Previous Thread
Next Thread
Print Thread
Hop To
People posting spam #248705 03/18/2012 8:50 PM
Joined: Aug 2006
Posts: 583
Basil Offline OP
old hand
OP Offline
old hand
Joined: Aug 2006
Posts: 583
This has happened a couple of times over the past few weeks. Someone is spamming my forum with posts that contain links to (likely) malwar sites that talk about presacription drugs, etc. They are positing in my forums withour registering so they show up as "anonymous". What is even more disturbing, they are posting in forums they are either open only to admin, or forums that are closed. Of course I firewall their IPs, but it is troubling that is is hapenning. I searched my logs and located the offending IPs and this is what I found: (I've x'd out some info, but you'll get the jist):

[18/Mar/2012:14:50:12 -0400] "POST /x/ubbthreads.php HTTP/1.1" 302 -"http://www.xxxxxxxxxxx.com/x/ubbthreads.php/topics/811793/Your_subject_here" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 GTB5"

Is this some kind of PhP Exploit being used, and if so is there anmything we can do about it?

Re: People posting spam [Re: Basil] #248706 03/18/2012 9:31 PM
Joined: Jun 2006
Posts: 1,344
gliderdad Offline
veteran
Offline
veteran
Joined: Jun 2006
Posts: 1,344
Seems like you had this issue a few months ago too. Are you running a blog software like wordpress as well? The HTTP/1.0" 302 - should be just a redirect. Would be more concerned if the POST returned a 200 response which means success.

Im am far from an expert or really knowledgeable about this but they could be getting in from an exploit on the webserver, other software like a blog, or got in prior to the patch and left a backdoor or all files not cleaned out.

Hopefully SD or someone can shed some light on this.

Re: People posting spam [Re: Basil] #248707 03/19/2012 11:36 AM
Joined: Jun 2006
Posts: 6
MattyJ Offline
stranger
Offline
stranger
Joined: Jun 2006
Posts: 6
I've been seeing an increase in this as well. I've turned on the registration queue, as their accounts are pretty easy to identify when they sign up. I've also banned about 10 IP addresses now.


--------------
Matt Reinfeldt
Re: People posting spam [Re: Basil] #248708 03/19/2012 1:57 PM
Joined: Dec 2003
Posts: 5,998
Ruben Offline
Offline
Joined: Dec 2003
Posts: 5,998
Basil, your site location as I recall I checked today and your patch is 7.5.6p1 the current security patch is 7.5.6p2
p2 replaced p1 withing a week or so due to another hole found.

Also I am sure you are aware the patch does not repair any existing damage. So even if you are current if someone has hacked the board prior, there is quite a bit of research to do for cleanup.


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Re: People posting spam [Re: Ruben] #248710 03/19/2012 9:20 PM
Joined: Aug 2006
Posts: 583
Basil Offline OP
old hand
OP Offline
old hand
Joined: Aug 2006
Posts: 583
Originally Posted by Ruben
Basil, your site location as I recall I checked today and your patch is 7.5.6p1 the current security patch is 7.5.6p2
p2 replaced p1 withing a week or so due to another hole found.

Also I am sure you are aware the patch does not repair any existing damage. So even if you are current if someone has hacked the board prior, there is quite a bit of research to do for cleanup.


Thanks - I guess I missed the p2 patch somehow. Not sure if that will fix this particular issue but certainly won't hurt to upgrade! Thanks!

Re: People posting spam [Re: Basil] #248711 03/20/2012 1:34 PM
Joined: Dec 2003
Posts: 5,998
Ruben Offline
Offline
Joined: Dec 2003
Posts: 5,998
Like I said it will not fix prior attacks only going forward in the future
If some intrusion has already happened,then you need to do some homework to find it.

I know SD and Gizmo has done some cleanup.

I assume they used something like beyond compare. To look for extra files or file content that does not match a virgin install.


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Re: People posting spam [Re: Basil] #248712 03/20/2012 5:02 PM
Joined: Jun 2006
Posts: 15,852
Gizmo Offline
UBB.threads Developer
Offline
UBB.threads Developer
Joined: Jun 2006
Posts: 15,852
More involved than just that (since to do all of that i'd have to download all files in their forum directory which can easily get up there with cache files and other directories which could be filled with files that could be touched bya hack).

Please note though, the hack isn't restricted to the forum, it's your entire userhome with your host that can contain files that a remote hacker placed while your forum was hacked.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Need to Upgrade?
Forums: A Gardeners Forum Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Re: People posting spam [Re: Basil] #248713 03/20/2012 5:14 PM
Joined: Dec 2003
Posts: 5,998
Ruben Offline
Offline
Joined: Dec 2003
Posts: 5,998
Well I was trying to be positive on where the hack might be. But Gizmo is correct. It could be anywhere in any folder.


Blue Man Group
There is no such thing as stupid questions. Just stupid answers

Forum Search
ShoutChat Box
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
Mobile app?
by Baldeagle - 12/06/2019 9:32 PM
How do you change Text Line spacing?
by jorb - 11/23/2019 12:14 AM
What happened to FAQ or Forum Help
by Ruben - 11/20/2019 11:58 AM
Search feature encountering an Error message
by jorb - 11/20/2019 12:06 AM
Followed List v7.7.2 Question
by Ruben - 11/12/2019 12:22 PM
Who's Online Now
1 registered members (may), 68 guests, and 423 spiders.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Amusing Terain Scenics
Amusing Terain Scenics
by isaac, August 19
Sky places
Sky places
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Snapshot build 20191023)