Igor Posted October 2, 2008 Report Posted October 2, 2008 We'll update the forum today. Invision Power Board has issued the security update.It will solve a problem with appearing of spam messages. Quote
Conflow Posted October 2, 2008 Report Posted October 2, 2008 Many Thanks Igor,I had noticed an increase in the 'Spam' count from these Keyloggers. Someday the 'Invision Board'might install a 'Spam-Bouncer' on our Forum and that would put many of these people out of Business.Brian.Conflow. Quote
Igor Posted October 2, 2008 Author Report Posted October 2, 2008 I temporarily had to disable automatical validation of new users on the forum and manually approve new accounts, because spam-bots try to create 30-50 accounts every several hours to post spam on the forum. I spent much time today deleting a hundred of created spammer-accounts. Many thanks to our moderators who quickly deleted spam messages.Same problem happened with many Invision based forums: spammers found a way to how avoid captcha password verification during registration and automatically create thousands accounts for spam messages. I'm waiting for complete solution. Invision promissed to issue an improved security update v2.3.6 today later.Sorry for this problem. Quote
Conflow Posted October 2, 2008 Report Posted October 2, 2008 Hi Igor,I have seen this type of thing before ~ its most likely an 'Automatic-Key Logger' locked on to the Forum IPS Number.This is very simple thing to do,viz:-Did you know that any 'GUEST' can look at a 'Members Profile' without logging on to the Forum...The Guest simply place's his cursor over the Members 'User Name' and clicks it... there is the Members entire profile !Did you know that a GUEST can start to send an EMail to any Member without Logging on...he selects 'Send Mail'within the Members Profile by using any Members 'user name' then using the 'Forgotten Password' utility which asksfor an Mail Address ~ thats easy to find or create particularily if an 'Auto-Key Logger' is active, need I say more....Now he has a 'User Name' and has 2 IPS Address's:- (a) The Forums IPS and ( The Members IPS and © User Namenow the 'Auto-Key Logger' has all the data it needs to send Spam to all it's recorded IPS Numbers.This problem does not surprise me at all ~ it happens on other Invision Board Forums~ and why they have NOT closedthat loop-hole is unbelievable.You need to have words with them,Brian.Conflow. Quote
Igor Posted October 2, 2008 Author Report Posted October 2, 2008 Brian,I just disabled ability to view member's profiles for guests. Only for registered users. Quote
Conflow Posted October 2, 2008 Report Posted October 2, 2008 Igor,Thats good news ~ the only other thing you need to worrry about now are 'Auto-Key Loggers' andthey are easy to defeat, but you need the help of the 'Invision Board' people to create a proxy Serverwhich 'encrypts' genuine Passwords against a known Members Password List (supplied by WnSoft) tothe Invision Board people ~ that puts those 'Auto-Key Logger' crooks out of Business.It's just a suggestion worth trying out...and it makes your life a lot easier.I hope it all works out well for you, best of luck.Brian.Conflow. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.