MyBB Community Forums

Full Version: Spammers using showthread.php to send out mass SPAM emails from my forums
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
my server hosting provider informed me, that my forums are massively sending out SPAM email. It appears they are using showthread.php to do that. The emails are on behalf of the admin staff of the forums (I am the only admin).

My provider has blocked that php script now, so my forum users can't even access anything, plus they suspended the use of the SMTP server, so I can't even send any personal emails. Which, as you can imagine, is really annoying.

The System Mail Log shows thousands of these emails attempting to send out, still, every minute. They are unsuccessful now, because the SMTP is disabled, but my hosting provider won't enable it, till this malicious script is stopped.

What can I do?

Here is the provider's report (I have blocked out some personal info with XXXX):

Quote:It has come to our attention that large number of messages (bulk email) are being sent from customer's account, which has negatively affected our network reputation. Upon further investigation, it appears that one of your script is currently being abused.


Following is the excerpts from log for emails being sent from user's account.
Nov 13 04:03:36 USER=ipg.XXXXXX HDIR=/home/users/web/XXXXXXXX SCRIPT=/showthread.php RCPT=1 [[email protected]][email protected][/email] SUBJ=New_Reply_to_compra_cialis_in_italy
Nov 13 04:03:36 USER=ipg.XXXXXX  HDIR=/home/users/web/XXXXXXXX SCRIPT=/showthread.php RCPT=1 [[email protected]][email protected][/email] SUBJ=New_Reply_to_cialis_10_mg_bugiardino

etc etc, it goes on ....
That shouldn't happen with the right user group settings.
Go to ACP > Users & Groups > and check the "unregistered" user group (GID = 1)'s "miscellaneous" tab
Path: [your ACP path here]/index.php?module=user-groups&action=edit&gid=1#tab_misc

Unter "Miscellaneous" (again), uncheck the box labeled "Can send threads to friends and email users?"
That should do the trick.
As per linguist's post...

This is what it would look like.

[Image: 111083d9941407e909498b5a1b73f9e1.png]
The forum simply sends out mails to users that have subscribed to forums or threads ("New Reply to ..."). The best way is avoid this is to block spammers at registration.