The forum of the forums
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Major security problem

4 posters

Go down

Solved Major security problem

Post by melodiccolor May 14th 2013, 10:25 pm

While I was offline last night, 3 very nasty threads were started by a spambot that registered. They hid the links so that one of our members got hit by trojens just by opening the thread. She reported it and one of our admins moved the threads to a place only accessable by admins. His computer too was subsequently infected by the trojens in doing so. The member found that even clicking on post history triggered the trojens.

I would like to delete them completely but I can't without opening them and risking my computer. What can I do to remove them without opening them? I would like a way to do this with future threads of this nature to be on the safe side. I can't even post the link here because that would mean opening the thread too.

I just tried deleting the spambot user to see if that would delete the threads, but it just changed the user to "guest".


Last edited by melodiccolor on May 14th 2013, 10:46 pm; edited 1 time in total
avatar
melodiccolor
Forumember

Posts : 276
Reputation : 1
Language : english

http://The HSP Dimension http://funhsps.niceboard.org/

Back to top Go down

Solved Re: Major security problem

Post by Derri May 14th 2013, 10:45 pm

If you go to the place where you've stored the threads, scroll down and you'll see a link saying "moderate this forum", click on that and select the threads using the tick box, then hit delete.

You won't even have to open the thread to do this.
Derri
Derri
Helper
Helper

Male Posts : 8755
Reputation : 638
Language : English & Basic French
Location : Scotland, United Kingdom

Back to top Go down

Solved Re: Major security problem

Post by SLGray May 14th 2013, 10:57 pm

Is this solved?


Major security problem Slgray10

When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
SLGray
SLGray
Administrator
Administrator

Male Posts : 51464
Reputation : 3519
Language : English
Location : United States

https://forumsclub.com/gc/128-link-directory/

Back to top Go down

Solved Re: Major security problem

Post by PokeMRX May 14th 2013, 11:00 pm

I had the same problem. However, the thread and the spambot are both deleted now. Is there any way to protect against this kind of attack in the future? I mean it seems very weird to me to just get attacked for opening a spam thread without clicking any external links. I have the malicious URL saved in my browser history / anti-virus blacklist. If you can block the URL from all Forummotion forums I could send you the malicious URL via PM.


Last edited by PokeMRX on May 14th 2013, 11:05 pm; edited 1 time in total
avatar
PokeMRX
New Member

Male Posts : 18
Reputation : 1
Language : English

Back to top Go down

Solved Re: Major security problem

Post by melodiccolor May 14th 2013, 11:04 pm

PokeMRX wrote:I had the same problem. However, the thread and the spambot is deleted now. Is there any way to protect against this kind of attack in the future? I mean it seems very weird to me to just get attacked for opening a spam thread without clicking any external links. I have the malicious URL saved in my browser history / anti-virus blacklist. If you can block the URL from all Forummotion forums I could send you the malicious URL via PM.

Yes, it worked, but I would like an answer to this question too. Thanks for asking PokeMRX.
avatar
melodiccolor
Forumember

Posts : 276
Reputation : 1
Language : english

http://The HSP Dimension http://funhsps.niceboard.org/

Back to top Go down

Solved Re: Major security problem

Post by Derri May 14th 2013, 11:08 pm

Usually spam bots have weird titles for threads or usernames consisting of letters or numbers.

Usually spam threads are harmless and won't give you any kind of viruses. Also check spambots profiles as they always sign up with weird names.

You can check some of the spambot defenses in your ACP-->General-->Security.
Derri
Derri
Helper
Helper

Male Posts : 8755
Reputation : 638
Language : English & Basic French
Location : Scotland, United Kingdom

Back to top Go down

Solved Re: Major security problem

Post by PokeMRX May 14th 2013, 11:11 pm

melodiccolor wrote:
PokeMRX wrote:I had the same problem. However, the thread and the spambot is deleted now. Is there any way to protect against this kind of attack in the future? I mean it seems very weird to me to just get attacked for opening a spam thread without clicking any external links. I have the malicious URL saved in my browser history / anti-virus blacklist. If you can block the URL from all Forummotion forums I could send you the malicious URL via PM.

Yes, it worked, but I would like an answer to this question too. Thanks for asking PokeMRX.

One solution could be to IP-ban the spambot and ban the e-mail provider (if it uses a disposable e-mail service, not if it uses the standard webmail services). But, since many spambots are run via botnets, IP-bans can be a little ineffective.

Does Forummotion use captcha codes? I can't remember how it was when I signed up. Though, a good spambot could probably crack it.


Last edited by PokeMRX on May 14th 2013, 11:13 pm; edited 1 time in total
avatar
PokeMRX
New Member

Male Posts : 18
Reputation : 1
Language : English

Back to top Go down

Solved Re: Major security problem

Post by melodiccolor May 14th 2013, 11:13 pm

Ok, went in there and found "Unauthorize members with less than a week registration to post external links and emails :" So If I enable this, would there be a way to authorize legitimate new members to send pm's and links?
avatar
melodiccolor
Forumember

Posts : 276
Reputation : 1
Language : english

http://The HSP Dimension http://funhsps.niceboard.org/

Back to top Go down

Solved Re: Major security problem

Post by SLGray May 14th 2013, 11:15 pm

It will effect everyone new member for a week period. There is no way to remove a new member from it.


Major security problem Slgray10

When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
SLGray
SLGray
Administrator
Administrator

Male Posts : 51464
Reputation : 3519
Language : English
Location : United States

https://forumsclub.com/gc/128-link-directory/

Back to top Go down

Solved Re: Major security problem

Post by PokeMRX May 14th 2013, 11:17 pm

melodiccolor wrote:Ok, went in there and found "Unauthorize members with less than a week registration to post external links and emails :" So If I enable this, would there be a way to authorize legitimate new members to send pm's and links?

Probably not, unless you make a manual system, like a thread where new users can request those privileges.
In my case, that option was enabled. The spambot was a tricky one though. It waited until a week had passed before even attempting to make a post.


SLGray, can Forummotion ban the malicious website that attacks via the spam threads if I provide the URL to you?
avatar
PokeMRX
New Member

Male Posts : 18
Reputation : 1
Language : English

Back to top Go down

Solved Re: Major security problem

Post by melodiccolor May 14th 2013, 11:25 pm

PokeMRX wrote:
melodiccolor wrote:Ok, went in there and found "Unauthorize members with less than a week registration to post external links and emails :" So If I enable this, would there be a way to authorize legitimate new members to send pm's and links?

Probably not, unless you make a manual system, like a thread where new users can request those privileges.
In my case, that option was enabled. The spambot was a tricky one though. It waited until a week had passed before even attempting to make a post.
Yes, it did the same here. Whoever programmed those know about this tactic and did a run around.

One solution could be to IP-ban the spambot and ban the e-mail provider (if it uses a disposable e-mail service, not if it uses the standard webmail services). But, since many spambots are run via botnets, IP-bans can be a little ineffective.

Does Forummotion use captcha codes? I can't remember how it was when I signed up. Though, a good spambot could probably crack it.
They do use captcha too. A new member with a very funny thread mimicing spam triggered it and that is how we found out about it. I also thought of starting a thread where new members could ask for help once I enabled the feature.

Thanks SLGray. I guess the topic is solved.
avatar
melodiccolor
Forumember

Posts : 276
Reputation : 1
Language : english

http://The HSP Dimension http://funhsps.niceboard.org/

Back to top Go down

Solved Re: Major security problem

Post by SLGray May 14th 2013, 11:27 pm

Topic Solved & Locked


Major security problem Slgray10

When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
SLGray
SLGray
Administrator
Administrator

Male Posts : 51464
Reputation : 3519
Language : English
Location : United States

https://forumsclub.com/gc/128-link-directory/

Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum