Topic: Someone sent spam to all my 13000 users!
How do I prevent this from happening again? The user is now banned, but he still have sent spam to all the users in my forum (13000!)
Im so pissed of right now! 
/C
Re: Someone sent spam to all my 13000 users!
With spam i mean he sent e-mail to all the users... He probably have a script wich goes through every profile and sends an email with the form... every spam is sent with MY mailserver with my sender, wich sucks even more!
Re: Someone sent spam to all my 13000 users!
I think it will be a very good idea to add a confirm_referrer() call to the misc.php, like so:
Change line 92 ff:
if (isset($_POST['form_sent']))
{to
if (isset($_POST['form_sent']))
{
confirm_referrer('misc.php');I will not join the chorus of those who want all their favourite hacks to become standard- but it would be really good if this one did I guess...
The German PunBB Site:
PunBB-forum.de
PunBB-forum.de
Re: Someone sent spam to all my 13000 users!
Tobi wrote:
I will not join the chorus of those who want all their favourite hacks to become standard- but it would be really good if this one did I guess...
I agree, it does sound like a good idea to confirm the referrer, especially with something as delicate as email addresses/spam
-Steve
Re: Someone sent spam to all my 13000 users!
Except that referrer is easily faked 
One way to do it is to remove the possibility of emailing like that: implement PMs instead or something (which are easier to take care of)
Re: Someone sent spam to all my 13000 users!
I plan on implementing a simple form of "throttling" in 1.3. This throttling will affect various actions. Registering, posting, sending e-mail etc.
"Programming is like sex: one mistake and you have to support it for the rest of your life."
Re: Someone sent spam to all my 13000 users!
It seems like he/she/it have not succeded to send to everyone, but probably at least a couple of thousands..
Re: Someone sent spam to all my 13000 users!
Don't we already have a posting throttle?
Re: Someone sent spam to all my 13000 users!
I had this happen through an older bug in a past version of PunBB, through them being able to login and then using some mail plugin that emailed all your members. Make sure that you're forum version is updated, and email an apology or something to your members. 
Re: Someone sent spam to all my 13000 users!
Smartys wrote:
Don't we already have a posting throttle?
Yep, the default is 60 seconds inbetween posts.
-Steve
- Connorhd
- Former PunBB Developer
- Offline
Re: Someone sent spam to all my 13000 users!
Re: Someone sent spam to all my 13000 users!
Connorhd wrote:
Smartys wrote:Don't we already have a posting throttle?
Not for guests?
Exactly. I have an idea on how to utilize the online table for the throttling. We'll see how it turns out. I want to keep the DB changes to a minimum.
"Programming is like sex: one mistake and you have to support it for the rest of your life."