Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[F] 10,000 PMs problem [C-Ryan Gordon]
#1
I just had a member last night send 10,000 PMs to my members. I woke up to see that. Now...I know officially this isn't a bug but imho it's a priority to stop spammers especially if they can write a script and have 10,000 PMs sent in minutes. This is a grave cause for concern. They could have flooded my server with 1,000,000 PMs and probably crashed the site, server or database.

I have max recipients set to just 1 for the registered group.

I will probably do a custom fix for now to prevent this but please mybb look into this. I exported the data from my logs. There is some really disturbing stuff if it can be repeated.

Sample logs:


Quote:59.93.176.72 - - [12/Nov/2008:04:46:37 -0500] "POST /private.php HTTP/1.1" 302 203 "http://www.hackforums.net/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3"
59.93.176.72 - - [12/Nov/2008:04:46:37 -0500] "POST /private.php HTTP/1.1" 302 203 "http://www.hackforums.net/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3"
59.93.176.72 - - [12/Nov/2008:04:46:38 -0500] "POST /private.php HTTP/1.1" 302 203 "http://www.hackforums.net/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3"
59.93.176.72 - - [12/Nov/2008:04:46:38 -0500] "POST /private.php HTTP/1.1" 302 203 "http://www.hackforums.net/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3"


Appears to probably be using a firefox plugin that would automate the process for them. Hard to really tell for sure but that's how it looks to me. If the flood-control setting "postfloodsecs" can be applied to PM's...I think that's best solution.

Thank you.


Messages In This Thread
[F] 10,000 PMs problem [C-Ryan Gordon] - by labrocca - 11-12-2008, 11:57 PM
RE: 10,000 PMs problem - by Ryan Gordon - 11-13-2008, 12:38 AM
RE: 10,000 PMs problem - by labrocca - 11-13-2008, 12:49 AM
RE: 10,000 PMs problem - by Ryan Gordon - 11-13-2008, 01:22 AM
RE: 10,000 PMs problem - by labrocca - 11-13-2008, 03:02 AM
RE: 10,000 PMs problem - by Ryan Gordon - 11-13-2008, 05:05 AM
[F] 10,000 PMs problem - by Ryan Gordon - 11-13-2008, 05:05 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)