Today I noticed two posts on my SMF forum that was obviously spam (paris hilton porn, etc.). But it wasn't normal spam . . .
As soon as you click on the thread link, instead of opening up the post, it immediately opened up the attackers website. It loaded almost immediately, but was fortunately blocked by Firefox as a dangerous site.
So somehow a user was able to run code in the SMF forum to cause an automatic redirect?!
I am running the latest 1.1.7 on a linux machine. The only mod I am running is the YouTube mod.
The spammers IP is 92.113.215.182 and hostname 182-215-113-92.pool.ukrtel.net. He signed up only two user names and made a single post for each using a gmail email account.
I probably should have investigated his code more and saved the link, but I just woke up and wasn't thinking straight before I deleted everything.
you should post a link if it happens again
I have exactly the same problem... it's a week... everyday i remove about 10 "registered users" (spammers) and their own posts.
I have just removed 2 posts before read this thread.
As you can see in my forum, in the last 10 minutes, some new user registered an account (spammer), and soon some of these, will post spam.
I don't know how to limit this thing...
Now i will not remove spam threads... waiting someone of you could tell me how to resolve.
Bye
P.s. My forum is: http://lnx.htpcpoint.it
Well I can't figure out which if any is spam.
I'm looking for one that satisfies this: "As soon as you click on the thread link, instead of opening up the post, it immediately opened up the attackers website."
The idea is to figure out what they're doing, then of course we would delete the threads. What I have in mind is seeing if we can prevent those from working in the future, and working on other sites. Like some settings or something to prevent that type of post from taking them off-site.
maybe this related (http://foro.undersecurity.net/read.php?16,252)
Well the 1.1.6 exploit is what prompted the release of the 1.1.7 fix.
Maybe there putting their link in the thread title. ???
Was thinking that, but as far as I recall topic names are filtered to prevent functional HTML. I didn't check, could be wrong...
Html is not allowed in subjects nor messages. Although admins can use the html bbc to post straight html
Now you can see spam on my forum... lnx.htpcpoint.it
First board... amazing, they created threads with on topic the domain name!
I upgraded forum to 1.1.7 three days ago... i don't know how to prevent these spammers!
Hope someone help me how to solve or explain me how do they spam?
I have raised complexity on visual verify on registration... hope this help to block them to register new accounts.
I will let you know...
That is an interesting attack method
Infact i suppose the problem was that... it's 4-5 hours none register a valid account...
That do the job. No more spam accounts or spam threads.
Bye
The spammer hasn't attempted the exploit again . . . perhaps because I'm blocking his IP. I'll post what I find if and when I see it again.