You are not logged in. Please login or register.
PunBB Forums → PunBB 1.2 bug reports → Help! My PunBB Mailer has just been exploited
Hey everyone,
Somehow all of my members have been spammed. The email header says "X-Mailer: PunBB Mailer". And I'm getting several personal emails from members letting me know that they got this same spam message... is this a known bug? Is there a patch? I'm using v1.2.12
I've just renamed the email.php file to something else for right now and put the forum in maintenance mode...
Was the message sent through the mailing form?
How can I tell?
Well, the message should be in the form of (I sent myself a test mail 
)
elbekko from PunBB.org Forums has sent you a message. You can reply to elbekko by replying to this e-mail.
The message reads as follows:
-----------------------------------------------------------------------
Bleh
-----------------------------------------------------------------------Yep that's exactly how its formatted.
Well, who was the sender? Ban him.
Might be useful to allow a user to only send x form mails per minute or so.
Probably this was done by just submitting to the form email page from within a loop (and first logging in ofcourse).
OK I just banned that username and address... but how can I keep that from happening again?
OK I just banned that username and address... but how can I keep that from happening again?
Well, by putting in the check I suggested. But that would require some editing of the DB.
a usergroup thing perhaps (like the one where you need X number of sec between posts, perhaps combine the two using the same limit on both)
a usergroup thing perhaps (like the one where you need X number of sec between posts, perhaps combine the two using the same limit on both)
Myeah, but you would still need to store the last time they sent a mail 
Writing a mod for this would probably be fairly easy.
Myeah, but you would still need to store the last time they sent a mail
True. We could probably get away with adding that field to the users table though. I'll put this on the investigate list for 1.3.
It would be helpful if you simply added this as a permission (no minimum posts, just a checkbox). That way, you could only allow trusted members (people that have been around for more than 5 minutes...) to use the mailer at all.
This _exact_ same thing happened on the Textpattern support forum. I've had to turn it off for everyone except a few people that must have this ability.
Maybe there could be an option to turn off the ability for members to email each other at all...
Just put in fake SMTP details
PunBB Forums → PunBB 1.2 bug reports → Help! My PunBB Mailer has just been exploited
Powered by PunBB, supported by Informer Technologies, Inc.