huge bug in SMF 2.0 RC2

[vivithemage]

I don't have the time to REALLY look into it, but I had a for-fun site setup, with about 5 friends on it. Something/somehow was sending oodles of spam mail with the Reply-To set to my email address. Everyone on the forums got about 35 emails before I suspended my own web hosting account to stop them from going out.

The subject line was similiar to : zGWBvbSsGtdlq but always auto generated randomly like that.

The content contained this :

cNEqrz  <a href="http://afapftstruzt.com/">afapftstruzt</a>, lcomtolczkyv, [link=http://aiksnipatmvo.com/]aiksnipatmvo[/link], http://kpsrvecyanjn.com/

but auto generated and would go no where.


header :


from   [email protected] <vivithemage(AT)gmail(DOT)com>
reply-to   [email protected]
to   vivithemage(AT)gmail(DOT)com
date   Tue, Jan 19, 2010 at 3:44 PM
subject   zGWBvbSsGtdlq
mailed-by   den1.vivicalhosting.com

obvious reasons I marked out my email. Am I the first to experience this? Anything you'd like me to do to help troubleshoot an issue like this?

[KensonPlays]

Sounds like a hacker. Sorry, I don't know what to do, except if you can, pick a new email address to send from, and if needed, create a new admin that is just like yours, and new password, username, and delete your old one. That I all I can do to help, sorry...

[vivithemage]

Any way I can check, i'd like to make sure it doesn't happen again.

[KensonPlays]

I would too. I guess you'll have to wait for a person who knows SMF way more than me to help...

[greyknight17]

vivithemage, is this issue resolved yet? First thing I would check is the permissions for guests are not set to view member profiles. Another thing to check is in Admin > Configuration > Security and Moderation. Confirm that Allow viewable email addresses is not checked.