Results 1 to 10 of 10
Sep 6, 2013, 02:08 #1
- Join Date
- Apr 2013
- 6 Post(s)
- 1 Thread(s)
VB3.8.7 showthread.php has security flaws?
Well I received an email from my webhost saying that they've received complaints about my dedicated server sending spammails. Its weird as I'd never do such thing myself, it also would not benefit me at all. As I've investigated further, I was able to track down the spammer's info from this:
X-Mailer: vBulletin Mail via PHP
Date: Tue, 3 Sep 2013 13:02:12 -0700
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - srv1.******.com
X-AntiAbuse: Original Domain - lycos.com
X-AntiAbuse: Originator/Caller UID/GID - [500 32007] / [47 12]
X-AntiAbuse: Sender Address Domain - srv1.******.com
X-Get-Message-Sender-Via: srv1.******.com: authenticated_id: ******/from_h
X-Source-Args: /usr/bin/php /home/******/forum/showthread.php
This is a message from Ann Curtis ( mailto: ) from the ****** Forum ( http://www.******.com/forum/ ).
The message is as follows:
Dearest Energy User,
A POWERFUL invention from 1927 that secretly powered the famous Col. Charle=
s Lindbergh's aircraft on his voyage to be the first to cross the atlantic =
by airplane without stopping.
The same invention has already helped thousands of energy users by SLASHING=
their Electric Bill up to almost 100 percent.
See this page to see the video: http://payspree.com/12855/ann
Have a good one.
This problem caught my attention since I had a similar experience back in July, and I was able to persuade my webhost to continue to run my forum as the spammer left after the webhost suspended my account for about 2-3 days. So its technically the second time that my vbulletin forum's showthread page vulnerability is being abused, I wonder if anyone else is experiencing an issue similar to this? If so, how do you fix it? Please lemme know if you know anything about it. Thx.
Last edited by Mittineague; Sep 6, 2013 at 09:19. Reason: delinking quote