UBB.threads PHP Forum Software Community Forums UBB.classic UBB.classic 6 Support Spammers are using "REPORT POST" ?

I'm running UBB.classicTM 6.3.1.1.

Lately I've gotten a lot of Spammers logging in, but I delete them usually within hours.

Here's my real problem:

Me and my Moderators are getting slammed with "REPORT POSTS" and I "think" is some sort of Trogan or back door ability of Spammers to infiltrate my board.

For instance, here is a sample REPORT POST:

A user (Irene at IP 125.182.71.26) has requested that you review the following post by Murphymum in a forum you moderate:

( the body of the post is legitimate, but then:)

The user's reason for this request is:

Thank you!
http://vjxthhfh.com/mvlc/xulf.html | http://jizlxftc.com/njow/brgz.html


And here's a few more examples of endings:

The user's reason for this request is:

Thank you!
http://nbqkpvyo.com/pciq/khkk.html | http://ahvyiagx.com/frot/txta.html


The user's reason for this request is:

Good design!
My homepage | Cool site


DOES ANYONE KNOW HOW THIS IS BEING DONE AND WHAT TO DO ABOUT IT? MY MODERATORS ARE GOING CRAZY WITH THESE "REPORT POSTS" EVERY DAY.

Thanks!

Jerry

Probably the simplest fix would be to upgrade to 6.7.3 - there's been many exploits fixed in the last few years since 6.3.1.1 was released:

https://www.ubbcentral.com/support/version.php?product=UBB.classic

Skydiver, I feel your pain. We have the identical problem.

I was all set to post a workaround not requiring upgrading: it involves disabling REPORT POST completely, but rejiggering the UBBFriend feature as a means for registered members to still report spam postings.

Unfortunately... Even after disabling REPORT POST, we are STILL getting spam.

If I can get the REPORT POST spam to stop (even after disabling that option), I will gladly post exactly what our workaround was. But as it stands at least for us, disabling REPORT POST has NOT stopped the REPORT POST spam.

Mikey

I'd like to add that UBB.Threads6 and UBB.Classic6 are two completely differant products which are coded in two differant coding languages (PHP vs Perl); so where a script may work for one it likely won't work for the other...

Also keep in mind that both products had differant people working on the code, and the UBB.C guru (Charles Capps) is no longer with Groupee.

The best coarse of action would be either upgrading to the latest UBB.C (which will, as allen pointed out) fix numerous security issues), or even go so far as to upgrade to the new UBB.T7.

I think I may have solved this problem using existing UBB Classic 6.5 functionality - look here.

You can completely nerf the "Report Post" capability by removing the following code block in ultimatebb.cgi:

Please note that there have been numerous security issues fixed in newer versions of UBB.Classic.

Lots and Lots... lol...

I'd like to see the old changelogs added back to the site so we can use them for notifying our clients of the stuff added...

Thanks. I plan on letting Groupee do the hosting for us within a couple of months. Thanks for this board, a great resource

Hi, I guess I've found "my people"

hope someone sees this as I am having some similar problems for the first time with ubbclassic in all the years we've been running it. Have always felt so secure but perhaps we are big enough now to be noticed by spammers. I don't want to upgrade....is this silly...because our ranking on google is so high with the html pages ubbclassic creates for us.

So I am running UBB.classic 6.7.1 and no spammers are using the report posts, but there is a sudden deluge of about three registrations a day that are obviously bogus. They don't post. They register with one ip and come back on another....the only advantage to registering I guess is that they get some info about the site in the email that comes back with their password and that in their profile and even in their name is some advertisement for Dr.Pill or xxxsexypornstarsxxx etc.

Are they doing this by registering in realtime or are they using some back door way in? Most are from germany or denmark.

SO MY QUESTIONS ARE:

1. Any insights?
2. Is there an upgrade for us that will maintain our ranking?

I need to ask also where one would go to get the later versions of ubbclassic since I was notified of the end of the programs support and continue to get pleas to upgrade to Ubbthreads.

The latest (final) build of UBB.Classic is in the member area, on the right hand side of the page.

It is UBB.Classic 6.7.3.

Since this is a security issue shouldn't UBB provide at least the classic to classic upgrade for free? Is it a coincidence that these spammers wait until you are done with your first year so then you are being forced into paying another $125 just to get a security fix that you should have been alerted to when it first came out.

I'll admit to being a few years out of my support agreement but I feel like I am being coerced into paying a yearly fee just to keep up with security. Even Microsoft doesn't do that.

I'm up for the option of archiving my current UBB borads, that I've had no issues with until recently and instead of being given real help I'm only being told to upgrade over and over.

I'll move to one of the free BBS options which offers the security I'm looking for without the costly fees to stay up to date.

AMCiotola

Microsoft does do that, they EOL their software like any other company that stays in business long enough to do so. You can't get support on win95 and assume all responsibility for someone hacking your computer should you continue to use it.

There aren't any free forums out there that offer decent long-term security protection. What's secure today won't necessarily be secure tomorrow, as new ways are found to break a script that wasn't available today.

It's up to us as site owners to do what's necessary to maintain our sites security-wise and that includes updating the software - I upgrade every time a new version comes out, especially if it contains bugfixes/ security fixes. I don't want all my hard work to go down the drain due to some script kiddie playing with my site. 6.7.3 has been released more than a year and a half - no reason why site owners shouldn't have updated by now, the release announcement shows in your control panel every time you access it.

BTW, the versions of windows that are EOL are W98SE and below; you cannot get any support for them because they are EOL.

The UBB.C install in the member area is there as a courtesy for users migrating to UBB.Threads7 as the importer was created for UBB.Classic 6.7.

As for having to pay for the security upgrades; features come with the upgrades; you're not just getting the security fixes, you're getting the features and support that come with it as well.

Also, nothing is secure, to say your product is secure will only bring more users to try and crack into it.

Also, no freeware solution is secure, look at phpbb, one of the oldest currently built on products, it's an insecure pile of crap; i shut down my community because none of their security worked, their captcha still let bots in, i was getting spam postings from non existant users, etc. none of which i had in UBB.C or UBB.T.

Honestly, if your decision is made up that you're leaving, theres not much of anything anyone can say to change your mind, other than any product will have its issues here and there, and once a product is EOL theres generally no support for it.