Avast WEBforum
Other => General Topics => Topic started by: ZeroVerteX on October 12, 2006, 11:16:56 PM
-
I got an email regarding a personal message on the Avast forum. If you are under 18 or don't like looking at enlarged Asian naked male ..um... parts, don't look at the pic at the URL below. It was in line in the message and my 5 year old daughter came very close to seeing my screen just as I was pulling up the message on my laptop. Is this new? Has this been a problem before? Is there anything that can be done?
P.S. Avast rocks! I don't get much chance to say thanks for such a great product!!
If you have some time check out this COOL pic:
Also, check out the following website I came across:
It will knock your socks off!
Next, the below website is thrilling!!!
Finally, the following website is the absolute BOMB!!!
ENJOY!!!
MY PIC:
-
I just receive that mail today ???
You have just been sent a personal message by JessicaA on avast!WEBforum.
IMPORTANT: Remember, this is just a notification. Please do not reply to this email.
The message they sent you was:
If you have some time check out this COOL pic:
Also, check out the following website I came across:
It will knock your socks off!
Next, the below website is thrilling!!!
Finally, the following website is the absolute BOMB!!!
ENJOY!!!
MY PIC:
[removed by me][/removed by me]
---
Antivirus avast! : message Entrant sain.
Base de donnees virale (VPS) : 0641-3, 12/10/2006
Analyse le : 12/10/2006 23:09:55
avast! - copyright (c) 1988-2006 ALWIL Software.
http://www.avast.com
and the sender is supposed to be "webadmin@asw.cz"
What do you think of that ???
-
It's a Personal Message sent by malicious user thru this forum. I'm sorry for that but currently I see no way how to prevent such actions. >:(
The person was banned ASAP (but not as soon as I'd want)
-
Just to complete my post: it's not a PM, this crap has been sent to my email
[edit]yes, PM too >:([/edit]
-
Just found this thread. I PM'ed an Admin about it. I'm a Forum Admin myself, if that happened on my board I'd be pretty annoyed.
-
It's a Personal Message sent by malicious user thru this forum. I'm sorry for that but currently I see no way how to prevent such actions. >:(
A possibility might be to separate the emailing script from the rest of the forum itself, and only allow localhost connections to the script.
-
I'm sorry for that but currently I see no way how to prevent such actions. >:(
Upgrading to the latest SMF would help...
-
Got one too- this came to my personal email account. Checked my profile and my email is hidden, how did this person get my email address?
-
What new feature is in 1.0.8 (latest version), to prevent this?
-
You're getting notification about it in your mail. But it's PM sent from another registered user.
-
It's a Personal Message sent by malicious user thru this forum. I'm sorry for that but currently I see no way how to prevent such actions. >:(
The person was banned ASAP (but not as soon as I'd want)
Hey Kubecj,
On the Comodo forums we have a limit to 1 post per 90 seconds, that helps a lot on the speed that spammers can post at, this also applies to PM's they can only send 1 PM per 90 seconds as well. So say they post some spam then they cannot post again or send an e-mail for 90 seconds. Maybe you should consider setting these restrictions, of course it doesn't have to be 90 seconds, you can make it a shorter time such as 45 or whatever you like.
-
Here it's 20 seconds. It's obvious it doesn't work for PMs :(
-
Here it's 20 seconds. It's obvious it doesn't work for PMs :(
Hmmm, is the forum software up to date? If not that feature may be only available in future versions.
Comodo is using SMF 1.1 RC2
P.S. I think that Comodo took off the 90 second limit for posts, I believe you can only send 1 PM every 90 seconds though. Still with this feature it can help cut down on spam.
-
What new feature is in 1.0.8 (latest version), to prevent this?
Actually, (if I'm not mistaken) 1.0.8 might be the end of that line...
You're better off with SMF 1.1 RC3... Has CAPTCHA to prevent Spammers from getting in in the first place... There's also Account Activation... There's also options to hide email addresses of members so that even if a spammer gets they can't get emails... And PMs can be limited somehow...
I have an SMF board and never have had a problem with Spammers with SMF...
-
But I refuse to install RC here, that's not an option. Activation/hiding of emails is also here, and is turned on.
-
But I refuse to install RC here, that's not an option. Activation/hiding of emails is also here, and is turned on.
Although it is a RC it is extremely stable and runs great, it has more features and better control to help stop spam. I understand you not wanting to install an RC but once again it is very stable, Comodo forums are using the RC3 and have had no problems. And it has also helped to cut down on spam a lot.
-
Hi kubecj,
Should we take the links out of the top two posting of this thread, could lead to more spamming. "Spim" is going to be more of a problem, you hear of it more and more, warnings of possible trickery should come in,
polonus
-
Hi kubecj,
Should we take the links out of the top two posting of this thread, could lead to more spamming. "Spim" is going to be more of a problem, you hear of it more and more, warnings of possible trickery should come in,
polonus
I was thinking the same thing. I think it might be a nice idea.
-
Believe what is happening was mentioned in this thread HERE. (http://forum.avast.com/index.php?topic=24094.msg197952#msg197952)
-
It was not, no hole was used. Registered users see the emails anyway, if other users show them.
-
It's a Personal Message sent by malicious user thru this forum. I'm sorry for that but currently I see no way how to prevent such actions. >:(
The person was banned ASAP (but not as soon as I'd want)
Is it not time to introduce a precaution to make it more difficult for people to do drive by spam of the forums and consequently forum members.
There is a thread where This forum spamming was discussed and I suggested that registration shouldn't be a single operation, fill in the form to register with a legit email address and an email is sent to that address with either an activation link or a code for them to enter to complete the registration. Until registration is complete then they can't post and they can't send PMs. No PM, no notification email.
I know this isn't an infallible system with throw away hotmail addresses, etc. but it inconveniences them if they have to get a new email once they are banned. In forming the registrant that the IP address will be noted on registration could also be a deterrent and nothing to worry about for genuine forum members.
These measures are becoming common on other forums, not sure if it is directly to combat this or for other reasons.
-
I did not analyze the PM, but, the little bit I saw was probably vulgar and this requires some action on avast's part...
I stand by my suggestion to upgrade to the latest SMF version - it is standard operating procedure for good security to use the latest software...
No more words from Me on the matter...
-
This spam was sent to me via an email address that was ONLY given to avast! and their forum. The address is hidden in my profile. Grrrrrr.....
-
That was what I thought to bitemehardly. I just checked my pm's and the message is in there also. When I checked my profile, I had the box ticked for notify me when I have new pm's, that is why it came to my personal email account. Untick that box and you won't get this sort of spam anymore. Hope it helps.
-
Hi,
Look no e-mail addresses were compromised (as long as you have chosen to hide them) the spammer sent a Personal Message, after the message was sent and the user it was sent to recieved it, then you will recieve an e-mail notification from the avast! forums notifying you that you have recieved a personal message, the notice will also have the content of the PM in it.
Hope this answers some questions.
-
I know I said I wouldn't comment any more on this, but, I just got a SECOND PM probably identical to the first...
I think it's safe to say this forum/server has been hacked...
I suggest IMMEDIATE EMERGENCY response here...
CHANGE ALL PASSWORDS IMMEDIATELY... Mysql, Root, SMF Admin, ALL of them... Activate in Registration "Member APPROVAL by Admin"... Restrict the Newbie (or whatever) member group to ZERO PMs...
NOW...
-
Jedi Master, the forum has not been hacked. That user just created an account to send PMs thats all.
Kubecj does not want to install a beta or RC build, ALWIL has enough to do without reinstalling the forum software because of a bug and I don't blame them!
-
By the way they have apparenty re-registered with the new username EdwardN as I got another PM identical to the first
-
Huh, I got this spam too. Funny how phpbb doesn't send PM content to the email, this forum could learn something from phpbb. (Edit: Also visual confirmation...)
I know I said I wouldn't comment any more on this, but, I just got a SECOND PM probably identical to the first...
I think it's safe to say this forum/server has been hacked...
I suggest IMMEDIATE EMERGENCY response here...
CHANGE ALL PASSWORDS IMMEDIATELY... Mysql, Root, SMF Admin, ALL of them... Activate in Registration "Member APPROVAL by Admin"... Restrict the Newbie (or whatever) member group to ZERO PMs...
NOW...
Okay.. You get a little bit of spam and you start crying "OMG HAX"? Jumpy today, aren't you?
-
I too received this just now (from EdwardN whose profile indicates "he" is still online and most likely is PMming as fast as he can before that account gets shut down) and was worried about a hack because the email said it was an urgent message from ADMIN....now I am realizing that was just the subject of the PM.
Just to reiterate if any of you haven't caught on yet...no one's email address has been compromised, it is a PM sent to your account HERE and the account HERE is set up to send you an email when you receive a PM. NO ONE HAS YOUR EMAIL ADDRESS.
-
I can't believe what I'm hearing from you guys...
How about less finger-pointing blame and more fixing your obvious problem...
And touting PHPBB as more secure is the most ludicrous thing I've ever heard... PHPBB is THE most exploited forum software there is...
At this point I'm rooting for the Spammer... Hope he gets off a third spam to make you guys look even more foolish...
See ya...
-
I can't believe what I'm hearing from you guys...
How about less finger-pointing blame and more fixing your obvious problem...
And touting PHPBB as more secure is the most ludicrous thing I've ever heard... PHPBB is THE most exploited forum software there is...
At this point I'm rooting for the Spammer... Hope he gets off a third spam to make you guys look even more foolish...
See ya...
Have you been reading Uncyclopedia's phpbb article (http://uncyclopedia.org/wiki/PhpBB)?
Besides, I haven't been saying it's secure, I said it would do better against this spammer.
This forum was not hacked, although there is a possibility it could be down the road since it's out of date. I know that at least with phpbb every 'minor' (third number) version is released to fix one or more security holes.
-
the spam all came from one user, right? i don't see why the admins can go in to the database and delete all of the PM's that user sent. on other forums i frequent, they do that all the time when there's PM spam.