View Full Version : Has the forum been hacked?



Flyfishermanbob
01-14-2010, 04:33 AM
recieved a message

DO NOT REPLY TO THIS EMAIL!
***************************

Dear Flyfishermanbob,

You have received a new private message at Geocaching Maine from matildee894, entitled "Attention!".

To read the original version, respond to, or delete this message, you must log in here:
http://www.geocachingmaine.org/forum/private.php (mhtml:{1D2E5CBE-F8BD-4CE8-B378-F4EA13E40ADC}mid://00000503/!x-usc:http://www.geocachingmaine.org/forum/private.php)

This is the message that was sent:
***************
Hello, my friend. I found report about your computer's security at:http://detected.co.cc/ktaadnman;Mainepod;bobndeb;Flyfishermanbob;G ForcePlease, take this into account. Best regards, Forum Member )


Which tries to install a Trojan ..... be warned
regards FFB

Ekidokai
01-14-2010, 04:52 AM
Not really hacked. New Spam.

JustKev
01-14-2010, 05:11 AM
Just delete it, like I'm doing with the message I got from the same person. One of the administrators will toast the twerp.

Ekidokai
01-14-2010, 05:24 AM
I wish I could, but I have not been given the authority. I'm working on something that should take care of this kind of thing.

rcwhit
01-14-2010, 05:59 AM
Yea, I got one too!

JustPJ66
01-14-2010, 06:37 AM
this guy was thorough...i got one too.

dubord207
01-14-2010, 07:25 AM
OK Bruce, toast this SOB for all of us! Hope nobody opens it.:(

TRF
01-14-2010, 07:26 AM
I got the same PM. Also I've gotten spam/trojan/worm (attempts) from some folks Yahoo accounts. Sheeplady would be one that I received an email from that contained a worm. I don't open any emails that are not "keyed" so I've not been victimized yet but beware of getting emails from friends that have had their Yahoo accounts exposed.

WhereRWe?
01-14-2010, 07:37 AM
Just got up, just deleted this member. We've been getting a lot of these lately. We'll do out best... :D:D

brdad
01-14-2010, 07:57 AM
Just got up, just deleted this member. We've been getting a lot of these lately. We'll do out best... :D:D

No wonder I couldn't find the user!

Just like cachers get GPSrs for Christmas, spammers get email and password lists. They're just playing the game the way they like to play!

EMSDanel
01-14-2010, 08:15 AM
I really fixed him.....I sent him my PayPal account, and social security number and told him never to send any of us another email.

brdad
01-14-2010, 08:18 AM
I really fixed him.....I sent him my PayPal account, and social security number and told him never to send any of us another email.

How ironic! I sent him your Palpal and SS number too! :)

Heh, that joke reminds me of back a few years ago when stores would ask your phone number. If I was alone I would decline or give them a bogus number, but if I was there with a friend I would give the friends number. That was always good for a laugh.

NativeMainer
01-14-2010, 08:36 AM
Heh, that joke reminds me of back a few years ago when stores would ask your phone number. If I was alone I would decline or give them a bogus number, but if I was there with a friend I would give the friends number. That was always good for a laugh.

My wife would give out a number that was one digit off our phone number when someone asked her that question. Maybe I should start giving out the time and temperature number if someone asks me that. :)

NativeMainer
01-14-2010, 08:37 AM
Oh, message deleted, BTW.

JustKev
01-14-2010, 09:07 AM
My brother always told them his phone number was "cash". Now days, however, places like Lowe's ask for your phone number to facilitate returns without a receipt. They supposedly don't use the number for anything but who knows what computer hackers can find. Granted, they'll probably also use the number for demographics to see where they need to plan their next store.

dj_grenier
01-14-2010, 09:56 AM
I also received the note. Strange.

cano
01-14-2010, 12:02 PM
Maybe you should implement captcha when sending a new message also

attroll
01-14-2010, 01:19 PM
I was wondering why I could not find him either. Thanks Bruce.

Ekidokai
01-14-2010, 06:27 PM
How ironic! I sent him your Palpal and SS number too! :)

Heh, that joke reminds me of back a few years ago when stores would ask your phone number. If I was alone I would decline or give them a bogus number, but if I was there with a friend I would give the friends number. That was always good for a laugh.

Super ironic, I sent him both your accounts and SS#'s and he wanted your dates of birth. He didn't believe me.

CARoperPhotography
01-14-2010, 07:20 PM
Got that same message here....

Ekidokai
01-14-2010, 09:04 PM
I have some pretty rugged software and carbonate so, I click on everything just to test it out. The link was OK, just some interesting...er...um...reading materials.

Team V3
01-16-2010, 12:01 PM
I got it too... Deleted.

fins2right
01-16-2010, 12:59 PM
I wish I could, but I have not been given the authority. I'm working on something that should take care of this kind of thing.


Ninjas? :D

Flyfishermanbob
01-28-2010, 04:11 AM
07:24 AM MannInBlackk


Another spam account needing deletion :mad:

brdad
01-28-2010, 04:59 AM
All of this user's PMs have been deleted and his account has been terminated. We still have a few slipping through the holes unfortunately.

dubord207
01-28-2010, 06:31 AM
Thanks Dave for keeping this crap off this site!

pm28570
01-28-2010, 09:18 AM
Just as a point of interest and a tip of the hat to Rick, Bruce and the others involved, I recently was in Dusseldorf, Germany on business and tried to log in to the site using a public-available network (at a obscenely high price) and the ISP was blocked by GeocachingMaine. So, well done guys. On the other hand, I was able to log in from the wifi available at the airport.



Thanks Dave for keeping this crap off this site!

WhereRWe?
01-28-2010, 09:33 AM
Just as a point of interest and a tip of the hat to Rick, Bruce and the others involved, I recently was in Dusseldorf, Germany on business and tried to log in to the site using a public-available network (at a obscenely high price) and the ISP was blocked by GeocachingMaine. So, well done guys. On the other hand, I was able to log in from the wifi available at the airport.

We're trying to be REALLY careful about blocking ISP's that might produce real geocachers. Russian, African and Asian ISP's are usually a slam dunk, but we have several members from Europe who are active lurkers, so we have to be careful there. RULost2? and I met one GeocachingMaine.org member in Lisbon, Portugal when we were there. (Sheesh! it was almost 2 years ago!.)

For example, today's spammer came from an ISP in The Ukraine. For those of you who want to experiment, the URL is 91.207.6.74, and it is administered by the RIPE Network (http://www.db.ripe.net/whois).

NativeMainer
01-28-2010, 10:45 AM
Wow! I didn't even see this one. Thanks for jumping all over this.

Flyfishermanbob
01-28-2010, 11:40 AM
European Lurker here :~

I was intoduced to caching by a friend in Maine in 2003 , and I've always been interested on whats happening on "the other side of the pond" .

I'm also an admin of one of our local Scottish forums http://geofrees.org/Forum/index.php
so no stranger to deleting spammers .

The pattern I've seen on my local forum seems to be very similar to here , the spammers strike in the middle of the night , giving the longest time before detection.

ps if you find a solution , pass it on .

cano
01-28-2010, 12:28 PM
European Lurker here :~

ps if you find a solution , pass it on .

You can use Bayesian Inference http://en.wikipedia.org/wiki/Bayesian_inference to determine whether a message is from spammer, in that case account in question will be blocked and no messages will be sent. This system will be also able to learn when new patterns emerge. Blocking ISP is not a very good idea, because you may block regular users wandering around the world and spammers may use proxy servers outside blocked ISP anyway.

Flyfishermanbob
01-28-2010, 01:06 PM
Not sure that our forum provider can support this, the first approach has just been to google the new members email address , inevitably if its a spammer it will already have been detected by the spam engines .

Yes its reactive , and it would be nice if it were proactive .....but its a question of balance .... at the end of the day, its still less effort to ban than it is to hack , and in all honesty , forums like ours (even though the target is quite small,) will keep getting hit despite prevention. Sad I know :(

WhereRWe?
01-28-2010, 02:01 PM
Not sure that our forum provider can support this, the first approach has just been to google the new members email address , inevitably if its a spammer it will already have been detected by the spam engines .
(

When I get the new member notice, that's the first thing I do - they usually show up on this site (http://www.stopforumspam.com/).. Then check the ISP address through ARIN (https://www.arin.net/).

I'll often check the member name against geocaching.com, to see if they'reregistered there.

:D:D