Spam To Registered Email Address Options

[Guest_speedmeup_*]

Hi,

I just received some spam addressed to the email address I registered here with. I only used this particular address to register here - it's something like dvbowners@mydomain.com so I can be fairly sure the spammer got my address here.

Does the forum default to allow other members access to each others' registration email addresses? or was there some form of security compromise that allowed spammers access to email addresses?

I just changed a profile setting which seems to stop users sending me email via the web interface this is overkill but I certainly wouldn't expect my email address used for registration to be this freely disclosed by default. There's no need if mail is sent via the web forum.

BTW, the spam message was received from uocwb.0naj7y7.optonline.net (c-71-204-28-190.hsd1.ga.comcast.net [71.204.28.190]) and read as follows:

Hello.
We have found your resume on Job web site, and would like to offer you vacancy in our company.
If you interests, more detailed information you can receive on ours web
site: http://www.****.us/ ( please send us email for more information )
vacancyMiller@HotPOP.com
We look forward to your reply.
Thank you.
Best regards,
Miller & Morgans inc.

[btmi]

I got the same message....

[Guest_speedmeup_*]

I got the same message....

Interesting... And it looks like you've got email disabled already (unless you just changed it) which would point towards a database compromise.

I got two of these emails this morning and one so far this afternoon.

[null_pointer]

yep, me to, got a few of these today

[stevedee3]

Interesting... And it looks like you've got email disabled already (unless you just changed it) which would point towards a database compromise.

I have email disabled and didn't get this spam

[DrP]

The problem is happening with multiple forums, seems like the spammers have added more forums as new address list sources. I've also received email to the address that I used on this forum but email is turned off, which suggests a hack has been used to harvest the addresses.

More concerning is that I've had spam delivered to addresses specifically generated to register for purchases at web based shops. Fortunately none of them have ever blinked sideways at my credit card numbers, but personal address info - now that's a worry.

This post has been edited by DrP: Jul 21 2006, 08:13 AM

[Rob S]

We apologise for any inconvenience it may cause.

We're looking into this.

I know how much spam hurts and would never do anything that could give your emails away. I hate it as much as the next person.

Bare with us, hopefully any issues that allow this will be fixed shortly.

[Guest_sobriquet_*]

I'll add myself to the list of users receiving spam at my DVBOwners address (something like dvbowners@mydomain.com). As far as I can remember, I've ALWAYS hidden my email address from users of the forum.

I hope you guys figure this out soon... I'm probably going to have to block email sent to the address I have registered here now, but I don't want to change my email till we know it won't happen again!

I'm happy to provide any details that might help with your investigation.

[Guest_Holli_*]

Hi,

I just received some spam addressed to the email address I registered here with. I only used this particular address to register here - it's something like dvbowners@mydomain.com so I can be fairly sure the spammer got my address here.

Does the forum default to allow other members access to each others' registration email addresses? or was there some form of security compromise that allowed spammers access to email addresses?

I just changed a profile setting which seems to stop users sending me email via the web interface this is overkill but I certainly wouldn't expect my email address used for registration to be this freely disclosed by default. There's no need if mail is sent via the web forum.

BTW, the spam message was received from uocwb.0naj7y7.optonline.net (c-71-204-28-190.hsd1.ga.comcast.net [71.204.28.190]) and read as follows:

Hello.
We have found your resume on Job web site, and would like to offer you vacancy in our company.
If you interests, more detailed information you can receive on ours web
site: http://www.****.us/ ( please send us email for more information )
vacancyMiller@HotPOP.com
We look forward to your reply.
Thank you.
Best regards,
Miller & Morgans inc.

I have the same problem arose(

[Guest_sobriquet_*]

Good to see this issue is being taken seriously, and the forum admins are so involved in this topic
</sarcasm>

[Calvi]

To be fair I think that Null is doing most of the forum administering these days.

Its a thankless task.

I would suggest making it really hard to register as a new user - a bit like the Meedios forum for eg. Most people who want to register here won't mind jumping through a few hoops. There are a lot of BOT posts appearing on the forum these days.

I even suspect Holli above of being a BOT. Its like living in bladerunner.

[null_pointer]

There are a lot of BOT posts appearing on the forum these days.

I am trying to keep on top of this, it is hard to know real people form bots these days, the bots are getting good.

I would suggest making it really hard to register as a new user - a bit like the Meedios forum for eg. Most people who want to register here won't mind jumping through a few hoops.

I am not able to do this, I admin a few forums I dont have access or control over the system itself.

[Calvi]

I am trying to keep on top of this, it is hard to know real people form bots these days, the bots are getting good.


I am not able to do this, I admin a few forums I dont have access or control over the system itself.

They sure are!

Are you able to contact Rob S? Maybe we need some more forum admins?

[Guest_sobriquet_*]

Hey null,

My post wasn't directed at you personally - hope you didn't take offense.

Just that obviously email addresses have been "leaking" from this site for a while - not sure if it's related to bots joining or something else, but it's obviously an issue. I didn't realise how light-on for admins this place was, though!

Sobriquet.

[Rob S]

We are running the latest version of Invision. Not sure how it's happening but it's perplexing. As is the bots registering. I have NFI how they manage to work things out, and IPB doesn't offer any harsher options apart from manual registration approval. We've been looking into it, but as mentioned, can't work out how they manage to continually get around things.

[Calvi]

Heres some discussion on the Meedio forum.

I'm with the administrator there, I think this forum should be difficult to join as there will be a lot more bots and legit users will put in some effort to join if they want to.

Also I understand the bots are getting harder and harder to stop.

[Guest_sobriquet_*]

We are running the latest version of Invision.

Always good to know! Could these email leeks have occurred sometime between patches? Perhaps some 3rd party add-ons to the board which have some security flaws? I'm not meaning to tell you how to run the board - I'm sure you're on top of it, but just some ideas....

[null_pointer]

While I am deleting bot posts on a daily basis I can not ban bot accounts or mass delete bots posts, I do them one by one. I am not sure if this is due to my access level or the system just does not have the functionality to nuke a user and all its posts in one action.

This is becoming a bigger issue and I think needs looking at. Making it harder to register might be a good approach, how you achieve this I am not sure. Does anyone have any suggestions?

[renura]

Don't let anyone post until they have been registered for a few days. That might stop some of them and might also encourage some user to read more before posting.

[Calvi]

Also as above the Meedios forums ask a number of questions before allowing signup.

It seems the captcha is not good enough to stop the bots anymore.