Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Help Groups for Snitz Forums 2000 Users
 Help: General / Classic ASP versions(v3.4.XX)
 I've been hacked. Members spammed.		  New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

DaveDelaney
Starting Member

27 Posts
Posted - 04 November 2006 :  13:18:23  Show Profile
Help. I've been hacked and my members are being sent spam.
I'm using 3.4.05.
If there's no way to better the security, should I switch forum software? If so which one is best, and can I transfer the database?

Lots of questions, hope you can help.
Thanks
Dave

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 04 November 2006 :  13:33:32  Show Profile  Send ruirib a Yahoo! Message
What makes you say that? What have the "hackers" done to the forum? Do you have access to web server logs?

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

pdrg
Support Moderator

United Kingdom
2897 Posts
Posted - 04 November 2006 :  14:23:15  Show Profile  Send pdrg a Yahoo! Message
Yep, Dave, this is something everyone here takes VERY seriously, and if you can provide logs/evidence of an exploit you can rest assured that it'll be looked at in depth to patch it.

Please let us know all the details you have, as this is the first we've heard of this in 3.4.05, and it may be a configuration issue or it may be a brand new exploit. Have you followed all the install directions closely? Is the db in a protected folder? Have you got a good admin password? Or is someone spamming through the forum mailing facility (in which case, you know their username etc)?

Thx
Go to Top of Page

DaveDelaney
Starting Member

27 Posts
Posted - 04 November 2006 :  18:58:08  Show Profile
Here's the deal. I run a podcast called Two Boobs and a Baby. It's a parenting podcast, so I don't expect loads of people there to cause havoc - or any for that matter. We have great listeners, who also use our forums to communicate with us and each other. I have used Snitz for years on many forums and I've always been happy.

The other day, my wife got an email from our account, that was suppose to be from a user from the forum. The email was spam, your typical Nigerian Prince (http://potifos.com/fraud/) B.S.

Anyway, then one of our users also told us this happened to her. It seems that some how the guy hacked the forum to use the email addresses of our users to send spam.

I have since moved the database to a different folder, since it was in the same one. I always thought it was safe because the name is so far off anything to do with the site. I have no idea why he hacked it, or how. But they only give their email addresses to register on the forum, the rest of the site doesn't ask.

I don't know how to get the log. Any ideas?

Thanks guys/
Dave
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 04 November 2006 :  20:02:13  Show Profile  Send ruirib a Yahoo! Message
No, he didn't hack the forum. He just registered as a member and used the forum email function to email other members. However, he had no access to the email address at any time.

This has happened in other forums. There is a mod I wrote to avoid this, that stops members emailing other members until they have posted a minimum number of times. This effectively stops these nigeriam scammers.

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

Doug G
Support Moderator

USA
6493 Posts
Posted - 04 November 2006 :  20:08:05  Show Profile
There appears to be some web bot out there that can register on a snitz forum and send spam mails from the forum. This problem has occured at a few different snitzes I frequent. But I don't know a cure, sorry.
======
Doug G
======
Computer history and help at www.dougscode.com
Go to Top of Page

Podge
Support Moderator

Ireland
3775 Posts
Posted - 04 November 2006 :  21:50:19  Show Profile  Send Podge an ICQ Message  Send Podge a Yahoo! Message
Ruirib, I think you should add a link to that mod in your sig.
Podge.

The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)

My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board

Warning: The post above or below may contain nuts.
Go to Top of Page

palmdoc
Starting Member

23 Posts
Posted - 05 November 2006 :  16:25:15  Show Profile  Visit palmdoc's Homepage
I must thank Rui for this Mod. It has stopped quite a few Nigerian and other spammers in their tracks. We are notified of possible spam registrants via email, then we can quickly lock the offenders......
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 05 November 2006 :  18:08:31  Show Profile  Send ruirib a Yahoo! Message
Well, I'm just happy that you find it useful .

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

taropatch
Average Member

USA
741 Posts
Posted - 06 November 2006 :  12:35:34  Show Profile
I haven't added any mods, yet. However, I am manually approving new members. Using this process, I lock any suspicious pending members and the approved ones get the email verification email.

It does not take too much time and has stopped the spammers from gaining access. The good news is that once the spammer account is locked - the spam stops. As Rui mentioned, the spammer never actually gets to see your members' email address - unless they reply. When my forum got it, I was quick to remind my members that their data had been abused but their privacy not compromised.
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.28 seconds. Powered By: Snitz Forums 2000 Version 3.4.07