UBB.threads PHP Forum Software Community Forums UBB.threads 7 Bug Reports False 'New User Registration' e-mails

I just wanted to check to see if anyone else has had the problem of receiving 'false' new user registration e-mails...? I get anywhere between 20-50 in any given day. When I go check the registration queue (which I enforce), there are none pending... the user id's listed in the emails do not exist in the database... so, I'm guessing that someone's scripted an attack on the email script or something. Before I start trying to figure out how to stop it (referrer check is on, btw), I wanted to see if others have been seeing the same thing.

I'm on 7.5.7.

Thanks!

Matt

Humm.
Not sure since I don't force the registration queue and my test board is still on 7.5.6.
I would need to upgrade my test board and test it.

But I assume it could be the stop forum spam module in 7.5.7.
There are options on how stop forum spam reacts to registrations.

So possibly it could be deleting the actual registration as a disapprove???
Or you are getting some type of spam email being spoofed.
I would check the email server and see if the emails actually came from your server.

Also on the referrer check.
You might as well disable it on the next line.
The setting will disappear one day and it has been suggested in many posts to turn it off since it is no longer needed and today causes problems for some.

Right now, I do have referrer check turned on. I've not seen any issues with that. Also, for the Spam Protection Level, it is set to Auto with Message. I can try setting it to full Manual and see how that goes. Does that make sense to try to attempt to resolve this, do you think?

Like I said I have not really attempted to test the new feature(stop forum spam).
Setting it back to the default manual setting may or may not prove that is what is happening.
I just considered it could be what is deleting the registration queue, If it finds a spammer attempting to register.

But I would suspect more that it is some type of email spoofing:
http://en.wikipedia.org/wiki/Email_spoofing

The only way I know to check would be to actually login to the email account entered in:
CP>Primary Settings
Board Email Address:
All emails being sent out will come from this address.
Send one to yourself.
Then when you receive it dig through the header(option selection) and see where it came from and how it got to you.
You may need to dig a little to find evidence it was sent from you.

If you receive a email that is not from that account's outbox then you can probably assume it is spoofed.

I just got one from my brother yesterday.
It all looked legit from his corporate email account.
But the content of the body of the email did not jive.
This also could be a virus from someone elses computer that is using their address book to send email using spoofed info and that user is not aware it is happening.

Yeah, the x-header info is showing it coming out of register.php, but I'm not able to decipher if that script is being called through an external PHP hack or not...


I'll keep poking at it. Thanks!

I assume you edited the header some to protect your privacy.

right off the bat the ip is from Pakistan Telecommuication company limited.
subject looks fishy unless you edited the language files.
the default subject I get is:
also the from should be
Where community name is what you have entered in the ubb control panel.
Or your host has you setup completely different than most php servers.
Why don't you just register yourself with a test name and different email address than you use for yourself. Then you know you have a legit header and compare it to that one.