guitar noodler reading everyone else's PM's LOL

    Then, the database is downloaded and decrypted. There are web sites all over that specialize in storing hackers data for them so other hackers can share. Jorge's site's database is dumped and loaded there. I posted about that some time ago. This is why you see one bot got through and then he told the other bots so more came along within 20 minutes to an hour. If it's not stopped there will be more bots than members in a few days.

    So, now all your personal data, all you private messages, all your posts info and data are out there for anyone to use.

    I don't mean to be a scare monger but these things are all happening every day to sites everywhere. I used to do them just for kicks. There are still plenty of people out there doing this. Fact is, when you all pissed me off, you were only about 2 keystrokes from all this happening.

    Just a word to the wise....

    DO NOT use similar passwords at secure sites

    DO NOT put personal information in Private Messages

    DO NOT think you are secure on the internet. YOU'RE NOT.

    Use common sense and remember what the internet is each time you use it. It can be a wonderful thing but it can also be a major nightmare. Just think if this forum were compromised and the database destroyed. Think of all the information that would be lost.

    When was the last time the database for this forum was backed up?

    Feel free to ask questions. I'll help in any way I can.
     
    Last edited: May 7, 2018
  13. TeeJay1952

    TeeJay1952 Well-Known Member

    Messages:
    1,823
    Click to play YouTube Video
     
    RUDE BOY likes this.

Support FC, visit our trusted friends and sponsors