News:

SMF 2.1.6 has been released! Take it for a spin! Read more.

Main Menu

Odd random emails coming from our forum

Started by halfcrazy, January 31, 2013, 05:14:15 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

halfcrazy

January 31, 2013, 05:14:15 PM
We are running the latest version of SMF and our forum has started sending random emails out. I suspect we have a bot or virus. Here is an example of the emails.

Subject: DTcujfvZVAC
From: "[email protected]" <[email protected]>


UD2iFr  <a href=" ((http://))djxxfzrnkhwt ((.)) com/">djxxfzrnkhwt</a>, rhcndxebvmje, [link=((http://))ljtixojcbuzt.com/]ljtixojcbuzt [nofollow][/link], ((http://))twxmhyoutbbh.com/ [nofollow]


Any help where to start looking would be greatly appreciated. I changed the parts in Red to be able to post this

Thank you in advance
Ryan

Arantor

#1
January 31, 2013, 06:10:00 PM
Is there anyone on the forum with that email address? (i.e. a registered user)
Holder of controversial views, all of which my own.

halfcrazy

#2
January 31, 2013, 06:13:32 PM
I assume you mean the bogus one? If so the answer is no. The forum@midnite is the forums email

Ryan

Arantor

#3
January 31, 2013, 06:28:42 PM
I did mean the bogus one... so no member has that?

Hmm, I didn't think guests could access the sending an email system even with the recipient having set 'allow people to contact me' being enabled :/
Holder of controversial views, all of which my own.

halfcrazy

#4
January 31, 2013, 06:36:35 PM
Well I am thinking this could be a virus on our server exploiting SMF? I am at a loss as to where to start. I will contact Lunar Pages tomorrow and wee what they suggest.

Ryan

Kill Em All

#5
January 31, 2013, 08:13:42 PM
What Arantor is getting at is that there could be a user with the bogus email address that is using the forum to send emails to users. In this, case there wouldn't be a virus on the server, just a member using a standard SMF feature to get in contact with other members through email.

Edit: Correct me if I'm wrong, Arantor.


My Site: KEAGaming.com

Manual Installation of Mods
Prevent Spam and Forum Attacks
Please do not PM or email me for support unless offered, help should be publicly displayed to others.

Arantor

#6
January 31, 2013, 08:25:25 PM
Well, pretty much. I was initially thinking a spammer had signed up and used the email feature to send emails out to people.

What would be really interesting is to see the full headers of the email, that would at least validate whether it came from SMF or not to start with (as opposed to something else tagging on the site)
Holder of controversial views, all of which my own.

halfcrazy

#7
February 01, 2013, 06:59:01 AM
I see what you are saying on the Members? I suspect there is a way I can look at outgoing logs?

On the header I can probably supply that but may need some guidance as to How to find it in Outlook?

Ryan

halfcrazy

#8
February 01, 2013, 07:06:50 AM
Ok here is the header on one of these from the forum to me personally

Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Thu, 31 Jan 2013 10:46:14 -0800
Received: from midni9 by sadar.lunarpages.com [nofollow] with local (Exim 4.77)
   (envelope-from <[email protected]>)
   id 1U0z9K-0008W2-Mt
   for [email protected]; Thu, 31 Jan 2013 10:46:14 -0800
To: [email protected]
Subject: KoJJjrlPeSOIzIdg
From: "[email protected]" <[email protected]>
Reply-To: <[email protected]>
Date: Thu, 31 Jan 2013 18:46:14 -0000
X-Mailer: SMF
Mime-Version: 1.0
Content-Type: multipart/alternative;
   boundary="SMF-0fbbf4e390a4dd532e04b1b4684f6511"
Content-Transfer-Encoding: 7bit
Message-Id: <[email protected]>
X-Antivirus: AVG for E-mail 2013.0.2890 [2639/6070]
X-AVG-ID: ID134C4A82-E7B9BF3

Print
Go Up Pages1
User actions
Advertisement: