The forum of the forums
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Malicious spam threads

+2
Sanket
PokeMRX
6 posters

Go down

Solved Malicious spam threads

Post by PokeMRX May 15th 2013, 13:03

There is a major security problem involving spam threads that trigger an instant virus attack when clicked. All one has to do is to click on such a spam thread. One does not even have to click on any external links.


Here is the URL that launches the malicious attack: starsearchtool.com
Can someone please ban it from all Forumtion forums in order to minimize damages from future spam threads?
avatar
PokeMRX
New Member

Male Posts : 18
Reputation : 1
Language : English

Back to top Go down

Solved Re: Malicious spam threads

Post by Sanket May 15th 2013, 17:52

Please give more information on this, as to which threads are being affected.
Sanket
Sanket
ForumGuru

Male Posts : 48766
Reputation : 2830
Language : English
Location : Mumbai

Back to top Go down

Solved Re: Malicious spam threads

Post by PokeMRX May 15th 2013, 18:16

The only thread that was created by the spambot was in the most popular section of the forum. The thread was about "dish network knife show". That thread is now deleted as well as the spambot. The spambot waited a week so that it would get link posting privileges before making the spam thread. Unfortunately IP-banning and banning of it's e-mail provider was first thought up after the spambot had been deleted.
That's about it.


Last edited by PokeMRX on May 17th 2013, 01:38; edited 1 time in total
avatar
PokeMRX
New Member

Male Posts : 18
Reputation : 1
Language : English

Back to top Go down

Solved Re: Malicious spam threads

Post by SLGray May 16th 2013, 01:15

PokeMRX wrote:The only thread that was created by the spambot was in the most popular section of the forum. The thread was about "dish network satellite skew". That thread is now deleted as well as the spambot. The spambot waited a week so that it would get link posting privileges before making the spam thread. Unfortunately IP-banning and banning of it's e-mail provider was first thought up after the spambot had been deleted.
That's about it.
This also occurred on my forum. I was lucky that I was the first one to see them. I delete them before any member opened them. There was no virus in the threads on my forum.


Malicious spam threads Slgray10

When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
SLGray
SLGray
Administrator
Administrator

Male Posts : 51555
Reputation : 3524
Language : English
Location : United States

https://forumsclub.com/gc/128-link-directory/

Back to top Go down

Solved Re: Malicious spam threads

Post by Derri May 16th 2013, 01:25

I've had my fair share of dealings with spam bots both with FM forums and other forums such as Vbulletin and I can safely say I don't think I've ever opened the thread and been given a virus. I've opened a link in the thread and been given a virus via that link I opened but never from just viewing the thread.

In any case I can honestly say I've never known spam to give me a virus from just opening a thread I think this might be a rare occurrence.

My best advice would be to look for what spam bots commonly show themselves as spam:

  1. Very random usernames filled with a conviction of random lettering and numbers e.g ifhqg54gg6
  2. Profile Information such as Name: ibrgwhbuwgj
  3. Titles with a weird title such as "Buy free dishwashers" or threads started in foreign languages or unusual symbols in threads
  4. False email addresses or completely stupid or unbelievable email addresses that look like no member would ever have them.





Last edited by Derri on May 16th 2013, 06:02; edited 1 time in total
Derri
Derri
Helper
Helper

Male Posts : 8711
Reputation : 638
Language : English & Basic French
Location : Scotland, United Kingdom

Back to top Go down

Solved Re: Malicious spam threads

Post by SLGray May 16th 2013, 06:00

Correct Derri. I believe that just opening a thread will not give you a virus, but pressing a link in the thread would.


Malicious spam threads Slgray10

When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
SLGray
SLGray
Administrator
Administrator

Male Posts : 51555
Reputation : 3524
Language : English
Location : United States

https://forumsclub.com/gc/128-link-directory/

Back to top Go down

Solved Re: Malicious spam threads

Post by kirk May 16th 2013, 09:39

I would set the members activation to either be activated by email or admin.
If set to admin you can always check inactive members list and see right away what may be a bot, then if activated by email the member will have to be sure to use a real email address or wont be able to activate their account.
kirk
kirk
Forumaster

Male Posts : 11037
Reputation : 653
Language : English,Vulcan,Klingon, Romulan,& Gorn

Back to top Go down

Solved Re: Malicious spam threads

Post by Sanket May 16th 2013, 12:20

Can you take a screenshot of it & provide the content of that post?
Sanket
Sanket
ForumGuru

Male Posts : 48766
Reputation : 2830
Language : English
Location : Mumbai

Back to top Go down

Solved Re: Malicious spam threads

Post by Guest May 16th 2013, 18:41

Some of the things you should do to avoid spam posts or thread is to NEVER allow guest to post. Guest posting is an open invitation to spam. So you should only allow registered member to post or start threads.

Also have account activation enable for new registrations. You could also ban known spam usernames and ban certain email addresses.

For new members you could also create a usergroup and put all new members in it. Then set it up so that new members can only post on one section of the forum.

This section can be set so it is only visible to certain usergroups and not visible to guests. That way any posts made by new members will not be seen by other members or guests. Until you or a moderator approves them. Then you can check the posts and IP and delete any spam posts and members. Or simply ban the members concerned.
avatar
Guest
Guest


Back to top Go down

Solved Re: Malicious spam threads

Post by Sanket May 16th 2013, 20:42

I have reported this to The Godfather.
Sanket
Sanket
ForumGuru

Male Posts : 48766
Reputation : 2830
Language : English
Location : Mumbai

Back to top Go down

Solved Re: Malicious spam threads

Post by kirk May 16th 2013, 20:48

Could be something else on your forum to.
Like have you added any new coding or scripts?

Other then that Sanket has now passed it on Smile
kirk
kirk
Forumaster

Male Posts : 11037
Reputation : 653
Language : English,Vulcan,Klingon, Romulan,& Gorn

Back to top Go down

Solved Re: Malicious spam threads

Post by PokeMRX May 16th 2013, 20:51

Not really. The only thing that has been added is a link to an IRC channel using html coding.
avatar
PokeMRX
New Member

Male Posts : 18
Reputation : 1
Language : English

Back to top Go down

Solved Re: Malicious spam threads

Post by kirk May 16th 2013, 20:58

What is IRC?
For the heck of it try removing it and see if it still happens?
kirk
kirk
Forumaster

Male Posts : 11037
Reputation : 653
Language : English,Vulcan,Klingon, Romulan,& Gorn

Back to top Go down

Solved Re: Malicious spam threads

Post by Derri May 16th 2013, 21:01

kirk wrote:What is IRC?
For the heck of it try removing it and see if it still happens?

IRC stands for Internet Relay Chat

Essentially it is a chat held on an online server but there are thousands of servers. The potential of things you can do on IRC is pretty much unlimited. I don't see this being the cause of the problem but I'm not an expert on IRC so it could be.
Derri
Derri
Helper
Helper

Male Posts : 8711
Reputation : 638
Language : English & Basic French
Location : Scotland, United Kingdom

Back to top Go down

Solved Re: Malicious spam threads

Post by PokeMRX May 16th 2013, 21:03

It's just a link to an IRC channel. It's like adding a link to a website. There is no way that could be the cause.
avatar
PokeMRX
New Member

Male Posts : 18
Reputation : 1
Language : English

Back to top Go down

Solved Re: Malicious spam threads

Post by Ultron's Vision May 16th 2013, 21:06

As kirk stated, there is no actual way that clicking a secure forumotion link would be the cause of a virus.

forumotion also disables the use of the <script> tag in all their posts, even if HTML is enabled, so it wasn't a script, either.

Whereas I can imagine a foreign link being the source of evil, yes, I had such things occur to me (over a script it took down my PC so I had to force format it).
Ultron's Vision
Ultron's Vision
Forumember

Male Posts : 631
Reputation : 45
Language : English | German | HTML | JavaScript | PHP | C++ | Perl | Java
Location : Vienna, Austria

http://duelacademy.net

Back to top Go down

Solved Re: Malicious spam threads

Post by Guest May 16th 2013, 21:14

Derri wrote:
kirk wrote:What is IRC?
For the heck of it try removing it and see if it still happens?

IRC stands for Internet Relay Chat

Essentially it is a chat held on an online server but there are thousands of servers. The potential of things you can do on IRC is pretty much unlimited. I don't see this being the cause of the problem but I'm not an expert on IRC so it could be.
Some admins do put IRC and also Tiny Chat. Which is a video chat software or site link to Tiny Chat on their forums. Though it's not really a good idea and I don't see the need for it. It would be better to just post a thread telling members where your IRC channel is. Rather than install chat software on the forum. I know Forumotion has it's own chat box that you can install, but I have never enabled this.
avatar
Guest
Guest


Back to top Go down

Solved Re: Malicious spam threads

Post by PokeMRX May 16th 2013, 21:18

Then the explanation must be that I'm delusional. And the IRC link stays. The spambot was created before the IRC channel itself was created, so it can't be because of the IRC link.

I never said that there was a chatbox on the forum. Just a link to an IRC channel which was added into the forum page
avatar
PokeMRX
New Member

Male Posts : 18
Reputation : 1
Language : English

Back to top Go down

Solved Re: Malicious spam threads

Post by Ultron's Vision May 16th 2013, 21:47

There is URL Rewriting, though, and this could have caused you to have been redirected to another page.
Ultron's Vision
Ultron's Vision
Forumember

Male Posts : 631
Reputation : 45
Language : English | German | HTML | JavaScript | PHP | C++ | Perl | Java
Location : Vienna, Austria

http://duelacademy.net

Back to top Go down

Solved Re: Malicious spam threads

Post by PokeMRX May 16th 2013, 21:59

I was on the Forumotion forum.

In the avast! warning URL there is a part that says '.jpg'. I wonder if the malicious data could have been transferred to the thread when a jpg image the spambot posted was being loaded. I have never heard that something like that would be possible and I don't remember seeing a jpg image in the thread, though it could have been a transparent image.
avatar
PokeMRX
New Member

Male Posts : 18
Reputation : 1
Language : English

Back to top Go down

Solved Re: Malicious spam threads

Post by Ultron's Vision May 16th 2013, 22:04

.jpgs usually have the property of being opaque at all time since it's a compressed image (as in, you cannot extract its layers again), so I do not believe that is the cause, either.

forumotion is secure regarding scripts and such, though the spambot could've used an <iframe> to get past the browser's sandbox... but I still doubt getting a virus can happen if you just click on a secure forumotion link.
Ultron's Vision
Ultron's Vision
Forumember

Male Posts : 631
Reputation : 45
Language : English | German | HTML | JavaScript | PHP | C++ | Perl | Java
Location : Vienna, Austria

http://duelacademy.net

Back to top Go down

Solved Re: Malicious spam threads

Post by PokeMRX May 16th 2013, 22:16

Ah, well maybe it could have been an image that was like 1 x 1 pixels, or I just didn't look thorough enough.

And I got a virus via the thread. I don't know how it happened, but it happened.
avatar
PokeMRX
New Member

Male Posts : 18
Reputation : 1
Language : English

Back to top Go down

Solved Re: Malicious spam threads

Post by kirk May 17th 2013, 01:18

It could be a corrupt image ?, I have seen this happen in the past.
As far as the IRC thing, I only suggested this to try it to be sure.
I mean we are trouble shooting here ? I use avast as well.

If you like set up a temp. Members account and send me the user name and pass so I can see if it comes up for me as we'll.

Let me know what section of the forum it is happening on to if you want me to try it .

Oh copy the link to the image to and go to it so if it is that you know what image you will be looking for to remove. I have seen this happen before but was a different.
kirk
kirk
Forumaster

Male Posts : 11037
Reputation : 653
Language : English,Vulcan,Klingon, Romulan,& Gorn

Back to top Go down

Solved Re: Malicious spam threads

Post by PokeMRX May 17th 2013, 01:34

The whole spam thread was removed before I even made this thread, so I can't do that.
avatar
PokeMRX
New Member

Male Posts : 18
Reputation : 1
Language : English

Back to top Go down

Solved Re: Malicious spam threads

Post by kirk May 17th 2013, 01:48

Yeah so it means it has to be something else causing this.
What section of the forum are you in/on when the avast goes off?

I honestly do not even think it had anything to do with the spam thread.
If it did then it would not be happening any longer because it is no longer there.
I mean you can't have something trigger your avast from a thread or post that is no longer on the board. It can't just magically place/ embed something to your forum somewhere out side of the post/thread it may have been in .

So not sure what to tell you? I have suggested a few things and you seem to not even want to try. We have to rule out everything we possibly can.

So I guess just wait for the godfather . I mean sanket did send it off but was hopping it was something we could have resolved.

Try running you avast scan to make sure you are not infected with anything and try a different browser to and see if it still triggers off .
kirk
kirk
Forumaster

Male Posts : 11037
Reputation : 653
Language : English,Vulcan,Klingon, Romulan,& Gorn

Back to top Go down

Solved Re: Malicious spam threads

Post by PokeMRX May 17th 2013, 01:53

The forum is clean now that the spam thread is gone. I don't think that I have claimed otherwise. I just want to have a preventive solution / implemention to all Forumotion forums so that this won't happen again.
avatar
PokeMRX
New Member

Male Posts : 18
Reputation : 1
Language : English

Back to top Go down

Solved Re: Malicious spam threads

Post by kirk May 17th 2013, 02:06

PokeMRX wrote:The forum is clean now that the spam thread is gone. I don't think that I have claimed otherwise. I just want to have a preventive solution / implemention to all Forumotion forums so that this won't happen again.

What??? Now your starting to kill me.lol
Your sitting here telling us that your avast keeps going off even though you have deleted the thread and now your saying your forum is clean?

So then this is solved?

We have already suggested ways to help with spam bots.

The best way is for you and your admins to have to activate all accounts.
Other then that there are several ways suggested above and will be up to you and your staff to find the best methods that work for you and your forum best.

It is all part of running forums/sites.
kirk
kirk
Forumaster

Male Posts : 11037
Reputation : 653
Language : English,Vulcan,Klingon, Romulan,& Gorn

Back to top Go down

Solved Re: Malicious spam threads

Post by PokeMRX May 17th 2013, 02:13

"I clicked on the spam thread and then avast! Internet Security goes nuts about a virus.

The thread is deleted..."


Sorry about that. Well, I guess there's nothing more to do. Thanks for the help. Topic solved.


Last edited by PokeMRX on May 17th 2013, 02:15; edited 1 time in total
avatar
PokeMRX
New Member

Male Posts : 18
Reputation : 1
Language : English

Back to top Go down

Solved Re: Malicious spam threads

Post by kirk May 17th 2013, 02:16


See this is where you got us mixed up.
It sounded like you was saying it was still happening even after you removed the thread?
Why did you not correct us? I mean why did you think Sanket sent this to the godfather for?


No biggie it happens.
kirk
kirk
Forumaster

Male Posts : 11037
Reputation : 653
Language : English,Vulcan,Klingon, Romulan,& Gorn

Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum