Got A Hacked Pm

[zhukant]

http://img121.imageshack.us/img121/215/opuhackedpm.png

Dunno if it's a trend or anything but there it is. I won't delete it yet I guess

[fighter]

These spammers seriously need to give up already.

I hope you didn't follow that link.

A dead giveaway that this is fake is the fact this false "Forum administration" is in the usergroup "Members" on the left under the avatar, and not one of the usergroups "Site Administrator" or "Global Moderator".
 

[Hooman]

Banned. Thank you.


I banned the name too, as I think it was used before.


Interesting thing to note, is that the IP of the domain name of their registration email address matched the IP they were from. That would seem to imply an account is highly suspect. (How many people run an email server for themselves off of the computer they browse from?) Now if only that piece of info could be put to use somehow.
 

[zhukant]

No of course I didn't follow it =] This is OPU we're talking about―we have no morons here. At least of the people that communicate regularly! Actually, I didn't even notice that there was a link in the first place. I was too entranced by the sexy picture. Ha ha.

[Spikerocks101]

A sexy forum admin? I know that can't be true, for the only darn people who play this game a programmers and artists >_>

[zhukant]

Mhm yeah that's what tipped me off first, a message from the true Lady Admin… When hell freezes over?

[Hidiot]

I'm mostly curious as to why OPU is even targeted by such spam machines (human or non-human, though mostly non-human)?

Also, way to go spike. You just gave an example of why the (smarter) female population of the internet avoids declaring its gender. Even if it was sarcasm.

[Spikerocks101]

never said female, just said sexy >_>   but i dont think its just us, for about 2 months now, Civfanactics forums have had some spammers problems, and increased there sucurity.

[Mez]

Interesting thing to note, is that the IP of the domain name of their registration email address matched the IP they were from. That would seem to imply an account is highly suspect. (How many people run an email server for themselves off of the computer they browse from?) Now if only that piece of info could be put to use somehow.

I know a few people (not on OPU) that have run a mail server from their home IP in the past.

Multiple computers behind a single IP address using NAT.

However I guess a script that checks if the dns lookup of the email domain matches the IP they are registering from and automatically put them on moderator preview?

When is the block on PM's from the validating group going to be implemented?

As a GM I don't mind getting them but validating members shouldn't be allowed to PM anyone in the members group.

[Hidiot]

Ok, apparently these PM spammers can find a way to rejoin.

I see unlottruddY and lura345 have rejoined and their PMs are back in my inbox (dated as sent on the 14th)

EDIT: I know it's not the exact same issue, but it's the same kind of issue, so I thought I'd post it here.

[gpgarrettboast]

For this specific spammer, ban the words 'admin' 'root' etc, case-insensitive, in the username. This doesn't solve all of it (including the most recent spam..)

Disable sending of Emails on PM to prevent the entire userbase from being alerted. We need stronger anti-spam countermeasures. (ReCaptcha, hidden registration fields, StopForumSpam plugins, maybe even user moderation..)

I'm surprised a IPB1.3 forum has survived this long, but my SMF is getting hit anyway.. A forum upgrade won't solve the problem completely.

[CK9]

ROFL!  If you ever see something like that again, forward it to me so I can emotionally opliterate anyone that might be keeping track of the accounts.