KyDan Posted April 8, 2009 Report Posted April 8, 2009 Igor,Many users obtain their IP addresses from their ISPs on a daily basis. So, the IP address blocked today might belong to someone quite innocent tomorrow.Best regards,XaverYes, what Xaver says is true. You may be blocking an innocent person tomorrow butwhat will it hurt??If someone from a blocked IP want's in Igor can un-block their IP at that time.Thanks for the fast action and my complements on the GREAT job you do here.This is after all the 1st spam message I've ever received from this site and that is aremarkable accomplishment!!!Have a great day!!KyDanLouisville, Kentucky USA Quote
Albert Posted April 8, 2009 Report Posted April 8, 2009 I'm sorry about this problem!I just deleted this spam member account and blocked his IP address.You did the only right thing.Moving the mousepointer over "PLEASE HELP" gives the information that it tries to connect me to an Russian site.The only thing I do with such messages is delete.Until today (knock on wood!) my computer has never been infected by whatever there is (it is online 24/7).I'm using Zonealarm Free and AVG Free (stripped). And PTE of course....!Albert. Quote
lathompson Posted April 8, 2009 Report Posted April 8, 2009 I got mail from this *person* too, but with a twist..... It came through my regular email, not through the forum and it invited me to a site called [ nch.invisionzone.com/index.php?act=xxxxxxxx=xxxxxxx=xxxxxx (my x's) ]I did not click on it. I eliminated the mail as junk, then opened a new browser and visited the invisionzone.com site. It was a webpage for a what appeared to be a web hosting company. The [ nch ] portion of the link must go someplace else. I didn't go any further. I have no messages through this forum. Quote
Ed Overstreet Posted April 8, 2009 Report Posted April 8, 2009 This morning I received a personal message from the Forum. When I opened the message, it contained only the words "please help" which turned into a hand icon when I moused over it. The sender was identified as "deleted member." I did NOT click on the link.I immediately deleted the message from my inbox. I don't know if anyone else has received such messages, but I am very suspicious.I never open emails unless the sender is clearly identified and there is a subject header that makes sense and seems relevant, and I never click on any link in any email unless I personally know or trust the sender or had previously corresponded with the sender and had asked for a link.If that message actually was from a legitimate member of this forum who actually wanted my help on something (why me?) try again but identify yourself and what you want help on in plain text, with no links in the message. Better yet, post a query so others on this forum (who may be better-qualified than me to help you) can see the query and reply to it.Somehow I don't expect I'll get a reply to this.Just thought I'd post a warning in case others get a similar "private message" Quote
Ed Overstreet Posted April 8, 2009 Report Posted April 8, 2009 Oops sorry I posted this before checking other posts on the forum, where I noticed that a whole bunch of us have been getting this. Sorry for the duplication ... Quote
Guest Yachtsman1 Posted April 8, 2009 Report Posted April 8, 2009 I did the same, unfortunately the wife was looking at the computer when I opened the message, my new user name is now FASTMOUTH.Yachtsman1 Quote
Rickl Posted April 8, 2009 Report Posted April 8, 2009 The person must of got the entire member list!Hope the link was indeed directed to the forum somewhere:http://www.picturestoexe.com/forums/index.php?act=Msg&CODE=03&VID=in&MSID=15757The message appeared in my email also. Took a look at the source:Return-path: <igor1@wn.kirov.ru>Received: from wnpgmb013fw-sp01.mts.net ([10.205.128.19]) by mx-01mtain01.mts.net with ESMTP id <20090408074212.DYWW9694.mx-01mtain01.mts.net@wnpgmb013fw-sp01.mts.net> for <'my username'@mts.net>; Wed, 8 Apr 2009 02:42:13 -0500X-SCORE: 1.0 208.67.212.38 148441322X-IronPort-Anti-Spam-Filtered: trueX-IronPort-Anti-Spam-Result: AlsFADDy20nQQ9Qmbmdsb2JhbACWHg0HBAkIEbZfg3sGX-IronPort-AV: E=Sophos;i="4.39,343,1235973600"; d="scan'208";a="148441322"Received: from ips-208-67-212-38.ipslink.com (HELO server45.ipslink.com) ([208.67.212.38]) by wnpgmb013fw-sp01.mts.net with ESMTP; 08 Apr 2009 02:42:12 -0500Received: from nobody by server45.ipslink.com with local (Exim 4.69) (envelope-from <igor1@wn.kirov.ru>) id 1LrSQR-0002L1-2V for 'my username'@mts.net; Wed, 08 Apr 2009 03:42:23 -0400To: 'my username'@mts.netSubject: You have a new personal message ( WnSoft Forums )MIME-Version: 1.0Date: Wed, 08 Apr 2009 02:42:23 -0500From: "WnSoft Forums" <int.support@wnsoft.com>X-Priority: 3X-Mailer: IPB PHP MailerContent-Type: text/plain; charset="iso-8859-1"Message-ID: <E1LrSQR-0002L1-2V@server45.ipslink.com>X-AntiAbuse: This header was added to track abuse, please include it with any abuse reportX-AntiAbuse: Primary Hostname - server45.ipslink.comX-AntiAbuse: Original Domain - mts.netX-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]X-AntiAbuse: Sender Address Domain - wn.kirov.ruX-AntiVirus: checked (incoming) by AntiVir MailGuard (Version: 9.0.0.6; AVE: 8.2.0.138; VDF: 7.1.3.32)R. Le Bleu,mignulikz has sent you a new personal message titled "Hello".You can read this personal message by following the link below:http://www.picturestoexe.com/forums/index....&MSID=15757Regards,The WnSoft Forums team.http://www.picturestoexe.com/forums/index.phpDarned hackers...Dick Quote
dahol Posted April 8, 2009 Report Posted April 8, 2009 I also got the message, didn't open it thankfully. Time to block him. Quote
Conflow Posted April 8, 2009 Report Posted April 8, 2009 Hi All,For those of you who opened the 'Attachment' you have now most likely become infected with a 'Backdoor-Robot' whose action from time to time will re-direct your Search-page toan 'illegal' Re-Director Site which will be part of a hub of similar infected PC's.If this happen's to you ~ you need to download 2 Programs which will find this 'Robot' andshould remove it from your System. (A) CoolWebShredder ~ ( KOwBot Remover Tool.Link (A):-http://www.brothersoft.com/coolwebshredder-74069.htmlLink (:-http://www.bitdefender.com/VIRUS-1000001-e....A---1.3.B.html(The latter Program is courtesy of Bit Defender.Com.)These should help you if you experience any 'Robot Re-Director' problem.Brian.Conflow. Quote
onbelaydave Posted April 9, 2009 Report Posted April 9, 2009 I got the same message here and from another forum from the same sender. Quote
Igor Posted April 9, 2009 Report Posted April 9, 2009 I just received a newsletter from Invision Forum developers. And I've requested them to install this patch today. Here is a part from that email:PM Flood Control Patch for Invision Power Board 2.3.6 ReleasedWe have received numerous reports from clients regarding spamming on the Personal Message (PM) system in IP.Board 2.3.6 and below. After consulting with reCaptcha (the provider of the captcha system in 2.3.6) we believe that humans are being used to bypass the captcha and then the newly created account is given to an automated script which sends PMs in huge quantities to your members.The patch we have released today introduces a flood control setting to the PM system in IP.Board 2.3.6. This will limit how fast a member can send PMs thereby giving you and your moderators time to ban the offending account. Quote
Conflow Posted April 9, 2009 Report Posted April 9, 2009 Igor,Thanks for the message ~ that confirms what I suspected, it definitely is a 'Backdoor-Robot'being spread by unsuspecting PC Owners who are 'innocent' not knowing about these things.Unfortunately these 'robots' are rarely detected by Anti-Virus Utilities for the reason that theyare always mutating, so it takes time for A-V Utilities to catch up with them. However oncedetected they are fairly easy to remove with the correct Tool followed up with a IE Browsercleanup. (For those interested see below.)Brian.ConflowCleanup Tool:-Apart from cleaning out Kazzaz it also cleans out other 'Robots'.When the page opens up select 'Free Removal Tools' and then 'Backdoor KOwbot'.http://www.bitdefender.com/VIRUS-1000001-e....A---1.3.B.html Quote
Igor Posted April 9, 2009 Report Posted April 9, 2009 Invision support has informed me that this security patch is successfully installed for forum. Quote
deskjet1uk Posted April 9, 2009 Report Posted April 9, 2009 Invision support has informed me that this security patch is successfully installed for forum.Thank you Igor, we appreciate the attention given.Ralph. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.