iBotPeaches Posted April 8, 2009 Report Posted April 8, 2009 (edited) There is an active script that allows a registered user to mass PM spam every user on the board, as many as times as one wishes because no PM spam stopper was ever created. 1,000 sites have been hit, and IPB has postponed IPB 3, and are making a patch as we speak. (Later tonight or tomorrow morning is planned release) If anyone receives a PM frommuzrinklmusbase or something along those lines. Find a way to contact me, I need to ban them fast. If it gets out of hand, I will have no choice, but to take down the forum till the exploit is fixed. Don't anyone say, "Dude you just told everyone of the exploit" No I didn't. You can't hack from it, only SPAM and its already #1 on a few hacking sites. I might install a quick mod to put a CAPTCHA on the PM's or just temp. remove the Messenger. The account has to be made by a human (which is hasn't) which then is hooked into the bot. Thanks for understanding. As of 5:40pm Central Time. IPS has released a patch and I have updated. All is good. Edited April 8, 2009 by iBotPeaches Mass PM fixed, thanks IPS
iKhaosmaster Posted April 8, 2009 Report Posted April 8, 2009 :/, i'll look for captcha for PM's.Why look and not make one? It's so easy to make.
iBotPeaches Posted April 8, 2009 Author Report Posted April 8, 2009 Easy? Man, good at PHP then. -Skin a CAPTCHA into a messenger.-Make it only there for "select usergroups"-Have the CAPTCHA line up with a form box Takes awhile. Either way, IPS made a patch in under 6 hours. Great work, and were free from this exploit.
iKhaosmaster Posted April 8, 2009 Report Posted April 8, 2009 Easy? Man, good at PHP then. -Skin a CAPTCHA into a messenger.-Make it only there for "select usergroups"-Have the CAPTCHA line up with a form box Takes awhile. Either way, IPS made a patch in under 6 hours. Great work, and were free from this exploit.I can make a basic one. lol
Quinn Posted April 9, 2009 Report Posted April 9, 2009 Wow, they made patch before I even knew about it lol
iBotPeaches Posted April 9, 2009 Author Report Posted April 9, 2009 The first report came yesterday, and was claimed as poor security on that clients side. Then like 12 hours ago, 100 people reported it. Then it was classified as bug, took em about 5 hours to make, update and make a post with the patch. In all, excellent time.
BTKC124 Posted April 11, 2009 Report Posted April 11, 2009 i am glad it is fixed [= i did not get one spam pm so i think others may be more happy
Recommended Posts