POZ Community Forums

Off Topic Forums => Off Topic Forum => Topic started by: Peter Staley on July 10, 2006, 10:23:35 am

Title: New policy since Sunday night's spam attack
Post by: Peter Staley on July 10, 2006, 10:23:35 am

About 50 of our members received pornographic PMs on Sunday from a single spammer who has since been banned.  Many also received an automated email from our forums software with the same subject line of the PM, and a link to the PM -- this was just because our forums software allows for this option, and because those users had PM email notifications turned on in their profiles.

The spammer never gained access to anyone's email address, he just spammed folks via PMs.

We've done three things thus far to prevent further attacks:

1)  We've banned this specific spammer.

2)  We've lowered the number of users a person can send a PM to at one time -- it used to be 10, and now is set at 5.  So you can only send a single PM to 5 users at once.  This makes it harder for a spammer, who must create more PMs to spam the same number of users.

3)  We've created a threshold membership level for gaining access to the PM system.  This is the big change thus far.  Basically, you have to post 3 messages in the forums before you are allowed to send PMs to anyone.  You can still receive PMs, regardless of your message posting level, but you'll have to participate in the forums to some degree (3 postings) before being allowed to PM others.  This will prevent a spammer from simply joining and spamming the PM system.  They'd have to participate in the forums first, which helps dissuade spammers.

We may decide this is overkill.  We've only been spammed this way once, and many of you might want to PM without having to post in the forums.  Feel free to leave your feedback about this new policy in this thread -- we're keeping an open mind about this.

Peter
Title: Re: New policy since Sunday night's spam attack
Post by: Steven on July 10, 2006, 10:50:14 am
I think the posting before you can use the pm feature is a good idea.
It's nice to know a little about someone before you try to answer their PM.
Title: Re: New policy since Sunday night's spam attack
Post by: Grasshopper on July 10, 2006, 10:54:55 am
Wouldn't it take only 3 or 4 random quick replies saying only Hi or Hello to reach the minimum quote to post PM's ?
Title: Re: New policy since Sunday night's spam attack
Post by: zephyr on July 10, 2006, 01:36:09 pm
Hi Peter,

Thanks for taking these security steps. I appreciate it.

However, I thought I'd let you know that my setting for 'pm alerts' is (and was) set for 'never' (send them).

Not sure what this indicates, but I am always receiving pm alerts in my private email account.

Regards,

Zephyr
Title: Re: New policy since Sunday night's spam attack
Post by: The Canuck on July 10, 2006, 01:44:56 pm
Peter,

Thanks for taking these measures against spammers. By the way Peter, I only got the PM's from this jerk and no e-mail since my notification by e-mail for pm's was disabled. I thought it was an annoying feature anyway, at least for I.

Regards,

The Canuck
Title: Re: New policy since Sunday night's spam attack
Post by: Peter Staley on July 10, 2006, 01:59:12 pm
Zepher -- you caught this before I could post an additional message about it.  

We just updated the database so that all those who had "send emails always" in the PM notifications settings have been changed to "never".  We did this because the software had "always" as the sign-up default, so many folks were getting these emails without choosing to first.

Those who set theirs to "From Buddies Only" were uneffected by this database update, since you manually selected that at some point.

So, if you WANT to receive email notifications for all the PMs you get, you'll need to reset this option.

Peter
Title: Re: New policy since Sunday night's spam attack
Post by: david25luvit on July 11, 2006, 01:06:49 pm
Thanks Peter.........
Title: Re: New policy since Sunday night's spam attack
Post by: mike on July 11, 2006, 01:28:49 pm
The forum software world is always buggy, i have been running forums for years some of which have become massive and the bigger the forum, the more spam attacks you get, it's a fact of life as are hackers trying to access staff and admin forums which is why it's important to subscribe to all software updates for forum boards.

Turning off the email notification is a good idea, it just generates unnecessary emails and puts stress on the server at peak times.

Those who worry about security and have posted in these threads don't really understand the system enough to realise there is no security breach on this occasion  ( no offence intended )

Nobody can stop spammers from joining and spamming on a free board unless you begin to increase prevention like they have done here, although i don't think posting 3 posts in the main forum will really stop them that much if they are determined.

Banning IPs and email accounts does not stop true spammers as they can always connect via proxy or maybe their IP is dynamic in which case it is useless (only works on static IPs )

I use a much more devastating and effective system for getting rid of problem members 100% and it does not involve hacking their PCs or anything illegal. If the admin are interested, contact me and i will give them details  , it really is very effective completely eliminates trolls on my sites.  ;D
Title: Re: New policy since Sunday night's spam attack
Post by: ZCorker on July 13, 2006, 10:22:11 am
    The damage from the spam attack is not over.   I am unable to delete or remove the URL from my browser history.  I tried uninstalling and reinstalling the browser, but to no avail and the URL is still in there.

    The porno spammer technology appears to have copied the name of a different URL.  So when I select craigslist I get porno. 

    I tried modifying the host file to delete the stuff out of there, but am unable to because of the spammers infestation. 

   I haven't taken the trouble of booting into safe mode and seeing if I can do it there.  In any event, anyone who got hit with the porno spammer should consider that their computer is still infected.  You may want to do a search with your operating system for the word host.  The correct host file is usually found in your System32 file.

   Does anyone have any suggestions on how to get this thing off of my computer?  I have tried running Spybot S&D, Spyware Blaster, Spyware Guard, Spyware Sweeper, Windows Defender and I still can't get it off of here.

ZCorker
 :-\
Title: Re: New policy since Sunday night's spam attack
Post by: DingoBoi on July 13, 2006, 10:28:33 am
zcork... doncha know you shouldn't be looking at porn?  especially bad asian porn?   It's like karma or something. 
Title: Re: New policy since Sunday night's spam attack
Post by: Ann on July 13, 2006, 03:47:58 pm
Hi Z,

I haven't noticed any problems. I didn't click on the link - I never click on spam links - but I have to ask, did you? Because if you didn't click on it either but still got this problem, then I guess I'll have to try to figure out if I do indeed have this crap on my computer too.

Thanks...
Ann
Title: Re: New policy since Sunday night's spam attack
Post by: livingpositively on July 13, 2006, 08:00:12 pm
I think having to post before being allowed to PM is a good idea.  In the sense that it won't stop people from "just posting" 3 responses to be able to PM...what about NOT making it "public" knowledge that 3 posts is required first.  If they try to PM, they simply get a message that they are not yet allowed to do so.  Just thinking   :)

Shane
Title: Re: New policy since Sunday night's spam attack
Post by: J.R.E. on July 13, 2006, 08:02:28 pm
Hello Z,

Try the following first. On internet explorer, open tools, select internet options. Under the general tab, select to clear your history, then delete files, then delete cookies. then under the "content tab", click on "auto complete", and uncheck web addresses, then select "clear forms"

Then reboot, and see what happens.


If that doesn't do it, if your system has "system restore" you will have to temporarily disable it. Reboot when asked to.

Then, restart the computer in safe mode, and run your antivirus and spyware programs, from that mode.

People often forget to disable the restore feature, as things can sometimes hide in there.



Good luck-----Ray