Author Topic: forum thread hijack exploit warning  (Read 4505 times)

0 Members and 1 Guest are viewing this topic.

Offline AdminTopic starter

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,703
  • Helpful? 173
    • Society of Robots
forum thread hijack exploit warning
« on: November 13, 2008, 08:40:55 PM »
Today I noticed two posts on the forum that was obviously spam (paris hilton porn, etc.). But it wasn't normal spam . . .

As soon as you click on the thread link, instead of opening up the post, it immediately opened up the attackers website. It loaded almost immediately, but was fortunately blocked by Firefox as a dangerous site.

So somehow a user was able to run code in the forum to cause an automatic redirect. I've already reported it to the forum developers.

If you ever see obvious spam on this forum - DO NOT CLICK ON THE THREAD.

And send me an email immediately to report it so I can delete it and ban the spammers IP.

Offline izaktj

  • Robot Overlord
  • ****
  • Posts: 216
  • Helpful? 0
Re: forum thread hijack exploit warning
« Reply #1 on: November 14, 2008, 01:32:16 AM »
2 spammers hunted already  ;D

Offline Half Shell

  • Robot Overlord
  • ****
  • Posts: 225
  • Helpful? 0
Re: forum thread hijack exploit warning
« Reply #2 on: November 14, 2008, 08:45:01 AM »
Honestly-  how do spammers make money? Like no one clicks those damned things. Even grandma "which part is the mouse" doesn't click those things anymore.

Offline Rockyboy53

  • Jr. Member
  • **
  • Posts: 16
  • Helpful? 0
  • It's called the future ... We like it here
    • RockyBoy53's Channel
Re: forum thread hijack exploit warning
« Reply #3 on: November 14, 2008, 08:56:14 AM »
I don't think they make money at all, they just have no life and nothing to do.  (Why don't they just start on robotics?)
 -Stephen Hawking

Offline AdminTopic starter

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,703
  • Helpful? 173
    • Society of Robots

Offline Half Shell

  • Robot Overlord
  • ****
  • Posts: 225
  • Helpful? 0

Offline AdminTopic starter

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,703
  • Helpful? 173
    • Society of Robots
Re: forum thread hijack exploit warning
« Reply #6 on: November 20, 2008, 08:55:40 PM »
Apparently there is a serious spam attack going on with SMF forums, and SoR is one of the victims:
http://www.simplemachines.org/community/index.php?topic=273816.0

Last night I deleted like 200 spam members, and blocked like 30 different ranges of IP addresses. Most of them from Russia and Ukraine, but also a few from Africa and Asia. Most of them used a gmail account (so much for google email being spammer free).

I'm doing my best to keep the spammers at bay, and the IP blocks are definitely helping, but there is only so much I can do.

Remember to report a spam post as soon as you see one, and I'll block their entire IP set.

Offline Webbot

  • Expert Roboticist
  • Supreme Robot
  • *****
  • Posts: 2,165
  • Helpful? 111
    • Webbot stuff
Re: forum thread hijack exploit warning
« Reply #7 on: November 20, 2008, 09:05:06 PM »
I've tried to report them over the last few days via the 'report to moderator' link. Is this the correct procedure?

Webbot Home: http://webbot.org.uk/
WebbotLib online docs: http://webbot.org.uk/WebbotLibDocs
If your in the neighbourhood: http://www.hovinghamspa.co.uk

Offline AdminTopic starter

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,703
  • Helpful? 173
    • Society of Robots
Re: forum thread hijack exploit warning
« Reply #8 on: November 20, 2008, 09:08:10 PM »
Yeap

I'm making some changes to the user registration section . . . that should keep out any bots, and users that can't do simple addition :P

Offline Webbot

  • Expert Roboticist
  • Supreme Robot
  • *****
  • Posts: 2,165
  • Helpful? 111
    • Webbot stuff
Re: forum thread hijack exploit warning
« Reply #9 on: November 20, 2008, 09:15:15 PM »
Maybe its an age thing - but I'm too old now to do ANY kind of addition  ;)
Even an ATMega8 makes me humble.
Webbot Home: http://webbot.org.uk/
WebbotLib online docs: http://webbot.org.uk/WebbotLibDocs
If your in the neighbourhood: http://www.hovinghamspa.co.uk

Offline SciTech02

  • Robot Overlord
  • ****
  • Posts: 136
  • Helpful? 3
  • Life's but a green duck with soy sauce. -MegaHAL
Re: forum thread hijack exploit warning
« Reply #10 on: November 20, 2008, 11:17:35 PM »
Yeah, the attacks have been getting worse over the past few days.  I sent a PM to Admin when I first noticed them, then I discovered the "report to moderator" button.  :-[ ::)

You know, it's kind of ironic; a website dedicated to and about robots being attacked by bots.  :P
Check out the Evolution Robotics, ER1 robot, and ERSP Resource Page: http://www.societyofrobots.com/member_tutorials/node/336

Offline AdminTopic starter

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,703
  • Helpful? 173
    • Society of Robots
Re: forum thread hijack exploit warning
« Reply #11 on: December 06, 2008, 10:26:23 AM »
I noticed a new form of spam attack on the forum today and no one apparently noticed it.

It took random sentences from a thread and recompiled it into a new post. What cued me in were the strange links in the signature so I took a more careful look.

Unfortunately there are some noobs that ramble on as much as any spam script, so I just request everyone to be vigilant and flag any posts that don't quite look right.

Offline HDL_CinC_Dragon

  • Supreme Robot
  • *****
  • Posts: 1,261
  • Helpful? 5
Re: forum thread hijack exploit warning
« Reply #12 on: December 06, 2008, 11:41:53 AM »
http://news.bbc.co.uk/1/hi/technology/7719281.stm

That depresses me.

Greatly.
Seconded :(
Im also pissed off that the HUGE bot net (75% of the WORLDS spam!!) that was using McColo is back up...
« Last Edit: December 06, 2008, 11:43:43 AM by HDL_CinC_Dragon »
United States Marine Corps
Infantry
Returns to society: 2014JAN11

Offline gamefreak

  • Supreme Robot
  • *****
  • Posts: 543
  • Helpful? 2
  • Robo-Enthusiast
Re: forum thread hijack exploit warning
« Reply #13 on: December 06, 2008, 12:15:39 PM »
Hmm, I take a short leave and when i come back everything is going down the tubes( yes the internet is tubes(fiber optics)).

There is always a trend in forums that eventually result in either A: to register you have to do a ton of simple tasks(such as addition or reading a picture) to register. or B: the forums has so many spammers that it loses any real members an slinks behind the couch to die... Worse yet is C: somebody who is bored or angry will set out on a mission of malice which has the ultimate goal of the destruction of the beloved forum.

The forums will start small almost so small that the creator considers shutting down due to the tiny amount of users, then it will grow to the range of about 100, the original members still exist and help out the noobs(noobs at this point in time usually have knowledge of the forums subject matter but are looking for a place to hang out and talk to like minded people) on a regular basis, thoughts of shutting down have been and gone as the forum shows its strength. New members continue to join and the forum grows to about 1000, noobs at this point are interested in the matter and need help, which the oldies are glad to give. Then at about 5000 the forum gets recognized by some outside source and gets advertised on the web, this is where trouble begins. Spammers begin to see a market and commence basic attacks. The trend continues to rise as more nooby noobs come and ask question which have been asked so many times that they have a page devoted to them, but of course the noobs never read the pages which annoys the oldies and slightly less nooby noobs causing the start of massive flame wars, the oldies try to keep the peace but the noobs dont want it and try to assert themselves as the all knowing. After a series of bannings one of the banned will be savvy enough or know a savvy enough person and begin attacks.

Its a cruel cycle of the net.
All hail Rodney, the holy 555 timer
And Steve said: "Let there be lead!"

 


Get Your Ad Here

data_list