Malicious spam threads
+2
Sanket
PokeMRX
6 posters
Page 1 of 1
Malicious spam threads
There is a major security problem involving spam threads that trigger an instant virus attack when clicked. All one has to do is to click on such a spam thread. One does not even have to click on any external links.
Here is the URL that launches the malicious attack: starsearchtool.com
Can someone please ban it from all Forumtion forums in order to minimize damages from future spam threads?
Here is the URL that launches the malicious attack: starsearchtool.com
Can someone please ban it from all Forumtion forums in order to minimize damages from future spam threads?
PokeMRX- New Member
- Posts : 18
Reputation : 1
Language : English
Re: Malicious spam threads
Please give more information on this, as to which threads are being affected.
Sanket- ForumGuru
- Posts : 48766
Reputation : 2830
Language : English
Location : Mumbai
Re: Malicious spam threads
The only thread that was created by the spambot was in the most popular section of the forum. The thread was about "dish network knife show". That thread is now deleted as well as the spambot. The spambot waited a week so that it would get link posting privileges before making the spam thread. Unfortunately IP-banning and banning of it's e-mail provider was first thought up after the spambot had been deleted.
That's about it.
That's about it.
Last edited by PokeMRX on May 17th 2013, 12:38 am; edited 1 time in total
PokeMRX- New Member
- Posts : 18
Reputation : 1
Language : English
Re: Malicious spam threads
This also occurred on my forum. I was lucky that I was the first one to see them. I delete them before any member opened them. There was no virus in the threads on my forum.PokeMRX wrote:The only thread that was created by the spambot was in the most popular section of the forum. The thread was about "dish network satellite skew". That thread is now deleted as well as the spambot. The spambot waited a week so that it would get link posting privileges before making the spam thread. Unfortunately IP-banning and banning of it's e-mail provider was first thought up after the spambot had been deleted.
That's about it.
Lost Founder's Password |Forum's Utilities |Report a Forum |General Rules |FAQ |Tricks & Tips
You need one post to send a PM.
You need one post to send a PM.
When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
Re: Malicious spam threads
I've had my fair share of dealings with spam bots both with FM forums and other forums such as Vbulletin and I can safely say I don't think I've ever opened the thread and been given a virus. I've opened a link in the thread and been given a virus via that link I opened but never from just viewing the thread.
In any case I can honestly say I've never known spam to give me a virus from just opening a thread I think this might be a rare occurrence.
My best advice would be to look for what spam bots commonly show themselves as spam:
In any case I can honestly say I've never known spam to give me a virus from just opening a thread I think this might be a rare occurrence.
My best advice would be to look for what spam bots commonly show themselves as spam:
- Very random usernames filled with a conviction of random lettering and numbers e.g ifhqg54gg6
- Profile Information such as Name: ibrgwhbuwgj
- Titles with a weird title such as "Buy free dishwashers" or threads started in foreign languages or unusual symbols in threads
- False email addresses or completely stupid or unbelievable email addresses that look like no member would ever have them.
Last edited by Derri on May 16th 2013, 5:02 am; edited 1 time in total
Derri- Helper
- Posts : 8711
Reputation : 638
Language : English & Basic French
Location : Scotland, United Kingdom
Re: Malicious spam threads
Correct Derri. I believe that just opening a thread will not give you a virus, but pressing a link in the thread would.
Lost Founder's Password |Forum's Utilities |Report a Forum |General Rules |FAQ |Tricks & Tips
You need one post to send a PM.
You need one post to send a PM.
When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
Re: Malicious spam threads
I would set the members activation to either be activated by email or admin.
If set to admin you can always check inactive members list and see right away what may be a bot, then if activated by email the member will have to be sure to use a real email address or wont be able to activate their account.
If set to admin you can always check inactive members list and see right away what may be a bot, then if activated by email the member will have to be sure to use a real email address or wont be able to activate their account.
kirk- Forumaster
- Posts : 11037
Reputation : 653
Language : English,Vulcan,Klingon, Romulan,& Gorn
Re: Malicious spam threads
Can you take a screenshot of it & provide the content of that post?
Sanket- ForumGuru
- Posts : 48766
Reputation : 2830
Language : English
Location : Mumbai
Re: Malicious spam threads
I saw it with my own eyes. I clicked on the spam thread and then avast! Internet Security goes nuts about a virus.
The thread is deleted, there is nothing I can do about that, but I still have the virus warning URL from avast:
http://www.avast.com/en-us/lp-pr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_ise_80_0&utm_medium=prg_systray&utm_content=.%2Fpaid%2Fen-us%2Fvirus-alert-default&p_vir=URL:Malware&p_prc=C:\Program%20Files%20%28x86%29\Mozilla%20Firefox\firefox.exe&p_obj=http://starsearchtool.com/vries/.fogelholm/ZGVmYXVsdHwxMzY4NTE1Nzg5.lakebeds/dish_network_satellite_skew.kitestring.jpg&p_var=.%2Fpaid%2Fen-us%2Fvirus-alert-default&p_pro=2&p_vep=8&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=227&p_lng=en&p_lid=en-us&p_elm=7&p_vbd=1483
The thread is deleted, there is nothing I can do about that, but I still have the virus warning URL from avast:
http://www.avast.com/en-us/lp-pr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_ise_80_0&utm_medium=prg_systray&utm_content=.%2Fpaid%2Fen-us%2Fvirus-alert-default&p_vir=URL:Malware&p_prc=C:\Program%20Files%20%28x86%29\Mozilla%20Firefox\firefox.exe&p_obj=http://starsearchtool.com/vries/.fogelholm/ZGVmYXVsdHwxMzY4NTE1Nzg5.lakebeds/dish_network_satellite_skew.kitestring.jpg&p_var=.%2Fpaid%2Fen-us%2Fvirus-alert-default&p_pro=2&p_vep=8&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=227&p_lng=en&p_lid=en-us&p_elm=7&p_vbd=1483
PokeMRX- New Member
- Posts : 18
Reputation : 1
Language : English
Re: Malicious spam threads
Some of the things you should do to avoid spam posts or thread is to NEVER allow guest to post. Guest posting is an open invitation to spam. So you should only allow registered member to post or start threads.
Also have account activation enable for new registrations. You could also ban known spam usernames and ban certain email addresses.
For new members you could also create a usergroup and put all new members in it. Then set it up so that new members can only post on one section of the forum.
This section can be set so it is only visible to certain usergroups and not visible to guests. That way any posts made by new members will not be seen by other members or guests. Until you or a moderator approves them. Then you can check the posts and IP and delete any spam posts and members. Or simply ban the members concerned.
Also have account activation enable for new registrations. You could also ban known spam usernames and ban certain email addresses.
For new members you could also create a usergroup and put all new members in it. Then set it up so that new members can only post on one section of the forum.
This section can be set so it is only visible to certain usergroups and not visible to guests. That way any posts made by new members will not be seen by other members or guests. Until you or a moderator approves them. Then you can check the posts and IP and delete any spam posts and members. Or simply ban the members concerned.
Guest- Guest
Re: Malicious spam threads
I have reported this to The Godfather.
Sanket- ForumGuru
- Posts : 48766
Reputation : 2830
Language : English
Location : Mumbai
Re: Malicious spam threads
Could be something else on your forum to.
Like have you added any new coding or scripts?
Other then that Sanket has now passed it on
Like have you added any new coding or scripts?
Other then that Sanket has now passed it on
kirk- Forumaster
- Posts : 11037
Reputation : 653
Language : English,Vulcan,Klingon, Romulan,& Gorn
Re: Malicious spam threads
Not really. The only thing that has been added is a link to an IRC channel using html coding.
PokeMRX- New Member
- Posts : 18
Reputation : 1
Language : English
Re: Malicious spam threads
What is IRC?
For the heck of it try removing it and see if it still happens?
For the heck of it try removing it and see if it still happens?
kirk- Forumaster
- Posts : 11037
Reputation : 653
Language : English,Vulcan,Klingon, Romulan,& Gorn
Re: Malicious spam threads
kirk wrote:What is IRC?
For the heck of it try removing it and see if it still happens?
IRC stands for Internet Relay Chat
Essentially it is a chat held on an online server but there are thousands of servers. The potential of things you can do on IRC is pretty much unlimited. I don't see this being the cause of the problem but I'm not an expert on IRC so it could be.
Derri- Helper
- Posts : 8711
Reputation : 638
Language : English & Basic French
Location : Scotland, United Kingdom
Re: Malicious spam threads
It's just a link to an IRC channel. It's like adding a link to a website. There is no way that could be the cause.
PokeMRX- New Member
- Posts : 18
Reputation : 1
Language : English
Re: Malicious spam threads
As kirk stated, there is no actual way that clicking a secure forumotion link would be the cause of a virus.
forumotion also disables the use of the <script> tag in all their posts, even if HTML is enabled, so it wasn't a script, either.
Whereas I can imagine a foreign link being the source of evil, yes, I had such things occur to me (over a script it took down my PC so I had to force format it).
forumotion also disables the use of the <script> tag in all their posts, even if HTML is enabled, so it wasn't a script, either.
Whereas I can imagine a foreign link being the source of evil, yes, I had such things occur to me (over a script it took down my PC so I had to force format it).
Re: Malicious spam threads
Some admins do put IRC and also Tiny Chat. Which is a video chat software or site link to Tiny Chat on their forums. Though it's not really a good idea and I don't see the need for it. It would be better to just post a thread telling members where your IRC channel is. Rather than install chat software on the forum. I know Forumotion has it's own chat box that you can install, but I have never enabled this.Derri wrote:kirk wrote:What is IRC?
For the heck of it try removing it and see if it still happens?
IRC stands for Internet Relay Chat
Essentially it is a chat held on an online server but there are thousands of servers. The potential of things you can do on IRC is pretty much unlimited. I don't see this being the cause of the problem but I'm not an expert on IRC so it could be.
Guest- Guest
Re: Malicious spam threads
Then the explanation must be that I'm delusional. And the IRC link stays. The spambot was created before the IRC channel itself was created, so it can't be because of the IRC link.
I never said that there was a chatbox on the forum. Just a link to an IRC channel which was added into the forum page
I never said that there was a chatbox on the forum. Just a link to an IRC channel which was added into the forum page
PokeMRX- New Member
- Posts : 18
Reputation : 1
Language : English
Re: Malicious spam threads
There is URL Rewriting, though, and this could have caused you to have been redirected to another page.
Re: Malicious spam threads
I was on the Forumotion forum.
In the avast! warning URL there is a part that says '.jpg'. I wonder if the malicious data could have been transferred to the thread when a jpg image the spambot posted was being loaded. I have never heard that something like that would be possible and I don't remember seeing a jpg image in the thread, though it could have been a transparent image.
In the avast! warning URL there is a part that says '.jpg'. I wonder if the malicious data could have been transferred to the thread when a jpg image the spambot posted was being loaded. I have never heard that something like that would be possible and I don't remember seeing a jpg image in the thread, though it could have been a transparent image.
PokeMRX- New Member
- Posts : 18
Reputation : 1
Language : English
Re: Malicious spam threads
.jpgs usually have the property of being opaque at all time since it's a compressed image (as in, you cannot extract its layers again), so I do not believe that is the cause, either.
forumotion is secure regarding scripts and such, though the spambot could've used an <iframe> to get past the browser's sandbox... but I still doubt getting a virus can happen if you just click on a secure forumotion link.
forumotion is secure regarding scripts and such, though the spambot could've used an <iframe> to get past the browser's sandbox... but I still doubt getting a virus can happen if you just click on a secure forumotion link.
Re: Malicious spam threads
Ah, well maybe it could have been an image that was like 1 x 1 pixels, or I just didn't look thorough enough.
And I got a virus via the thread. I don't know how it happened, but it happened.
And I got a virus via the thread. I don't know how it happened, but it happened.
PokeMRX- New Member
- Posts : 18
Reputation : 1
Language : English
Re: Malicious spam threads
It could be a corrupt image ?, I have seen this happen in the past.
As far as the IRC thing, I only suggested this to try it to be sure.
I mean we are trouble shooting here ? I use avast as well.
If you like set up a temp. Members account and send me the user name and pass so I can see if it comes up for me as we'll.
Let me know what section of the forum it is happening on to if you want me to try it .
Oh copy the link to the image to and go to it so if it is that you know what image you will be looking for to remove. I have seen this happen before but was a different.
As far as the IRC thing, I only suggested this to try it to be sure.
I mean we are trouble shooting here ? I use avast as well.
If you like set up a temp. Members account and send me the user name and pass so I can see if it comes up for me as we'll.
Let me know what section of the forum it is happening on to if you want me to try it .
Oh copy the link to the image to and go to it so if it is that you know what image you will be looking for to remove. I have seen this happen before but was a different.
kirk- Forumaster
- Posts : 11037
Reputation : 653
Language : English,Vulcan,Klingon, Romulan,& Gorn
Re: Malicious spam threads
The whole spam thread was removed before I even made this thread, so I can't do that.
PokeMRX- New Member
- Posts : 18
Reputation : 1
Language : English
Re: Malicious spam threads
Yeah so it means it has to be something else causing this.
What section of the forum are you in/on when the avast goes off?
I honestly do not even think it had anything to do with the spam thread.
If it did then it would not be happening any longer because it is no longer there.
I mean you can't have something trigger your avast from a thread or post that is no longer on the board. It can't just magically place/ embed something to your forum somewhere out side of the post/thread it may have been in .
So not sure what to tell you? I have suggested a few things and you seem to not even want to try. We have to rule out everything we possibly can.
So I guess just wait for the godfather . I mean sanket did send it off but was hopping it was something we could have resolved.
Try running you avast scan to make sure you are not infected with anything and try a different browser to and see if it still triggers off .
What section of the forum are you in/on when the avast goes off?
I honestly do not even think it had anything to do with the spam thread.
If it did then it would not be happening any longer because it is no longer there.
I mean you can't have something trigger your avast from a thread or post that is no longer on the board. It can't just magically place/ embed something to your forum somewhere out side of the post/thread it may have been in .
So not sure what to tell you? I have suggested a few things and you seem to not even want to try. We have to rule out everything we possibly can.
So I guess just wait for the godfather . I mean sanket did send it off but was hopping it was something we could have resolved.
Try running you avast scan to make sure you are not infected with anything and try a different browser to and see if it still triggers off .
kirk- Forumaster
- Posts : 11037
Reputation : 653
Language : English,Vulcan,Klingon, Romulan,& Gorn
Re: Malicious spam threads
The forum is clean now that the spam thread is gone. I don't think that I have claimed otherwise. I just want to have a preventive solution / implemention to all Forumotion forums so that this won't happen again.
PokeMRX- New Member
- Posts : 18
Reputation : 1
Language : English
Re: Malicious spam threads
PokeMRX wrote:The forum is clean now that the spam thread is gone. I don't think that I have claimed otherwise. I just want to have a preventive solution / implemention to all Forumotion forums so that this won't happen again.
What??? Now your starting to kill me.lol
Your sitting here telling us that your avast keeps going off even though you have deleted the thread and now your saying your forum is clean?
So then this is solved?
We have already suggested ways to help with spam bots.
The best way is for you and your admins to have to activate all accounts.
Other then that there are several ways suggested above and will be up to you and your staff to find the best methods that work for you and your forum best.
It is all part of running forums/sites.
kirk- Forumaster
- Posts : 11037
Reputation : 653
Language : English,Vulcan,Klingon, Romulan,& Gorn
Re: Malicious spam threads
"I clicked on the spam thread and then avast! Internet Security goes nuts about a virus.
The thread is deleted..."
Sorry about that. Well, I guess there's nothing more to do. Thanks for the help. Topic solved.
The thread is deleted..."
Sorry about that. Well, I guess there's nothing more to do. Thanks for the help. Topic solved.
Last edited by PokeMRX on May 17th 2013, 1:15 am; edited 1 time in total
PokeMRX- New Member
- Posts : 18
Reputation : 1
Language : English
Re: Malicious spam threads
PokeMRX wrote:
The thread is deleted, there is nothing I can do about that, but I still have the virus warning URL from avast:
http://www.avast.com/en-us/lp-pr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_ise_80_0&utm_medium=prg_systray&utm_content=.%2Fpaid%2Fen-us%2Fvirus-alert-default&p_vir=URL:Malware&p_prc=C:\Program%20Files%20%28x86%29\Mozilla%20Firefox\firefox.exe&p_obj=http://starsearchtool.com/vries/.fogelholm/ZGVmYXVsdHwxMzY4NTE1Nzg5.lakebeds/dish_network_satellite_skew.kitestring.jpg&p_var=.%2Fpaid%2Fen-us%2Fvirus-alert-default&p_pro=2&p_vep=8&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=227&p_lng=en&p_lid=en-us&p_elm=7&p_vbd=1483
See this is where you got us mixed up.
It sounded like you was saying it was still happening even after you removed the thread?
Why did you not correct us? I mean why did you think Sanket sent this to the godfather for?
No biggie it happens.
kirk- Forumaster
- Posts : 11037
Reputation : 653
Language : English,Vulcan,Klingon, Romulan,& Gorn
Similar topics
» Malicious reporting
» Malicious ads
» Malicious Pop Up Ad?
» Possible Malicious Ad Content
» Malicious code
» Malicious ads
» Malicious Pop Up Ad?
» Possible Malicious Ad Content
» Malicious code
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum