Site Links
Pricing & Order
Members Area
Support Options
Who's Online Now
0 registered members (), 71 guests, and 142 spiders.
Key: Admin, Global Mod, Mod
Member Spotlight
Portsmouth, RI
Posts: 91
Joined: January 2009
Show All Member Profiles 
Top Posters(30 Days)
Gizmo 15
isaac 9
SteveS 9
Ruben 6
Morgan 5
jorb 4
Latest Photos
Testing to drag photos
Comfortable Cats
BSA photos
Previous Thread
Next Thread
Print Thread
extreme security bug used to send ou 100.000s of spam emails #194771
08/21/07 03:34 AM
08/21/07 03:34 AM
wnedoe  Offline OP
Joined: Aug 2007
Posts: 1
I use version 6.5

My provider informed me that the UBBT script addpost_newpoll.php
was used to send ou more than 100.000 spam emails and nearly cancelled my contract.

It seems that this is a well known bug at least to spammers as they had even programmed a complete USER INTERFACE for sending spam with UBBt and so probably millions of spam emails are sent out each day with he help of ubbt.

The way this script is/was abused

/forum//addpost_newpoll.php?addpoll=preview&thispath= HTTP/1.1" 200

(the abuse script has gone at this place but is probably to be found at a lot of places elsewhere

Re: extreme security bug used to send ou 100.000s of spam emails [Re: wnedoe] #194772
08/21/07 04:19 AM
08/21/07 04:19 AM
Gizmo  Offline
UBB.threads Developer
Joined: Jun 2006
Posts: 17,009
Portland, OR; USA
Are you running 6.5? If so, security issues are well known in builds prior to 6.5.5, you should consider upgrading.

I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Need to Upgrade?
Forums: A Gardeners Forum Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Re: extreme security bug used to send ou 100.000s of spam emails [Re: Gizmo] #194779
08/21/07 09:55 AM
08/21/07 09:55 AM
Rick  Offline
Former Developer
Joined: Jun 2006
Posts: 10,177
Aberdeen, WA
Yes, we sent out an email to all of our customers when we were made aware of this and had a patch out to fix it. You should definitely at least upgrade to 6.5.5 at the minimum.

Shout Box
Today's Birthdays
No Birthdays
Recent Topics
Private Message, Opt out of conversation
by jorb. 12/04/18 10:11 PM
Disable IP display in Who's Online?
by Baldeagle. 11/29/18 09:05 PM
Permissions problem
by Baldeagle. 11/25/18 09:44 PM
Reddy Kilowatt
by SteveS. 11/20/18 08:30 AM
by Morgan. 11/18/18 02:33 PM
Forum Statistics
Most Online978
Jun 24th, 2007
Random Image
Powered by UBB.threads™ PHP Forum Software 7.6.2