L3DT users' community
Large 3D terrain generator

Private message abuse [now solved?]

Important stuff.

Private message abuse [now solved?]

Postby Aaron » Sun Feb 07, 2010 9:18 pm

Dear All,

If you have received a forum private message sent from a user named 'ForumTeam', please delete it before reading. In these private messages, which purported to be from the forum administration (i.e. me), 'ForumTeam' included a link to malware that could be harmful to your computer. This account has now been deleted, but PMs may still be in some users inbox. There should be no more than 25 such PM's due to the forum sentbox limit.

Please be wary of any links in unsolicited private messages, and delete them if in doubt.

Best regards,
Aaron.

Update: Recent changes to the forum software have now largely eliminated this risk (see replies for explanation). Of course, users should still exercise due care when receiving unsolicited private messages.
Last edited by Aaron on Sun Mar 21, 2010 1:39 am, edited 3 times in total.
User avatar
Aaron
Site Admin
 
Posts: 3691
Joined: Sun Nov 20, 2005 2:41 pm
Location: Melbourne, Australia

Unsolicited private messages,

Postby rickeyaskew » Thu Feb 11, 2010 4:13 am

I just received one from "ModeratorTeam".
rickeyaskew
Newbie
 
Posts: 1
Joined: Fri Dec 26, 2008 8:03 pm

Postby Sigurd » Thu Feb 11, 2010 5:01 am

Likewise, thanks for the clear forum post.


Sigurd
Sigurd
New member
 
Posts: 3
Joined: Sat Apr 26, 2008 8:01 pm

Postby Stefan » Thu Feb 11, 2010 8:57 am

I just received one from "ModeratorTeam" too. I opened it directly from e-mail notification, but recognize that this is may be malware and not opened the link.
Stefan
New member
 
Posts: 3
Joined: Thu Apr 10, 2008 7:15 pm

Postby Aaron » Thu Feb 11, 2010 10:28 am

Hi All,

Thanks for the alert regarding 'ModeratorTeam'. I've deleted this account too, and added more entries to the name ban list so as to prevent spammers from easily masquerading as forum moderators or administrators. I've also reduced the number of unread messages a user can have in their sentbox, which will limit the rate at which these messages can be sent.

Best regards,
Aaron.
User avatar
Aaron
Site Admin
 
Posts: 3691
Joined: Sun Nov 20, 2005 2:41 pm
Location: Melbourne, Australia

Postby demi » Sun Feb 14, 2010 3:38 pm

Other forums are having these problems as more people are trying to spam. MV finally had to disable PM. I don't open anything in PM that says admin as admin has my email. :)

D
demi
Oracle
 
Posts: 227
Joined: Thu Nov 24, 2005 4:56 am

Postby metalliandy » Sun Feb 14, 2010 3:43 pm

Couldn't a system be set up where the first 5 posts need to be moderated before allowing a user to have the PM ability?
I think that would sort out the problem pretty fast :)
metalliandy
Doyen
 
Posts: 103
Joined: Tue Mar 20, 2007 11:28 am

Postby Aaron » Sun Feb 14, 2010 9:17 pm

Hi Metalliandy,

This version of the forum software doesn't have the capacity to limit PMs depending on the number of forum posts. I'll have a look at updating to the latest build later this week.

Cheerio,
Aaron.
User avatar
Aaron
Site Admin
 
Posts: 3691
Joined: Sun Nov 20, 2005 2:41 pm
Location: Melbourne, Australia

Postby David Walters » Fri Mar 05, 2010 12:00 pm

Luckily MichaelUllman manager of the 'StopSpam organization' has signed up to PM me about how to stop the spam coming from my computer :wink:
David Walters
Doyen
 
Posts: 128
Joined: Fri Apr 24, 2009 1:10 pm

Postby DeadElvis » Fri Mar 05, 2010 2:06 pm

David Walters wrote:Luckily MichaelUllman manager of the 'StopSpam organization' has signed up to PM me about how to stop the spam coming from my computer :wink:


I just received a PM from this person as well threatening to report me as a spammer to my ISP if I don't visit his site. It claimed to be from the forum administrator here also. Jeez.
DeadElvis
Newbie
 
Posts: 1
Joined: Thu Jan 31, 2008 9:35 pm
Location: Memphis, TN

Postby zumwalt » Fri Mar 05, 2010 7:07 pm

I got the same message from the same user, said my account on here will be deleted. I had responded back to him asking what he was talking about, has this forum admin in his signature, this is either one bored person or one sophisticated web bot
zumwalt
New member
 
Posts: 4
Joined: Thu Mar 12, 2009 5:19 pm

Postby Aaron » Sun Mar 07, 2010 4:09 am

Hi Guys,

I apologise again for this inconvenience, and thank you for the notification. I am now attempting to modify the forum software to prevent new users with no public posts from sending private messages. Since I'm not particularly skilled in the ways of PHP and SQL, this may take a few days, and may result in a few service outages as far as PMs go. I'll post back here when the fix is in.

Best regards,
Aaron.
User avatar
Aaron
Site Admin
 
Posts: 3691
Joined: Sun Nov 20, 2005 2:41 pm
Location: Melbourne, Australia

Postby Aaron » Sun Mar 07, 2010 4:58 am

[Wow, that was surprisingly easy.]

Users must now make at least one forum post before they can send private messages or e-mails via the board. These changes should stop most of the automatic spambots from sending PMs, as none so far have bothered to post a message first.

Please let me know if any spam problems persist.

Cheerio,
Aaron.
User avatar
Aaron
Site Admin
 
Posts: 3691
Joined: Sun Nov 20, 2005 2:41 pm
Location: Melbourne, Australia

Postby Spikelife » Sun Mar 07, 2010 3:26 pm

Just FYI if your problem continues: I maintain a large forum for our Everquest Guild. phpBB3 has some inherant protections against these vicious attacks; and the upgrade to phpbb3 (from 2) is really simple.

But also in phpBB2 and phpBB3 there is a "forum pw" type foil for bots registering. It's on their forums. If the bots cannot register, it stops about 98% of their malicious stuff right there.

I use your software for my hobby which is MMO type game programming with Unity3D. It's really quite an elegant piece of software, and sometime I'll post some pics from my world. I hope your solution works and thanks for taking the time to fix it for us.
Spikelife
Member
 
Posts: 15
Joined: Tue Mar 24, 2009 2:09 pm
Location: West Central Texas

Postby Aaron » Sun Mar 21, 2010 1:36 am

Hi All,

It seems that the problem of spam PMs has now receded due to the recent changes to the forum. Since spammers now must post publicly before they may do so privately, their accounts are being promptly deleted following their public post, and their PMs are deleted with them.

Please note however that there is still a transient risk posed by these PMs, as account deletion is not automatic or instantaneous. Hence, should you receive an unsolicited private message, please check the sender's recent forum posts (from their profile page) before opening the message or following any links contained therein. Spammy or vague forum posts (i.e. "please help with photoshop") indicate the user is not genuine, and their PMs should be deleted.

Best regards,
Aaron.
User avatar
Aaron
Site Admin
 
Posts: 3691
Joined: Sun Nov 20, 2005 2:41 pm
Location: Melbourne, Australia


Return to Announcements

Who is online

Users browsing this forum: No registered users and 1 guest