[2021-02-25] Private message spam, **NOT** hacked

72 posts / 0 new
Last post
bushmaster
bushmaster's picture
Offline
Last seen: 18 min 41 sec ago
Joined: 07/09/2017 - 15:40
Posts: 540
Location: Colville, WA USA

My message was from Jasica11. I didn’t see where anybody else was contacted by her.
Maybe she was real? Big Smile

Keep your nose in the wind and your eyes along the skyline.
Del Gue

Lightbringer
Lightbringer's picture
Online
Last seen: 1 min 53 sec ago
Joined: 08/30/2016 - 14:12
Posts: 14174
Location: nyc

Anyone got a copy of the message so they can send it to me?

I feel so left out… Crying

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

MoreLumens
MoreLumens's picture
Offline
Last seen: 3 hours 41 min ago
Joined: 10/25/2019 - 07:08
Posts: 1364
Location: Finland

Lightbringer wrote:
Anyone got a copy of the message so they can send it to me?

I feel so left out… Crying

It was just a link to some shady site. Nobody should click it anyway. Also senders avatar was an asscheeks or atleast user that harassed me had one.

G0OSE
G0OSE's picture
Offline
Last seen: 8 hours 55 min ago
Joined: 09/03/2014 - 12:34
Posts: 2199
Location: UK SW

Lightbringer wrote:
Anyone got a copy of the message so they can send it to me?

I feel so left out… Crying


Don’t play the innocent, we all know it was you behind it. Silly
Lightbringer
Lightbringer's picture
Online
Last seen: 1 min 53 sec ago
Joined: 08/30/2016 - 14:12
Posts: 14174
Location: nyc

Wellp, I think whoever had the asscheeks avatar was behind it…

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

raccoon city
raccoon city's picture
Offline
Last seen: 39 min 48 sec ago
Joined: 10/06/2010 - 02:35
Posts: 15634
Location: रॅकून सिटी Palm Desert CA USA

I remember a thread with a bunch of behinds in it.

That thread had to go away.

It was very naughty.  })

Jack Kellar
Jack Kellar's picture
Offline
Last seen: 7 hours 53 min ago
Joined: 03/09/2014 - 14:21
Posts: 2052
Location: Throwing bolts at anomalies

Got the e-mail notif from a PM by alisausa11 today at 3:46 AM (GMT -4 time zone). Can’t see the message itself, I’ve already deleted it.

Ka Benignon
Offline
Last seen: 1 month 3 weeks ago
Joined: 05/05/2019 - 10:43
Posts: 2
Location: Gijon Spain

I received mail from BLF notifying me PM.
I clicked link to PM and it was Diane98.
Thank you SB56637

E1320
E1320's picture
Offline
Last seen: 2 months 1 week ago
Joined: 03/30/2011 - 05:26
Posts: 3376
Location: New Hampshire

I had a message from 2011 haha. Hi guys long time no see.

I am already visualizing the duct tape over your mouth.

sb56637
sb56637's picture
Offline
Last seen: 1 day 13 hours ago
Joined: 01/08/2010 - 09:29
Posts: 7006
Location: The Light

Hey there E1320! Welcome! I guess every cloud has a silver lining. Wink

Budget Light Forum ...where Frugal meets with Flashlight!

ftumch33
Offline
Last seen: 1 day 22 hours ago
Joined: 01/28/2020 - 22:07
Posts: 58
Location: Whitestone, NY

So I don`t have to send nudes to stay registered on the forum? LOL

BOO5TED
BOO5TED's picture
Offline
Last seen: 27 min 24 sec ago
Joined: 04/16/2019 - 20:53
Posts: 591
Location: ATL
ftumch33 wrote:
So I don`t have to send nudes to stay registered on the forum? LOL

Yes, they are required now. Send all pics to Lightbringer. Wink

P.S.

Diane98 sent me one also, I know sites that would shock her lol.

"America has three cities, New York, San Francisco and New Orleans. Everywhere else is Cleveland."- Tennessee Williams

 

Boaz
Boaz's picture
Offline
Last seen: 3 days 50 min ago
Joined: 11/07/2010 - 09:31
Posts: 7551
Location: Birthplace of Aviation

 Slowly..... she started taking items off ,....one by one .... First her headlamp ....

 You just have to know how to handle these women . She kept talking about my package and wanted me to repeat my Visa card number .I told her she’d have to talk to my financial advisor  at the First national bank of Nigeria .No ones getting any more money till the folks at the lottery send the check. I think they’re having problems finding an envelope big enough to send it. It’s a really big check .

 She didn’t say what she needed money for but I think she’s too embarrassed to admit it’s to buy clothes . None of these poor women have any and I feel for them. 

  I tried to explain mode spacing , inverse square law and PWM ... I’m still waiting for another p.m.

  Kinda nice to see more girls interested in the hobby .

 

       καὶ τὸ φῶς ἐν τῇ σκοτίᾳ φαίνει καὶ ἡ σκοτία αὐτὸ οὐ κατέλαβεν

                            

       Dc-fix diffuser film  >…  http://budgetlightforum.com/node/42208

Lux-Perpetua
Lux-Perpetua's picture
Offline
Last seen: 3 hours 1 min ago
Joined: 03/01/2018 - 04:39
Posts: 2944
Location: between 365nm and 750nm

Boaz wrote:

 

(...) You just have to know how to handle these women . (...)

  I tried to explain mode spacing , inverse square law and PWM ... I’m still waiting for another p.m.

  Kinda nice to see more girls interested in the hobby .

Nah, you started the wrong way. Instead you should have given her a little token (e.g. a fancy keychain light?) to show your deep appreciation and admiration for revealing her ... uhm ... nice flesh... sorry flashlight parts to you. Something like this...

“Hey Beatrice, this must have slipped right off your neck.“

Robin Dobbie
Offline
Last seen: 4 hours 20 min ago
Joined: 04/30/2019 - 12:49
Posts: 952
Location: Texas

I didn’t get any sexy spams. Crying

lcortez321
Offline
Last seen: 2 months 1 week ago
Joined: 10/03/2017 - 22:10
Posts: 58
Location: United States New York , NY.

I received one of those private messages. I thought for a second, someone had the winning lotto numbers for me. I guess the joke is on me.

raccoon city
raccoon city's picture
Offline
Last seen: 39 min 48 sec ago
Joined: 10/06/2010 - 02:35
Posts: 15634
Location: रॅकून सिटी Palm Desert CA USA

Update from the OP:

"A new system is now in place to prevent this sort of attack from occurring again."

and

"A workaround is now in place for this bug."

...

Excellent!  :THUMBS-UP:

Hoosh
Hoosh's picture
Offline
Last seen: 4 days 2 hours ago
Joined: 08/17/2015 - 21:15
Posts: 110

If the PM was sent to me, shouldn’t I have been the one to decide whether it was “spam” for me?

“Wholesale cleansing” sounds rather religious, does it not? I mean, one man’s ceiling is another man’s floor, right? One man’s trash is another man’s treasure, right? Last time I checked, PM’s were just that…private, as in, non-public.

Just wondering, as this seems almost CPFish in deciding what’s best for “me.”

sb56637
sb56637's picture
Offline
Last seen: 1 day 13 hours ago
Joined: 01/08/2010 - 09:29
Posts: 7006
Location: The Light

@Hoosh: This was a large scale spam attack from one source that used bots to masquerade as normal human users in order to create over 20 BLF user accounts and send thousands of PMs. If you consider a message sent by a computer inviting you to view porn as a valuable personal communication, then you really need to read up on the basics of how spam and other nefarious activities are creating such a plague on the internet. It’s a wild and sinister world out there online, and your position sounds dangerously naïve. Furthermore, spam and other criminal activities are prohibited by the BLF Rules that you accepted to join this forum, and my job is to enforce them.

Budget Light Forum ...where Frugal meets with Flashlight!

Robin Dobbie
Offline
Last seen: 4 hours 20 min ago
Joined: 04/30/2019 - 12:49
Posts: 952
Location: Texas

If you really want automated messages, just start your own email server, disable any spam protection, then put your email address in your signature. Let the good times roll!

sb56637
sb56637's picture
Offline
Last seen: 1 day 13 hours ago
Joined: 01/08/2010 - 09:29
Posts: 7006
Location: The Light
Robin Dobbie wrote:
If you really want automated messages, just start your own email server, disable any spam protection, then put your email address in your signature. Let the good times roll!

Exactly. And better hope you own a direct upstream trunk to the internet, because every ISP or web host that I know of will block your SMTP ports and/or deny you service in the blink of an eye if they get so much as a hint that you’re participating in that sort of traffic. And that’s another very powerful reason that absolutely obliged me to react as I did and have always done; otherwise BLF would have ceased to exist many years ago and no decent hosting service would want to have anything to do with us if I permitted that sort of garbage to go unchecked. And no other self-respecting admin that is not a criminal would have done anything different.

Budget Light Forum ...where Frugal meets with Flashlight!

Rusty Joe
Rusty Joe's picture
Offline
Last seen: 12 hours 9 min ago
Joined: 07/24/2011 - 00:22
Posts: 3424
Location: Houston, TX

Not sure I understand how settings allowed for a new user to jump in and message everyone.

sb56637
sb56637's picture
Offline
Last seen: 1 day 13 hours ago
Joined: 01/08/2010 - 09:29
Posts: 7006
Location: The Light
Rusty Joe wrote:
Not sure I understand how settings allowed for a new user to jump in and message everyone.

The settings were definitely far too permissive, simply because we’ve never had a problem like this up until now. But it wasn’t “a user”, it was a bot or possibly even a botnet rapidly abusing legitimate access mechanisms. And unless there are sensible limits in place anything that a normal human can do with a computer can be accomplished and repeated millions of times faster with a computer script.

Budget Light Forum ...where Frugal meets with Flashlight!

Rusty Joe
Rusty Joe's picture
Offline
Last seen: 12 hours 9 min ago
Joined: 07/24/2011 - 00:22
Posts: 3424
Location: Houston, TX
sb56637 wrote:
Rusty Joe wrote:
Not sure I understand how settings allowed for a new user to jump in and message everyone.

The settings were definitely far too permissive, simply because we’ve never had a problem like this up until now. But it was wasn’t “a user”, it was a bot or possibly even a botnet rapidly abusing legitimate access mechanisms.

Got it. Well, you’ve done a hell of a job thus far at keeping this place NOT full of power-hungry mods or scam/spam, so that’s great. The rare breach is ok as long as it’s a while until the next one, and certainly, we’ve done better here than any other forum I know.

Every other forum I know gets bot accounts daily.

sb56637
sb56637's picture
Offline
Last seen: 1 day 13 hours ago
Joined: 01/08/2010 - 09:29
Posts: 7006
Location: The Light
Rusty Joe wrote:
The rare breach is ok as long as it’s a while until the next one, and certainly, we’ve done better here than any other forum I know.

Thanks for the support! I just need to clarify that “breach” isn’t the correct term in this case, because that implies that they used illegitimate access methods or vulnerabilities to access and/or exfiltrate private information. That wasn’t what happened in this case, instead they used the default settings to send information to most of the BLF user list, which is already public information. And they only added unwanted information instead of seeing something that they normally wouldn’t be able to see.

Budget Light Forum ...where Frugal meets with Flashlight!

Rusty Joe
Rusty Joe's picture
Offline
Last seen: 12 hours 9 min ago
Joined: 07/24/2011 - 00:22
Posts: 3424
Location: Houston, TX
sb56637 wrote:
Rusty Joe wrote:
The rare breach is ok as long as it’s a while until the next one, and certainly, we’ve done better here than any other forum I know.

Thanks for the support! I just need to clarify that “breach” isn’t the correct term in this case, because that implies that they used illegitimate access methods or vulnerabilities to access and/or exfiltrate private information. That wasn’t what happened in this case, instead they used the default settings to send information to most of the BLF user list, which is already public information. And they only added unwanted information instead of seeing something that they normally wouldn’t be able to see.

Understood. By choice of words on my part.

How do we deal with ordinary bots?

Rusty Joe
Rusty Joe's picture
Offline
Last seen: 12 hours 9 min ago
Joined: 07/24/2011 - 00:22
Posts: 3424
Location: Houston, TX

I still think we need private forums for senior members and whatnot.

Lightbringer
Lightbringer's picture
Online
Last seen: 1 min 53 sec ago
Joined: 08/30/2016 - 14:12
Posts: 14174
Location: nyc
Rusty Joe wrote:
How do we deal with ordinary bots?

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

sb56637
sb56637's picture
Offline
Last seen: 1 day 13 hours ago
Joined: 01/08/2010 - 09:29
Posts: 7006
Location: The Light

Rusty Joe wrote:

How do we deal with ordinary bots?

We do indeed get huge numbers of bots that come around “poking” at the server, just like any other website. Most of them don’t even know or care that this is a web forum, instead they try to directly access the underlying server operating system via unpatched low-level vulnerabilities or incorrect server configurations. Most of those attempts get quickly shut down by a sort of automatic circuit breaker, and to my knowledge none have ever been successful. Then there are other types of bots that directly target and try to take control of the actual forum software (many are dumb and actually attempt all sorts of common methods to breach Wordpress, which we don’t even run here) using illegitimate access methods or unpatched vulnerabilities. Again, to my knowledge we’ve never had a successful breach or private data leak at that level either. Then there are the bots like the ones responsible for this recent attack that perform the same steps that a legitimate human user would take to use the forum software. From what I can tell there is usually a human that performs certain manual tasks first and then sets the bots loose to repetitively blast out a fire hose of whatever kind of smut they’re promoting. Or sometimes they simply access thousands upon thousands of pages like any real user could do. Once in a while they hit our server so hard that it slows to a crawl, and I have to manually intervene and block their IP address(es).

Now that you mention this is a good time to give a huge shout of thanks to all the legitimate BLF users that help control spam in the public forums. I couldn’t do it without your collective help. I occasionally get reports of a spam post, but it’s almost always eliminated and the account shut down via the Spam button before I can even get to it. Many thanks to all of you for your vigilance!

Budget Light Forum ...where Frugal meets with Flashlight!

wle
wle's picture
Offline
Last seen: 17 min 41 sec ago
Joined: 01/07/2015 - 13:49
Posts: 2184
Location: atlanta ga
SammysHP wrote:
Unheard wrote:
No PMs from Diane, Chantal etc. What did I do wrong? Sad
Yeah, I feel the same. No love for me. Crying Wink

yeah me neither wtf christine99?
whatd i ever do to you?
or not do?

"You never have the wind with you - it's either against you, or you're having a good day."
    Daniel Behrman, "The Man Who Loved Bicycles".
It never gets easy, you just go faster.   
-Greg Lemond.
       ,ø¤º°`°º¤ø¸,ø¤º°`°º¤ø¸,ø¤º°`°º¤ø¸

Pages