PM spammer

If you are having a problem with logging into the site or with registering, then post under this forum to try to get help, or just use the "contact us" link at the bottom of the page to notify the Site Administrators.
Message
Author
skidoo
Posts: 753
Joined: Tue Sep 22, 2015 6:56 pm

Re: PM spammer

#11 Post by skidoo »

well...
Image
...here's the thing

click the `quote` button and view this post.
Notice the embedded (tiny,transparent) beacon image between well...here.

A PM like that may seem like just dumb/annoying spam, but it's often a "probe" toward future attack.
The sender (or his bot) knows/expects his account sending the PM (and/or IP address) will likely be banned. However, it's a throwaway -- mission accomplished. By tricking admin into reading the PM which contains an embedded image (how could you avoid it? PITA -- read PMs using a text-only browser or, prior to reaading PMs, switch on an extension or browser pref which blocks image loading)... when your browser requests the remote image which is hosted on a webserver controlled by (or hacked, logs accessible to) the attacker... the exact url of the PM page you were reading (in some software, this includes sid aka sessionID) is transmitted via referer header and logged, along with the user-agent string and requestor's (admin staffer) IP address.

If the attacker(s) are watching logs realtime, one type of attack attempt would be to paste that sessionID into a url (their probes will have ID'ed the exact version of forum software in use, they'll know if any vulns exist and the associated adminCP url(s) to target) and attempt to hijack the login session.

Is the forum software up-to-date? Maybe a fresh 0day was discovered & the known version in use here matches the list of "known vulnerable" versions?

User avatar
Eadwine Rose
Administrator
Posts: 11895
Joined: Wed Jul 12, 2006 2:10 am

Re: PM spammer

#12 Post by Eadwine Rose »

Please leave old topics where they are, thanks. This is from 2010.

Locked.
MX-23.2_x64 July 31 2023 * 6.1.0-18-amd64 ext4 Xfce 4.18.1 * 8core AMD Ryzen 7 2700
Asus TUF B450-Plus Gaming UEFI * Asus GTX 1050 Ti Nvidia 525.147.05 * 2x16Gb DDR4 2666 Kingston HyperX Predator
Samsung 860EVO * Samsung S24D330 & P2250 * HP Envy 5030

Locked

Return to “Site Help”