Jump to content

Well, VERY disappointed in the community here.


JSMR
 Share

Recommended Posts

Hopefully the scammers/spammers will eventually get bored and move on.

 

This is totally unacceptable unless you don't know how to secure a forum. I run two forums and a WordPress website. In the over five years I've had them online I've only had to report maybe three in total spammers to the Stop Forum Spam website for which I have an account. And at that, the permissions are set that new posters can't send PMs and their first post is held in moderation queue unless I approve it. So if they get passed the layers of security I have, their very post will never see the light of day.

 

Now on top of this, a forum allows you to see IPs and email addresses. I have an extension that bans damn near all reusable email addresses via an update mechanism from a GitHub repository of these email providers. IPs can be banned in CloudFlare and you'll never get past my CloudFlare implementation. I know all the tricks.

 

Now with just this said, the IPs, CIDRs or ASN/s used by these spammers could be blocked in CloudFlare that this site uses. Providing the aforementioned isn't from an ISP. This is what needs to be done if you have repeat offenders where their account was already banned. You attack at the IP level. And as mentioned, all first time posters should be held in moderation queue if that's not what happens now and the PM permission needs to be revoked to first time posters or set to a certain post count in order to PM. All of this should be withen the realm of possibility with this current version of vBulletin.

 

Addendum. I did a quick search and and it looks like this website's origin IP isn't hidden like it should be. Looks to be using OVH and is vulnerable to the Poodle Attack. On top of that, it looks like one of this site's IPs has a huge list of CVEs according to Shodan.

 

This can all be fixed.

Edited by CRJ_simpilot
Link to comment
Share on other sites

They just hit over at the "other" site. Interesting, just like here a new member's first few posts are moderated but it seems that the PM system is not moderated. Stand by for a total crap attack!

Still thinking about a new flightsim only computer!  ✈️

Link to comment
Share on other sites

https://www.flightsim.com/vbfs/showthread.php?324117-To-everyone-Please-Read!

 

I er....didnt get any of these PM's of 'sexual nature'.

I'm not good looking enough?

Not worthy?

Too old?

 

"I'm with it. I'm hip. TukaTukaTukaTukaTuka...."

 

Hmm... Is this about hot planes and beautiful airport scenery that they must have? LOL

Started: Flight Simulator 98 (Year 1999)

Private Pilot Certificate ASEL: August 7th 2014

Link to comment
Share on other sites

They just hit over at the "other" site. Interesting, just like here a new member's first few posts are moderated but it seems that the PM system is not moderated. Stand by for a total crap attack!

 

PMs can be or can't be moderated depending on the forum settings. And the P in PM is not what it seems. They can be read by an Admin or Mod if the forum has a add-on, script or extension installed to allow an Admin or Mod to view them. What really needs to happen is that a new user should NOT have PM privileges until they have gained a certain amount of forum reputation by the number of posts.

 

Like I said, this should be taken care of at the IP level if at all possible. Even if it's a legit ISP IP, a temp block would be sufficient. If it's a cloud or hoster IP, that can be blocked on a permanent basis.

Link to comment
Share on other sites

Whack-a-mole blocking seldom works for long on the Internet, as we know all too well.

 

I'm sorry, but unless you run your own websites and know how to secure them like I do, then that statement means nothing.

 

It can be whack-a-mole. But if you attack it from the ASN level it really isn't. I have 78 pages of CloudFlare rules for blocking numerous ASNs from cloud/hosting providers and when that doesn't work they hit a security script I run that fills in the gap. This security script also using the AbuseIPDB API and Stop Forum Spam API. If your IP is listed at these two sources you shall not pass. LOL!

 

I'd have to see the IPs being used here to make a more definitive answer. In my case, if the source of shenanigans do come from legit ISPs then I will just block the used individual IPs for at least a year. If necessary I'll block or captcha the whole ASN/s. Bottom line it's more of a permission settings thing withen the forum software its self. Like I said, PM privileges should be limited to those with at least 10 posts or more and those first 10 posts should be held in moderation queue.

Link to comment
Share on other sites

I got one but I sent it back. The picture she included just didn't appeal to me.
Intel 10700K @ 5.0 Ghz, Asus Maxumus XII Hero MB, Noctua NH-U12A Cooler, Corsair Vengence Pro 32GB 3200Mhz, Geforce RTX 2060 Super GPU, Cooler Master HAF 932 Tower, Thermaltake 1000W Toughpower PSU, Windows 10 Professional 64-Bit, and other good stuff.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...