Author Topic: Got A Hacked Pm  (Read 4692 times)

Offline zhukant

  • Full Member
  • ***
  • Posts: 187
Got A Hacked Pm
« on: January 23, 2010, 09:43:37 PM »
http://img121.imageshack.us/img121/215/opuhackedpm.png

Dunno if it's a trend or anything but there it is. I won't delete it yet I guess
Detected rip in space-time continuum. Attempting repairs. Attempt #1 failed. Cause: unknown. Retry: comply: proceeding. Attempt #2 failed. Cause: probe annihilated. Retry: comply: proceeding. Attempt #3 failed. Cause: fleet annihilated. Retry: comply: proceeding. Attempt #4 failed. Cause: 404 Could

Offline fighter

  • Newbie
  • *
  • Posts: 14
Got A Hacked Pm
« Reply #1 on: January 23, 2010, 10:24:38 PM »
These spammers seriously need to give up already.

I hope you didn't follow that link.

A dead giveaway that this is fake is the fact this false "Forum administration" is in the usergroup "Members" on the left under the avatar, and not one of the usergroups "Site Administrator" or "Global Moderator".
 
There are people who want to be treated as idiots. I've dedicated all my life to fulfill their wish.

Offline Hooman

  • Administrator
  • Hero Member
  • *****
  • Posts: 4955
Got A Hacked Pm
« Reply #2 on: January 23, 2010, 11:00:40 PM »
Banned. Thank you.


I banned the name too, as I think it was used before.


Interesting thing to note, is that the IP of the domain name of their registration email address matched the IP they were from. That would seem to imply an account is highly suspect. (How many people run an email server for themselves off of the computer they browse from?) Now if only that piece of info could be put to use somehow.
 

Offline zhukant

  • Full Member
  • ***
  • Posts: 187
Got A Hacked Pm
« Reply #3 on: January 23, 2010, 11:15:17 PM »
No of course I didn't follow it =] This is OPU we're talking about―we have no morons here. At least of the people that communicate regularly! Actually, I didn't even notice that there was a link in the first place. I was too entranced by the sexy picture. Ha ha.
Detected rip in space-time continuum. Attempting repairs. Attempt #1 failed. Cause: unknown. Retry: comply: proceeding. Attempt #2 failed. Cause: probe annihilated. Retry: comply: proceeding. Attempt #3 failed. Cause: fleet annihilated. Retry: comply: proceeding. Attempt #4 failed. Cause: 404 Could

Offline Spikerocks101

  • Hero Member
  • *****
  • Posts: 711
Got A Hacked Pm
« Reply #4 on: January 24, 2010, 03:32:25 AM »
A sexy forum admin? I know that can't be true, for the only darn people who play this game a programmers and artists >_>
I AM YOUR PET ROCK!!!!!!

Offline zhukant

  • Full Member
  • ***
  • Posts: 187
Got A Hacked Pm
« Reply #5 on: January 24, 2010, 03:47:52 AM »
Mhm yeah that's what tipped me off first, a message from the true Lady Admin… When hell freezes over?
Detected rip in space-time continuum. Attempting repairs. Attempt #1 failed. Cause: unknown. Retry: comply: proceeding. Attempt #2 failed. Cause: probe annihilated. Retry: comply: proceeding. Attempt #3 failed. Cause: fleet annihilated. Retry: comply: proceeding. Attempt #4 failed. Cause: 404 Could

Offline Hidiot

  • Hero Member
  • *****
  • Posts: 1018
Got A Hacked Pm
« Reply #6 on: January 24, 2010, 04:02:54 AM »
I'm mostly curious as to why OPU is even targeted by such spam machines (human or non-human, though mostly non-human)?

Also, way to go spike. You just gave an example of why the (smarter) female population of the internet avoids declaring its gender. Even if it was sarcasm.
"Nothing from nowhere, I'm no one at all"

Offline Spikerocks101

  • Hero Member
  • *****
  • Posts: 711
Got A Hacked Pm
« Reply #7 on: January 24, 2010, 04:10:25 AM »
never said female, just said sexy >_>   but i dont think its just us, for about 2 months now, Civfanactics forums have had some spammers problems, and increased there sucurity.
I AM YOUR PET ROCK!!!!!!

Offline Mez

  • Hero Member
  • *****
  • Posts: 648
Got A Hacked Pm
« Reply #8 on: January 24, 2010, 08:45:06 AM »
Quote
Interesting thing to note, is that the IP of the domain name of their registration email address matched the IP they were from. That would seem to imply an account is highly suspect. (How many people run an email server for themselves off of the computer they browse from?) Now if only that piece of info could be put to use somehow.
I know a few people (not on OPU) that have run a mail server from their home IP in the past.

Multiple computers behind a single IP address using NAT.

However I guess a script that checks if the dns lookup of the email domain matches the IP they are registering from and automatically put them on moderator preview?

When is the block on PM's from the validating group going to be implemented?

As a GM I don't mind getting them but validating members shouldn't be allowed to PM anyone in the members group.

Offline Hidiot

  • Hero Member
  • *****
  • Posts: 1018
Got A Hacked Pm
« Reply #9 on: January 24, 2010, 01:58:03 PM »
Ok, apparently these PM spammers can find a way to rejoin.

I see unlottruddY and lura345 have rejoined and their PMs are back in my inbox (dated as sent on the 14th)

EDIT: I know it's not the exact same issue, but it's the same kind of issue, so I thought I'd post it here.
« Last Edit: January 24, 2010, 01:59:02 PM by Hidiot »
"Nothing from nowhere, I'm no one at all"

Offline gpgarrettboast

  • Administrator
  • Hero Member
  • *****
  • Posts: 553
Got A Hacked Pm
« Reply #10 on: January 26, 2010, 11:06:25 AM »
For this specific spammer, ban the words 'admin' 'root' etc, case-insensitive, in the username. This doesn't solve all of it (including the most recent spam..)

Disable sending of Emails on PM to prevent the entire userbase from being alerted. We need stronger anti-spam countermeasures. (ReCaptcha, hidden registration fields, StopForumSpam plugins, maybe even user moderation..)

I'm surprised a IPB1.3 forum has survived this long, but my SMF is getting hit anyway.. A forum upgrade won't solve the problem completely.

Offline CK9

  • Administrator
  • Hero Member
  • *****
  • Posts: 6226
    • http://www.outpost2.net/~ck9
Got A Hacked Pm
« Reply #11 on: January 26, 2010, 03:25:44 PM »
ROFL!  If you ever see something like that again, forward it to me so I can emotionally opliterate anyone that might be keeping track of the accounts.
CK9 in outpost
Iamck in runescape (yes, I still play...sometimes...)
srentiln in minecraft (I like legos, and I like computer games...it was only a matter of time...) and youtube...
xdarkinsidex on deviantart

yup, I have too many screen names