Spam signup Question

Started by pykras, November 21, 2012, 07:08:27 AM

Previous topic - Next topic

pykras

Slightly concerned had two or three signups in recent weeks from china.  I use the reason for joining mod and always in the box is the following:

#file_links[C:\Users\Administrator\Desktop\url-xr.txt,1,LP]

It's as if they are trying to upload something to the site.  A quick search on google for the text above shows its not the only forum


Seems they are only doing it to SMF Boards, anything to be concerned about?


Storman™

QuoteA quick search on google for the text above shows its not the only forum

Googled it like you and K@, and yes there are a few forums around like that. However, most seem to be riddled with spam anyway so I would suspect they are badly configured with few "defences".

My initial thought would be to dump that mod pronto.

Do you have any anti-spam mods in place ?

pykras

Yes Storman, we have several in  place, just wondering if there might be something new the member was trying to do.  Membership is based on approval and IP checks.

Just didnt know if it had been picked up before and if it was something to be concerned about


Storman™

I'd just keep an eye on things, it doesn't seem to get anywhere but you never know.

Would be worth adding something like CrawlProtect which will help with code injection attempts and a few other exploits.

BFriendly

Quote from: pykras on November 21, 2012, 07:08:27 AM
Slightly concerned had two or three signups in recent weeks from china.  I use the reason for joining mod and always in the box is the following:

#file_links[C:\Users\Administrator\Desktop\url-xr.txt,1,LP]

It's as if they are trying to upload something to the site.  A quick search on google for the text above shows its not the only forum


Seems they are only doing it to SMF Boards, anything to be concerned about?

Well first, my guess is that the reason why it's only SMF boards is because that is what the spammer is looking for, and that is what the script is "aimed" at.  It appears to me that the C:\etc.... address is where the spammer's computer is storing whatever data he wants to paste into the forum.  Either the text of the post, or a signature in the forum profile, IDK, but I wouldn't worry about it.  It looks like someone is teaching themselves how to code scripts, or one that they have purchased has a flaw in it.

As an aside, I installed the Avatar image verification Mod 2 days ago, and it is like someone turned off the spam faucet.  I'm thinking about keeping the Avatar mod and getting rid of the "captcha" mod.

pykras


Advertisement: