Zugg Software :: View topic

Posted: Mon May 16, 2005 10:09 pm

Thanks to some idiot spammer who found a way to send spam from the zuggsoft.com server, I have spent all day upgrading various software on our server.

If you have any problems with the forum or portal software, let me know. It seems to work ok here at least.

Also, we beefed up some of the firewalls and restricted more access to the zuggsoft server, and added some additional filters to our sendmail system. So, if you have any trouble sending legitimate email to us, post here in the forum. We are currently a couple of days behind on answering our email though.

Yeah, thanks for wasting my time spammer. Some day you'll get what's coming to you. Maybe tomorrow I can actually get some useful work done for a change.

Posted: Mon May 16, 2005 11:52 pm

I just fixed the problem creating a new session on the forums. Sorry for the trouble (and I know nobody could post about it either). Hopefully it's working again now.

Adept Joined: 01 Mar 2005 Posts: 277

So that's why I had troubles accessing your website!

How long do you think they were using your server for spamming?

Posted: Tue May 17, 2005 2:08 am

Spam started last Thursday (5/12). So that probably also explains why the server was slow the past few days. We took it down this afternoon, but it should have only been down for an hour or so.

I have also cleaned up the Download area. Now when you try to download a file that has multiple Mirror sites (like zMUD), a separate "Mirrors" button is displayed next to the Download button. The main Download button will download from the default mirror. This should streamline the download process for people who didn't care about mirrors (in the past you were forced to view the Mirror list and choose one).

I also adjusted some of the navigation menus on the left side of some pages, and just generally cleaned up some inconsistent pages. Decided I might as well tweak things while I was messing with the web site.

Wizard Joined: 14 Oct 2000 Posts: 1368

I just discovered that someone has spammed some of the download comments as well:
http://forums.zuggsoft.com/index.php?page=4&action=file&file_id=2
http://forums.zuggsoft.com/index.php?page=4&action=file&file_id=22
http://forums.zuggsoft.com/index.php?page=4&action=file&file_id=4
http://forums.zuggsoft.com/index.php?page=4&action=file&file_id=3

Things like these really upset me. First they spammed email and now they have these forum-spam tools obviously. It's pretty crazy. They are destroying the Internet.

Posted: Tue May 17, 2005 8:35 am

they need to give the death penalty for things like this :(

Posted: Tue May 17, 2005 8:49 am

you know eventually we're going to have to use the image thingies for posts :(

Wizard Joined: 14 Oct 2000 Posts: 1368

Wizard Joined: 10 Oct 2000 Posts: 1551 Location: Australia

What boggles me is people actually buy the product spammers spam. So long as there are dumb people buying c|-|E.aP v1ag.R.a there's going to be people spamming... what we need is to suppliment the cheap viagra with cheap cyanide and sell them as 'six inches in four easy doses'... then hopefully there'll be nobody left to supply income to the russian brides and hot young teens so we get some peace and quiet in our inbox...

though not until Zugg's made a fortune on eMobius's spam killing abilities, of course :)

Wizard Joined: 14 Oct 2000 Posts: 1368

I just got the following error message when trying to reply to a thread:

Posted: Tue May 17, 2005 7:05 pm

Thanks for reporting the spam pages. I had some permissions set wrong for a couple of the download forums. I would have never caught that. I think they need to start changing the defaults for these packages so that stuff is secure by default. When you add a new download area, it defaults to being wide open to anyone to do anything, and that's just bad.

But yes, the idiots that do this kind of crap should be shot. They *are* ruining the Internet. I wish they'd increase the penalties in the law so that it hurt these companies more for doing this stuff. Right now when they get caught they just pay their fine and continue doing it. Maybe someday someone in power will get a clue as to how bad this stuff is getting.

Also, I fixed the problem with the email sending. Apparently we closed down the SMTP server a bit too much and forgot to add the local server to one of the permission groups. Should be working again now.

Yet more of my time wasted on this crap. It's *really* annoying.

SubAdmin Joined: 18 Nov 2001 Posts: 5182

Posted: Tue Jul 19, 2005 4:03 pm

Yet *another* PHPBB security hole. Had a bunch of spammers running through the site again this morning and had to take it down for a while. Sorry for any inconvienence. Yet *more* of my time wasted.

Beginner Joined: 17 Oct 2003 Posts: 19 Location: Australia

Is there a reason you don't display the copyright notice for phpBB?

Posted: Thu Aug 25, 2005 4:06 pm

Yes. I have removed all copyright notices for phpBB, portal software, and various MODs and plugins. While I respect the work of the authors that created these programs and that I might be in technical violation of their copyrights, the fact is that hackers use these copyright notices to target attacks on systems, and I'm sick and tired of dealing with hacker attacks and spammers. Maybe one of these days they'll have *ALL* of the security exploits in PHP-based systems fixed. But for now, displaying these copyright messages are an invitation to hackers and spammers to try and break the system.

Hopefully the authors of these pieces of software will understand the issues. All of the original copyright messages are still embedded in the actual PHP files.

Beginner Joined: 17 Oct 2003 Posts: 19 Location: Australia

/phpbb/ is already in the URL; perhaps 'Powered by phpBB', with the 'phpBB' linking to www.phpbb.com would be safe?

As for versions, plugins and mods, I know where you're coming from: few of their makers test their work with the same determination as the tools that script kiddies use. I haven't seen a real hacker in years.

Wizard Joined: 14 Oct 2000 Posts: 1368

Just a link to an interesting article about this: http://www.phpbb.com/kb/article.php?article_id=8

Posted: Fri Aug 26, 2005 3:35 pm

Yes, phpbb is in the URL...it's something I've also considered removing. I've just been a bit worried about breaking existing links (the forums are linked from the help menus in zMUD, for example). Once I get the htaccess file set up to properly redirect old links, then you'll probably see the phpbb directory name changed.

And Rorso, thanks for the link. It's nice to know that they understand these issues. Looks like I'm well within the rights of the agreement, especially since I've never asked for any support from them.