MNScuba.com
It looks like spammers... - Printable Version

+- MNScuba.com (http://www.mnscuba.com/forum)
+--- Thread: It looks like spammers... (/showthread.php?tid=4145)



It looks like spammers... - DetectorGuy - 11-18-2008

I think there are some bugs in the new version of SMF 1.1.7... I opened it up and there was a ton of advertisements at the top... I thought upgrading to SMF 1.1.7 was going to be an improvement?


Re: It looks like spammers... - tullibee - 11-18-2008

it looks like it IS an improvement from the viewpoint of the spammers...  >Big Grin


Re: It looks like spammers... - NorthlandDivers - 11-18-2008

It is amazing how the spammers can come in and just take over like that.


Re: It looks like spammers... - jasondbaker - 11-18-2008

The bugs aren't related to the software.  Forum operators all over the world are fighting spammers that have better weapons today.  First, the spammers are employing newer optical character recognition software that can automatically break CAPTCHAs (those funny letters you have to type in when registering). Second, some spammers are now employing actual humans in cheap labor markets to register accounts on forums.  These guys are hard to stop.  I have a few more tricks we can use to stop these guys.  In the worst case we move to a moderated registration process -- which means more work for your lowly moderators.  >Sad


Re: It looks like spammers... - jasondbaker - 11-18-2008

Well it has been quite the fun day.  Shortly after my last posting I noticed the advertising that DetectorGuy was talking about.  This was definitely a software injection attack.  It took me a couple hours to clean up the advertising from the forum.  Then I began to do some forensic work to figure out how the evildoer managed to get in.  I discovered that he used a vulnerability in the Coppermine gallery software to rewrite some of the SMF forum files.  Sneaky bastard.  They used this same vulnerability to patch files on the wiscuba site as well -- although that site wasn't displaying ads.  I upgraded the Coppermine gallery software to the latest version and I cleaned out the code changes the script kiddie made.  Hopefully he is gone.  I may need to install some extra security safeguards to ensure he was fully removed.