The forum of the forums
Welcome to the Official Support Forum of Forumotion!

To take full advantage of everything offered by our forum, please log in if you are already a member, or join our community if you've not yet.



Create a free forum like this one.

Major security problem

View previous topic View next topic Go down

Solved Major security problem

Post by melodiccolor on May 14th 2013, 10:25 pm

While I was offline last night, 3 very nasty threads were started by a spambot that registered. They hid the links so that one of our members got hit by trojens just by opening the thread. She reported it and one of our admins moved the threads to a place only accessable by admins. His computer too was subsequently infected by the trojens in doing so. The member found that even clicking on post history triggered the trojens.

I would like to delete them completely but I can't without opening them and risking my computer. What can I do to remove them without opening them? I would like a way to do this with future threads of this nature to be on the safe side. I can't even post the link here because that would mean opening the thread too.

I just tried deleting the spambot user to see if that would delete the threads, but it just changed the user to "guest".


Last edited by melodiccolor on May 14th 2013, 10:46 pm; edited 1 time in total

melodiccolor
Forumember

Posts : 273
Reputation : 1
Language : english

http://The HSP Dimension http://funhsps.niceboard.org/

Back to top Go down

Solved Re: Major security problem

Post by Derri on May 14th 2013, 10:45 pm

If you go to the place where you've stored the threads, scroll down and you'll see a link saying "moderate this forum", click on that and select the threads using the tick box, then hit delete.

You won't even have to open the thread to do this.


Forum Rules: :Forumotion Staff: :Appeal A Warning: :FAQ: :Tips & Tricks: :Forgotten Password/Login Issues
You need one post to send a PM
When your topic has been solved, ensure you mark the topic solved
Never post your email in public


Derri
Administrator
Administrator

Male Posts : 8386
Reputation : 577
Language : English & Basic French
Location : Scotland, United Kingdom

Back to top Go down

Solved Re: Major security problem

Post by SLGray on May 14th 2013, 10:57 pm

Is this solved?


When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.


SLGray
Administrator
Administrator

Male Posts : 36735
Reputation : 2447
Language : English
Location : United States

http://ztwds.forumotion.com/

Back to top Go down

Solved Re: Major security problem

Post by PokeMRX on May 14th 2013, 11:00 pm

I had the same problem. However, the thread and the spambot are both deleted now. Is there any way to protect against this kind of attack in the future? I mean it seems very weird to me to just get attacked for opening a spam thread without clicking any external links. I have the malicious URL saved in my browser history / anti-virus blacklist. If you can block the URL from all Forummotion forums I could send you the malicious URL via PM.


Last edited by PokeMRX on May 14th 2013, 11:05 pm; edited 1 time in total

PokeMRX
New Member

Male Posts : 18
Reputation : 1
Language : English

Back to top Go down

Solved Re: Major security problem

Post by melodiccolor on May 14th 2013, 11:04 pm

@PokeMRX wrote:I had the same problem. However, the thread and the spambot is deleted now. Is there any way to protect against this kind of attack in the future? I mean it seems very weird to me to just get attacked for opening a spam thread without clicking any external links. I have the malicious URL saved in my browser history / anti-virus blacklist. If you can block the URL from all Forummotion forums I could send you the malicious URL via PM.

Yes, it worked, but I would like an answer to this question too. Thanks for asking PokeMRX.

melodiccolor
Forumember

Posts : 273
Reputation : 1
Language : english

http://The HSP Dimension http://funhsps.niceboard.org/

Back to top Go down

Solved Re: Major security problem

Post by Derri on May 14th 2013, 11:08 pm

Usually spam bots have weird titles for threads or usernames consisting of letters or numbers.

Usually spam threads are harmless and won't give you any kind of viruses. Also check spambots profiles as they always sign up with weird names.

You can check some of the spambot defenses in your ACP-->General-->Security.


Forum Rules: :Forumotion Staff: :Appeal A Warning: :FAQ: :Tips & Tricks: :Forgotten Password/Login Issues
You need one post to send a PM
When your topic has been solved, ensure you mark the topic solved
Never post your email in public


Derri
Administrator
Administrator

Male Posts : 8386
Reputation : 577
Language : English & Basic French
Location : Scotland, United Kingdom

Back to top Go down

Solved Re: Major security problem

Post by PokeMRX on May 14th 2013, 11:11 pm

@melodiccolor wrote:
@PokeMRX wrote:I had the same problem. However, the thread and the spambot is deleted now. Is there any way to protect against this kind of attack in the future? I mean it seems very weird to me to just get attacked for opening a spam thread without clicking any external links. I have the malicious URL saved in my browser history / anti-virus blacklist. If you can block the URL from all Forummotion forums I could send you the malicious URL via PM.

Yes, it worked, but I would like an answer to this question too. Thanks for asking PokeMRX.

One solution could be to IP-ban the spambot and ban the e-mail provider (if it uses a disposable e-mail service, not if it uses the standard webmail services). But, since many spambots are run via botnets, IP-bans can be a little ineffective.

Does Forummotion use captcha codes? I can't remember how it was when I signed up. Though, a good spambot could probably crack it.


Last edited by PokeMRX on May 14th 2013, 11:13 pm; edited 1 time in total

PokeMRX
New Member

Male Posts : 18
Reputation : 1
Language : English

Back to top Go down

Solved Re: Major security problem

Post by melodiccolor on May 14th 2013, 11:13 pm

Ok, went in there and found "Unauthorize members with less than a week registration to post external links and emails :" So If I enable this, would there be a way to authorize legitimate new members to send pm's and links?

melodiccolor
Forumember

Posts : 273
Reputation : 1
Language : english

http://The HSP Dimension http://funhsps.niceboard.org/

Back to top Go down

Solved Re: Major security problem

Post by SLGray on May 14th 2013, 11:15 pm

It will effect everyone new member for a week period. There is no way to remove a new member from it.


When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.


SLGray
Administrator
Administrator

Male Posts : 36735
Reputation : 2447
Language : English
Location : United States

http://ztwds.forumotion.com/

Back to top Go down

Solved Re: Major security problem

Post by PokeMRX on May 14th 2013, 11:17 pm

@melodiccolor wrote:Ok, went in there and found "Unauthorize members with less than a week registration to post external links and emails :" So If I enable this, would there be a way to authorize legitimate new members to send pm's and links?

Probably not, unless you make a manual system, like a thread where new users can request those privileges.
In my case, that option was enabled. The spambot was a tricky one though. It waited until a week had passed before even attempting to make a post.


SLGray, can Forummotion ban the malicious website that attacks via the spam threads if I provide the URL to you?

PokeMRX
New Member

Male Posts : 18
Reputation : 1
Language : English

Back to top Go down

Solved Re: Major security problem

Post by melodiccolor on May 14th 2013, 11:25 pm

@PokeMRX wrote:
@melodiccolor wrote:Ok, went in there and found "Unauthorize members with less than a week registration to post external links and emails :" So If I enable this, would there be a way to authorize legitimate new members to send pm's and links?

Probably not, unless you make a manual system, like a thread where new users can request those privileges.
In my case, that option was enabled. The spambot was a tricky one though. It waited until a week had passed before even attempting to make a post.
Yes, it did the same here. Whoever programmed those know about this tactic and did a run around.

One solution could be to IP-ban the spambot and ban the e-mail provider (if it uses a disposable e-mail service, not if it uses the standard webmail services). But, since many spambots are run via botnets, IP-bans can be a little ineffective.

Does Forummotion use captcha codes? I can't remember how it was when I signed up. Though, a good spambot could probably crack it.
They do use captcha too. A new member with a very funny thread mimicing spam triggered it and that is how we found out about it. I also thought of starting a thread where new members could ask for help once I enabled the feature.

Thanks SLGray. I guess the topic is solved.

melodiccolor
Forumember

Posts : 273
Reputation : 1
Language : english

http://The HSP Dimension http://funhsps.niceboard.org/

Back to top Go down

Solved Re: Major security problem

Post by SLGray on May 14th 2013, 11:27 pm

Topic Solved & Locked


When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.


SLGray
Administrator
Administrator

Male Posts : 36735
Reputation : 2447
Language : English
Location : United States

http://ztwds.forumotion.com/

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum