PM from user Elena with title "Hey there"

Tek7

Tek7

CGA President, Tribe of Judah Founder & President
Staff member
A forum user going by the name Elena recently sent out a mass PM to all forum members with the title "Hey there." The PM contained a brief story asking users to click a link and read a story online.

Please disregard the PM as the link contained therein is spam (and, from what I've heard from other users, not that interesting, either).

The user has since been banned and CGA staff members are reviewing the incident to figure out how the user sent a mass PM to all users and to prevent similar abuse of the forums PM system in the future.
 
Tek7 said:
A forum user going by the name Elena recently sent out a mass PM to all forum members with the title "Hey there." The PM contained a brief story asking users to click a link and read a story online.

Please disregard the PM as the link contained therein is spam (and, from what I've heard from other users, not that interesting, either).

The user has since been banned and CGA staff members are reviewing the incident to figure out how the user sent a mass PM to all users and to prevent similar abuse of the forums PM system in the future.
Click to expand...

is there a way to do mass pm's for CGA purposes ? IE - Prayer day :D
 
http://cgalliance.org/forums/memberlist.php <- yuki

With a little work you can write a mass spammer from that page, I could make a user id grabber in a few minutes.

sendmessage.php?do=mailmember&amp;u=1946 =~ m/(u=.d+)/;
$1 =~ m/(d+)/;

that grabs the user id, all it would have to do is loop through the grabbed source, the post it to the form via CURL or other available library.

With enough time you can defeat pretty much any system, it is likely they had software designed to spam vbullitin and we got hit with it.
 
Last edited:
Hmmm just a thought Vibro Katana, but, you were asking for something to do a while back and obviously know something code-y maybe you could give security tips or perhaps implement some spammer defensive measure for the forums? Maybe a 5~ post minimum before you are allowed to send PMs or something that would detect large amounts of identical PMs sent at the same time and block them. I don't know I'm just pondering. I certainly don't think we are awash in spam anyway... well at least the non-member type spam hehe =p

kraniac said:
Side note: is it just me, or is the "email" button HUGE on the page VK linked?
Click to expand...
It is quite large on my computer as well.
 
How to prevent:
- If there is an option to limit the number of users per PM set it to 5-10 max, it is easy to write a script to dump a list of usernames in semi-colon delimited format that the form uses. I can write up an example if anyone desires.
- Limit the PMs to one per 20 seconds + between. It is likely that they just generated a dump of usernames and cut and pasted the names into the field.
 
Atown said:
is there a way to do mass pm's for CGA purposes ? IE - Prayer day :D
Click to expand...
There is.

Send me a reminder around Nov. 15 (a week before the date) with a quick blurb on the event and I'll polish it and send it out to all forum users.
 
vibrokatana said:
How to prevent:
- If there is an option to limit the number of users per PM set it to 5-10 max, it is easy to write a script to dump a list of usernames in semi-colon delimited format that the form uses. I can write up an example if anyone desires.
- Limit the PMs to one per 20 seconds + between. It is likely that they just generated a dump of usernames and cut and pasted the names into the field.
Click to expand...

Since you know so much about that, couldn't you be ToJ's Code Programmer or Security Advisor?
 
I couldn't get past the first chapter. No, it wasn't interesting. Yes, it was a little awkward. I actually tried to reply to offer some helpful criticism, but it wouldn't work.
 
I read but no critique yet. I felt two entities one poetic the other analytic which hurts the story BADly
 
You must log in or register to reply here.
Back
Top