Forum hacked - sending out garbage spam mails...

[increpatio]

My forum appears to keep on sending out spam mails to people ostensibly from the webmaster's email address.  I don't understand it really.  The mails look like:

Code Select Expand

                                                                                           
Delivered-To: [email protected]
Received: by 10.231.153.2 with SMTP id i2cs59812ibw;
        Wed, 18 Aug 2010 09:58:46 -0700 (PDT)
Received: by 10.150.58.20 with SMTP id g20mr575628yba.225.1282150725303;
        Wed, 18 Aug 2010 09:58:45 -0700 (PDT)
Return-Path: <[email protected]>
Received: from mail-out.phx.nearlyfreespeech.net (mail-out.nearlyfreespeech.net [208.94.116.219])
        by mx.google.com with ESMTP id q4si5750833ybe.81.2010.08.18.09.58.44;
        Wed, 18 Aug 2010 09:58:45 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 208.94.116.219 as permitted sender) client-ip=208.94.116.219;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 208.94.116.219 as permitted sender) [email protected]
Received: by mail-out.phx.nearlyfreespeech.net (Postfix, from userid 25000)
        id 75029170A7; Wed, 18 Aug 2010 16:58:44 +0000 (UTC)
To: [email protected]
Subject: ZlzApCgKsyEl
X-NFSN-Site: www.thegamescollective.org
X-NFSN-Path: /index.php
From: "[email protected]" <[email protected]>
Reply-To: <[email protected]>
Date: Wed, 18 Aug 2010 16:58:42 -0000
X-Mailer: SMF
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="SMF-7cf72e09b211cff549ce015b6cd4be21"
Content-Transfer-Encoding: 7bit
Message-Id: <[email protected]>


ZiWslN  <a href="http://mradcdxwugzp.com/">mradcdxwugzp</a>, [url=http://uxgqhtuulnlr.com/]uxgqhtuulnlr[/url], [link=http://mwahqnfatljj.com/]mwahqnfatljj[/link], http://ieftggwazjlh.com/
--SMF-7cf72e09b211cff549ce015b6cd4be21
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

ZiWslN  <a href="http://mradcdxwugzp.com/">mradcdxwugzp</a>, [url=http://uxgqhtuulnlr.com/]uxgqhtuulnlr[/url], [link=http://mwahqnfatljj.com/]mwahqnfatljj[/link], http://ieftggwazjlh.com/
--SMF-7cf72e09b211cff549ce015b6cd4be21--


I'm using SMF 2 RC3.

I acknowledge that there's a possibility that it's something in the underlying server.   However, when I change the webmaster email in the settings, the from field in the email changes to reflect thsi.

My forum is located here

http://www.thegamescollective.org/ [nofollow]

the phpinfo page is here [nofollow].

This has happened a couple of times - though only on this forum.  I've changed my password and reinstalled the forum software, which usually has sorted out problems.

Any suggestions/help would be very much appreciated - I don't really know how to tackle this problem : /

Thanks,

S

[IrateZebra]

Are you sure that it is not just forum notifications being sent out? Do you know the content of the emails being sent?

Double-check to see if you have enabled forum email notifications as this could most likely be the problem, and if it is, it really isn't a problem unless you don't want your forum sending notifications

[increpatio]

Thanks for your prompt reply -

Are you sure that it is not just forum notifications being sent out? Do you know the content of the emails being sent?

Yes, they're included in the bit I pasted in - consists of garbage text with garbage links - removing all the extra header info that's included, the above looks like

paVqML  <a href="http://kdxhwhnbmrpl.com/ [nofollow]">kdxhwhnbmrpl</a>, aywvdnxeosaj [nofollow], [link=http://sxdbpuciezww.com/]sxdbpuciezww [nofollow][/link], http://dyfugkwvupcp.com/ [nofollow]

That does not look like a notification mail

[IrateZebra]

Ah right. Well in that case, it could be spammers abusing the email system in SMF. This system allows members to email each other via SMF without showing email addresses. This can be prevented by not allowing guests to send emails and/or removing the option for members to email each other.

[increpatio]

Oh, right.  That's it.  I didn't know that was enabled by default for guests.  Thank you very much.

I can't see an option in the settings for disallowing people to email eachother via this system in general.

[Kill Em All]

Sorry for the delayed response, unfortunately, that was an overlooked piece in SMF 2.0 I believe. You can suggest to your users to disallow emailing from other members by going into their account settings however.

[DylanF]

Is there a way in 2.0RC5 to disable the email feature?  My members are getting spam emails, probably sent by guests.

[Kill Em All]

No new features are added in release candidates.