[2021-02-25] Private message spam, **NOT** hacked

72 posts / 0 new
Last post

Pages

sb56637
sb56637's picture
Offline
Last seen: 2 days 5 hours ago
Joined: 01/08/2010 - 09:29
Posts: 7006
Location: The Light
[2021-02-25] Private message spam, **NOT** hacked

Hi everyone,

My apologies to everyone for the raunchy private message spam that most have received during the past 24 hours. The first thing that needs to be made clear is that this was NOT a hacking incident. Rather, it was a low-tech, semi-automated bot attack that was using the normal mechanisms for creating new BLF user accounts and then sending spam via the normal private messaging functions that all users  --have--  had access to.

I'm currently trying to figure out the best way to mitigate these attacks. A new system is now in place to prevent this sort of attack from occurring again.

This incident has exposed a bug not related to security in the private messaging system where the system shows you a list of all your own private messages when you access an email notification link to a message that was deleted by me.  A workaround is now in place for this bug.

I have removed the bot accounts and the PMs they sent, but if I missed any please let me know. Please do not PM me about email notifications links to messages and users that no longer exist.

Again, I sincerely apologize for the inconvenience. I know it causes quite a scare (for you and me) when this sort of thing happens. But please be assured that I take the security of this site very seriously, and I am extremely vigilant with applying all security updates to the forum software and the server OS. So I'm not saying it can't happen, but as best I can tell at this point, this incident is not worrisome from a security standpoint.

Budget Light Forum ...where Frugal meets with Flashlight!

Edited by: sb56637 on 02/26/2021 - 17:44
raccoon city
raccoon city's picture
Online
Last seen: 6 min 29 sec ago
Joined: 10/06/2010 - 02:35
Posts: 15634
Location: रॅकून सिटी Palm Desert CA USA

Good to hear that BLF was not hacked!  :BEER:

...

By the way, ToyKeeper explains what was going on in a post that is in a thread that is now gone.

I'll quote her here...

ToyKeeper wrote:

Looks like sb is fending off a porn spambot today. It appears to be sending private messages to every user, one by one, every 6 seconds or so. I think sb already banned and cleaned up after a few of the bot’s accounts, but it’s still trying.

In addition to this, it appears BLF has a bug when trying to view messages which were removed this way. Instead of showing an error message, it dumps out the user’s entire private message history and marks everything as “read”.

Sb will probably clean it up first thing in the morning… but for now, the bot appears to still be active.

2A
Offline
Last seen: 1 week 4 days ago
Joined: 05/18/2020 - 09:57
Posts: 561
Location: quarantained

thanks for the update and thanks for looking out for us!

MoreLumens
MoreLumens's picture
Online
Last seen: 12 min 14 sec ago
Joined: 10/25/2019 - 07:08
Posts: 1364
Location: Finland

Good to hear that this vile attack, which traumatized many is now over and taken care of. Today we were victims, but now the healing can truly begin. Silly

deeuubee
Offline
Last seen: 3 weeks 4 days ago
Joined: 12/05/2012 - 13:35
Posts: 34
Location: Hudson Valley, NY

MoreLumens wrote:
Good to hear that this vile attack, which traumatized many is now over and taken care of. Today we were victims, but now the healing can truly begin. :P

 

Now if we can only stop the vile attack and trauma from the spam Google put on my web pages after Alexa hears me talking about it to my wife.  

cry

hodor
hodor's picture
Offline
Last seen: 1 day 22 hours ago
Joined: 07/11/2018 - 03:58
Posts: 1056
Location: UK

Thanks sb56637 for the update and for your swift actions Beer

bassoverflow
bassoverflow's picture
Offline
Last seen: 1 day 3 hours ago
Joined: 02/06/2019 - 15:31
Posts: 178
Location: WNC

Darn, thought I had a friend. Sad

Swabs
Swabs's picture
Offline
Last seen: 2 weeks 6 days ago
Joined: 11/06/2019 - 11:41
Posts: 463
Location: California

Good to know BLF wasn’t hacked. I received the inappropriate PM.

My Future's So Bright...well, my flashlights are anyways.

lightknot
lightknot's picture
Offline
Last seen: 1 month 1 week ago
Joined: 06/07/2012 - 14:55
Posts: 61
Location: Sonoran Desert , USA

I just received an email of this nature. Feb. 25th, 2021.
Diane98 was the alleged poster.

Carpe Diem

sb56637
sb56637's picture
Offline
Last seen: 2 days 5 hours ago
Joined: 01/08/2010 - 09:29
Posts: 7006
Location: The Light
lightknot wrote:
I just received an email of this nature. Feb. 25th, 2021. Diane98 was the alleged poster.

Thank you for reporting it, that account has already been shut down for a few hours. I assume you just now checked your email? Could you please confirm the exact time stamp and time zone on that BLF notification email? Appreciate it.

Budget Light Forum ...where Frugal meets with Flashlight!

Couchmaster
Offline
Last seen: 5 days 3 hours ago
Joined: 05/04/2016 - 17:11
Posts: 419
Location: USA

Damn, I need to get on my messages more often, I miss all the good stuff….sigh….

crazy.about.lights
crazy.about.lights's picture
Offline
Last seen: 2 weeks 4 days ago
Joined: 08/20/2019 - 18:19
Posts: 32
Location: In the 3rd dimension

Christina99 messaged me 6 hours ago, glad I didn’t have the suprise of what was contained within.

I never get any messages though and this one with that name suggests something amiss.

So I did not open it, instead I found this thread.

Thanks sb.

My lights: 219c D4V2, 219c Noctigon Meteor M43, SST20 4000k D4V2 Ti, xpl Hi V3 3A D4SV2, SST20 5000k KR4 (MULE), 219b FF ROT66 v2, Olight s1 mini baton CW.

jon_slider
jon_slider's picture
Online
Last seen: 3 min 30 sec ago
Joined: 09/08/2015 - 12:20
Posts: 4298
Location: Central North America

I got notification Feb 25 at 3:34am, that Angela98 sent me a message

when I tried to follow the notification link, I got my entire sent message history instead, and there is no Angela98 username on BLF

from which I infer thas sb deleted the account, along with whatever message Angela98 wanted to share…

I hope she is not lonely without me… LOL

Donald
Donald's picture
Offline
Last seen: 2 months 1 week ago
Joined: 08/03/2012 - 11:26
Posts: 2
Location: Miami, FL

Diane98 sent me a spurious PM too. Message was sent at 6:01 AM on 25 Feb 2021.
BudgetLightForum had already deleted it so I was not traumatized. LOL.

By the way, I don’t know if this is still true, but a long time when I tried to register my usual email with BLF it would not except one with the “.net” extension. After a couple of years I caved and finally registered using my gmail account.

Thanks for the administrators efforts with the forum!

JaredM
JaredM's picture
Offline
Last seen: 10 hours 57 min ago
Joined: 10/31/2011 - 13:33
Posts: 1756
Location: Pittsburgh, Pennsylvania
deeuubee wrote:

MoreLumens wrote:
Good to hear that this vile attack, which traumatized many is now over and taken care of. Today we were victims, but now the healing can truly begin. Silly

 


Now if we can only stop the vile attack and trauma from the spam Google put on my web pages after Alexa hears me talking about it to my wife.  


cry

You can. Get rid of Alexa. And your Google phone while you’re at it
Wink

And thanks SB! Your effort is appreciated! Thumbs Up

Specialsteve
Specialsteve's picture
Offline
Last seen: 3 hours 19 min ago
Joined: 08/11/2017 - 10:33
Posts: 34
Location: Germany

I got the same from Diane98. Deleted the PM and Blocked Thumbs Up

Unheard
Unheard's picture
Online
Last seen: 10 min 20 sec ago
Joined: 01/16/2019 - 11:38
Posts: 1799
Location: Germany

No PMs from Diane, Chantal etc. What did I do wrong? Sad

Smile, you cannot kill them all.

AbnInfantry
Offline
Last seen: 1 day 16 hours ago
Joined: 10/27/2019 - 03:53
Posts: 51

The raunchy PM I received came from alisausa11. I deleted the PM and blocked the sender.

ToyKeeper
ToyKeeper's picture
Offline
Last seen: 22 hours 14 min ago
Joined: 01/12/2013 - 14:40
Posts: 10648
Location: (469219) 2016 HO3

I agree there doesn’t appear to be any security risk. I see no reason to think anything was compromised.

This type of attack is (er, was) almost trivial to do. The site’s infrastructure was designed to make it easy to automate things without any special permissions. That’s fixed though, and it sounds like sb is looking into more long-term solutions.

As for the weird behavior when clicking one of the deleted messages, that’s an old issue which was unrelated to the spam. It only showed people their own messages. A little weird, but not a risk to security or privacy.

SammysHP
SammysHP's picture
Online
Last seen: 45 sec ago
Joined: 06/25/2019 - 14:35
Posts: 796
Location: Germany

Unheard wrote:
No PMs from Diane, Chantal etc. What did I do wrong? Sad

Yeah, I feel the same. No love for me. Crying Wink
slmjim
slmjim's picture
Offline
Last seen: 6 hours 6 min ago
Joined: 02/04/2018 - 17:49
Posts: 397
Location: Derby City - Home of The Louisville Slugger

That explains things OP.  Thanks.

 

slmjim

Great... Carnac the Magnificent tells me I just signed up for yet another expensive hobby.

Smile! It makes others wonder what you've been up to.

raccoon city
raccoon city's picture
Online
Last seen: 6 min 29 sec ago
Joined: 10/06/2010 - 02:35
Posts: 15634
Location: रॅकून सिटी Palm Desert CA USA

SammysHP wrote:
Unheard wrote:

No PMs from Diane, Chantal etc. What did I do wrong? Sad

Yeah, I feel the same. No love for me. Crying Wink

You both joined BLF in 2019.

If the spambots started with user #1, and then went up from there, maybe they didn't get to BLF members that joined in the last couple of years.

sb56637
sb56637's picture
Offline
Last seen: 2 days 5 hours ago
Joined: 01/08/2010 - 09:29
Posts: 7006
Location: The Light
raccoon city wrote:

SammysHP wrote:
Unheard wrote:

No PMs from Diane, Chantal etc. What did I do wrong? Sad

Yeah, I feel the same. No love for me. Crying Wink

You both joined BLF in 2019.


If the spambots started with user #1, and then went up from there, maybe they didn’t get to BLF members that joined in the last couple of years.

It looks like they didn’t go in order, I’ve received PMs from several users that got spammed in the 30,000 – 33,000 user ID range.

Budget Light Forum ...where Frugal meets with Flashlight!

G0OSE
G0OSE's picture
Offline
Last seen: 6 hours 58 min ago
Joined: 09/03/2014 - 12:34
Posts: 2200
Location: UK SW

ToyKeeper wrote:

As for the weird behavior when clicking one of the deleted messages, that’s an old issue which was unrelated to the spam. It only showed people their own messages. A little weird, but not a risk to security or privacy.

No, that bit isn’t correct TK. I can see everyone’s messages who replied to me too every message ever that is lol – hundreds of them, or did you mean that? sorry, unsure

sb56637
sb56637's picture
Offline
Last seen: 2 days 5 hours ago
Joined: 01/08/2010 - 09:29
Posts: 7006
Location: The Light

Just to be transparent, I removed the previous two threads that started discussing this issue before this official one. It’s not an attempt to hide anything, but rather there was a lot of speculation and wrong information in those threads regarding what had happened. Thanks very much to everyone here for their patience and understanding.

Budget Light Forum ...where Frugal meets with Flashlight!

sb56637
sb56637's picture
Offline
Last seen: 2 days 5 hours ago
Joined: 01/08/2010 - 09:29
Posts: 7006
Location: The Light

G0OSE wrote:
ToyKeeper wrote:

As for the weird behavior when clicking one of the deleted messages, that’s an old issue which was unrelated to the spam. It only showed people their own messages. A little weird, but not a risk to security or privacy.

No, that bit isn’t correct TK. I can see everyone’s messages who replied to me too every message ever that is lol – hundreds of them, or did you mean that? sorry, unsure

Right, all messages that were ever sent to you were getting dumped onto the screen when visiting an email notification link to a PM that no longer exists. So it’s not a privacy leak because they were the same messages that you had sent and received, just all in one big threadless glob.

Budget Light Forum ...where Frugal meets with Flashlight!

G0OSE
G0OSE's picture
Offline
Last seen: 6 hours 58 min ago
Joined: 09/03/2014 - 12:34
Posts: 2200
Location: UK SW

sb56637 wrote:
G0OSE wrote:
ToyKeeper wrote:

As for the weird behavior when clicking one of the deleted messages, that’s an old issue which was unrelated to the spam. It only showed people their own messages. A little weird, but not a risk to security or privacy.

No, that bit isn’t correct TK. I can see everyone’s messages who replied to me too every message ever that is lol – hundreds of them, or did you mean that? sorry, unsure

Right, all messages that were ever sent to you were getting dumped onto the screen when visiting an email notification link to a PM that no longer exists. So it’s not a privacy leak because they were the same messages that you had sent and received, just all in one big threadless glob.

Ah I see, sorry for the confusion.

raccoon city
raccoon city's picture
Online
Last seen: 6 min 29 sec ago
Joined: 10/06/2010 - 02:35
Posts: 15634
Location: रॅकून सिटी Palm Desert CA USA

sb56637 wrote:

It looks like they didn't go in order, I've received PMs from several users that got spammed in the 30,000 - 33,000 user ID range.

Oh, okay.

I bet you've gotten more than your fair share of PMs today.  ;)

sb56637
sb56637's picture
Offline
Last seen: 2 days 5 hours ago
Joined: 01/08/2010 - 09:29
Posts: 7006
Location: The Light
raccoon city wrote:

sb56637 wrote:

It looks like they didn’t go in order, I’ve received PMs from several users that got spammed in the 30,000 – 33,000 user ID range.


Oh, okay.


I bet you’ve gotten more than your fair share of PMs today.  ;)

You could say that… Tired Wink

Budget Light Forum ...where Frugal meets with Flashlight!

Scallywag
Scallywag's picture
Offline
Last seen: 12 hours 22 min ago
Joined: 01/11/2018 - 22:23
Posts: 1894
Location: Ohio, United States

sb56637 wrote:
raccoon city wrote:

sb56637 wrote:

It looks like they didn't go in order, I've received PMs from several users that got spammed in the 30,000 - 33,000 user ID range.

Oh, okay.

I bet you've gotten more than your fair share of PMs today.  ;)

You could say that... Tired ;)

 

Thanks for your hard work and diligence, Mr. Admin. 

raccoon city
raccoon city's picture
Online
Last seen: 6 min 29 sec ago
Joined: 10/06/2010 - 02:35
Posts: 15634
Location: रॅकून सिटी Palm Desert CA USA

Scallywag wrote:

Thanks for your hard work and diligence, Mr. Admin. 

Yep, if your forum is going to be run by a single administrator, it's beneficial to have someone that is capable (and friendly.)  :THUMBS-UP:

Pages