PM Spam [Fixed]

#1 iBotPeaches

General Grade 6

Owner
6,570 posts
Joined: 29-July 07

Gender:Male
Location:Kansas

Posted 08 April 2009 - 03:48 PM

There is an active script that allows a registered user to mass PM spam every user on the board, as many as times as one wishes because no PM spam stopper was ever created. 1,000 sites have been hit, and IPB has postponed IPB 3, and are making a patch as we speak. (Later tonight or tomorrow morning is planned release)

If anyone receives a PM from
muzrinkl
musbase

or something along those lines. Find a way to contact me, I need to ban them fast. If it gets out of hand, I will have no choice, but to take down the forum till the exploit is fixed. Don't anyone say, "Dude you just told everyone of the exploit"

No I didn't. You can't hack from it, only SPAM and its already #1 on a few hacking sites. I might install a quick mod to put a CAPTCHA on the PM's or just temp. remove the Messenger. The account has to be made by a human (which is hasn't) which then is hooked into the bot.

Thanks for understanding.

As of 5:40pm Central Time. IPS has released a patch and I have updated. All is good.

Edited by iBotPeaches, 08 April 2009 - 04:42 PM.
Mass PM fixed, thanks IPS

#2 Dark Slipstream

Blue Shadowz Owner

Members+
2,829 posts
Joined: 19-April 08

Gender:Male
Location:Canada, ON

Posted 08 April 2009 - 03:55 PM

:/, i'll look for captcha for PM's.

#3 iKhaosmaster

Yawn

Members+
1,346 posts
Joined: 29-April 08

Gender:Male

Posted 08 April 2009 - 04:32 PM

:/, i'll look for captcha for PM's.

Why look and not make one? It's so easy to make.

#4 iBotPeaches

General Grade 6

Owner
6,570 posts
Joined: 29-July 07

Gender:Male
Location:Kansas

Posted 08 April 2009 - 04:38 PM

Easy? Man, good at PHP then.

-Skin a CAPTCHA into a messenger.
-Make it only there for "select usergroups"
-Have the CAPTCHA line up with a form box

Takes awhile.

Either way, IPS made a patch in under 6 hours. Great work, and were free from this exploit.

#5 iKhaosmaster

Yawn

Members+
1,346 posts
Joined: 29-April 08

Gender:Male

Posted 08 April 2009 - 04:50 PM

Easy? Man, good at PHP then.

-Skin a CAPTCHA into a messenger.
-Make it only there for "select usergroups"
-Have the CAPTCHA line up with a form box

Takes awhile.

Either way, IPS made a patch in under 6 hours. Great work, and were free from this exploit.

I can make a basic one. lol

#6 Quinn

Colonel Grade 3

Global Mods
2,323 posts
Joined: 29-August 07

Gender:Male
Location:Canada

Posted 08 April 2009 - 07:59 PM

Wow, they made patch before I even knew about it lol

#7 iBotPeaches

General Grade 6

Owner
6,570 posts
Joined: 29-July 07

Gender:Male
Location:Kansas

Posted 08 April 2009 - 08:16 PM

The first report came yesterday, and was claimed as poor security on that clients side. Then like 12 hours ago, 100 people reported it. Then it was classified as bug, took em about 5 hours to make, update and make a post with the patch. In all, excellent time.