Major security problem

While I was offline last night, 3 very nasty threads were started by a spambot that registered. They hid the links so that one of our members got hit by trojens just by opening the thread. She reported it and one of our admins moved the threads to a place only accessable by admins. His computer too was subsequently infected by the trojens in doing so. The member found that even clicking on post history triggered the trojens.

I would like to delete them completely but I can't without opening them and risking my computer. What can I do to remove them without opening them? I would like a way to do this with future threads of this nature to be on the safe side. I can't even post the link here because that would mean opening the thread too.

I just tried deleting the spambot user to see if that would delete the threads, but it just changed the user to "guest".

If you go to the place where you've stored the threads, scroll down and you'll see a link saying "moderate this forum", click on that and select the threads using the tick box, then hit delete.

You won't even have to open the thread to do this.

Is this solved?

I had the same problem. However, the thread and the spambot are both deleted now. Is there any way to protect against this kind of attack in the future? I mean it seems very weird to me to just get attacked for opening a spam thread without clicking any external links. I have the malicious URL saved in my browser history / anti-virus blacklist. If you can block the URL from all Forummotion forums I could send you the malicious URL via PM.

PokeMRX wrote:I had the same problem. However, the thread and the spambot is deleted now. Is there any way to protect against this kind of attack in the future? I mean it seems very weird to me to just get attacked for opening a spam thread without clicking any external links. I have the malicious URL saved in my browser history / anti-virus blacklist. If you can block the URL from all Forummotion forums I could send you the malicious URL via PM.

Yes, it worked, but I would like an answer to this question too. Thanks for asking PokeMRX.

Usually spam bots have weird titles for threads or usernames consisting of letters or numbers.

Usually spam threads are harmless and won't give you any kind of viruses. Also check spambots profiles as they always sign up with weird names.

You can check some of the spambot defenses in your ACP-->General-->Security.

melodiccolor wrote:

PokeMRX wrote:I had the same problem. However, the thread and the spambot is deleted now. Is there any way to protect against this kind of attack in the future? I mean it seems very weird to me to just get attacked for opening a spam thread without clicking any external links. I have the malicious URL saved in my browser history / anti-virus blacklist. If you can block the URL from all Forummotion forums I could send you the malicious URL via PM.

Yes, it worked, but I would like an answer to this question too. Thanks for asking PokeMRX.

One solution could be to IP-ban the spambot and ban the e-mail provider (if it uses a disposable e-mail service, not if it uses the standard webmail services). But, since many spambots are run via botnets, IP-bans can be a little ineffective.

Does Forummotion use captcha codes? I can't remember how it was when I signed up. Though, a good spambot could probably crack it.

Ok, went in there and found "Unauthorize members with less than a week registration to post external links and emails :" So If I enable this, would there be a way to authorize legitimate new members to send pm's and links?

It will effect everyone new member for a week period. There is no way to remove a new member from it.

melodiccolor wrote:Ok, went in there and found "Unauthorize members with less than a week registration to post external links and emails :" So If I enable this, would there be a way to authorize legitimate new members to send pm's and links?

Probably not, unless you make a manual system, like a thread where new users can request those privileges.
In my case, that option was enabled. The spambot was a tricky one though. It waited until a week had passed before even attempting to make a post.


SLGray, can Forummotion ban the malicious website that attacks via the spam threads if I provide the URL to you?

PokeMRX wrote:

melodiccolor wrote:Ok, went in there and found "Unauthorize members with less than a week registration to post external links and emails :" So If I enable this, would there be a way to authorize legitimate new members to send pm's and links?

Probably not, unless you make a manual system, like a thread where new users can request those privileges.
In my case, that option was enabled. The spambot was a tricky one though. It waited until a week had passed before even attempting to make a post.

Yes, it did the same here. Whoever programmed those know about this tactic and did a run around.

One solution could be to IP-ban the spambot and ban the e-mail provider (if it uses a disposable e-mail service, not if it uses the standard webmail services). But, since many spambots are run via botnets, IP-bans can be a little ineffective.

Does Forummotion use captcha codes? I can't remember how it was when I signed up. Though, a good spambot could probably crack it.

They do use captcha too. A new member with a very funny thread mimicing spam triggered it and that is how we found out about it. I also thought of starting a thread where new members could ask for help once I enabled the feature.

Thanks SLGray. I guess the topic is solved.