Atlas Model Railroad Co. - SPAM invasion
Atlas Model Railroad Co.
Username:
Password:
Save Password


Register
Forgot Password?
  Atlas Model Home   Forums   Events Calendar   Rules   FAQ  
Active Topics | Members | Online Users | Forum Archive | Basic Forum (Mac / Netscape Users) | Search | Statistics
[ Active Members: 0 | Anonymous Members: 0 | Guests: 26 ]  [ Total: 26 ]  [ Newest Member: jjbern ]
 All Forums
 Administrative Forums
 Administrative Forum
 SPAM invasion
 Forum Locked |   Printer Friendly
Author Topic Next Topic: NMRA Train Show 2012  

peteski

Posted - 2012 April 19 :  2:22:36 PM  Show Profile
Hello,
this is the 2nd time I have seen actual SPAM messages posted on the forum.
http://forum.atlasrr.com/forum/topic.asp?TOPIC_ID=70544
I'm really beginning to think that the forum has been hacked. You might consider doing something about this.

Peteski

Country: USA | Posts: 3324

Ken Rice

Posted - 2012 April 19 :  7:23:09 PM  Show Profile  Visit Ken Rice's Homepage
Getting through the signup and email verification process can be done by anyone who is willing to take the time, including someone who wants to spam. It's not nice, but it's not the same thing as the forum being hacked - that would imply that someone has figured out how to poke around in the forum and related data without having signed up by exploiting bugs and vulnerabilities in the snitz forums software or Atlas' deployment of it. I think if the forum had been hacked you would see much more unpleasant manifestations than a spam post by a new member.

- Ken


My blog: http://rices-rails.blogspot.com/

Country: USA | Posts: 1093 Go to Top of Page

peteski

Posted - 2012 April 20 :  09:33:47 AM  Show Profile
Ken,
I suspect the forum was hacked because of plethora of new users with user names like "get cheap viagra", or other similarly obvious spammer names. When you legitimately register I assume there is some sort of screening process which involves a human. Users with obvious SPAM names seem to me that they are circumventing the registration process (the forum has to be hacked for someone to be able to do that).

Why do I think that? Because I had a friend of mine create a bogus email account and then request Atlas forum account using a user name which obviously indicates a spammer. Well, his account was never created by Atlas. So I assume that some human looked at his account request and just deleted it.


Peteski

Country: USA | Posts: 3324 Go to Top of Page

Ken Rice

Posted - 2012 April 20 :  12:57:34 PM  Show Profile  Visit Ken Rice's Homepage
Pete,
New accounts might be different treatment based on the domain of the email (e.g. hotmail.com accounts might get manual vetting, gmail.com accounts might go through automatically, just to make up an example).
I just did a little googling and found this:
http://www.gulftech.org/advisories/Snitz%20Forums%202000%20Multiple%20Vulnerabilities/10
If you hover over the powered by snitz forum link in the lower right a popup tells us Atlas has got version 3.4.03 deployed. The vulnerabilities on that page are fixed in 3.4.04. I don't see offhand how those vulnerabilities could be used to make new user accounts but I suppose it's possible. Can a user On the other hand, look at what they can easily be used to do. Nasty. I would have thought we'd hear about it if was happening.

And I hope Atlas upgrades to 3.4.04 soon!

- Ken


My blog: http://rices-rails.blogspot.com/

Country: USA | Posts: 1093 Go to Top of Page

ACL1099

Posted - 2012 April 20 :  3:23:27 PM  Show Profile
Yes, and the newest member right now is "replica handbags"...wonder if they're in HO or N?


Country: Western Samoa | Posts: 1626 Go to Top of Page

Pops

Posted - 2012 April 20 :  5:22:47 PM  Show Profile
quote:
Originally posted by ACL1099

Yes, and the newest member right now is "replica handbags"...wonder if they're in HO or N?



probably a new line of baggage cars



Country: USA | Posts: 116 Go to Top of Page

peteski

Posted - 2012 April 23 :  1:58:56 PM  Show Profile
So Ken, you think that automatic membership approval is based on the domain name for the email address? Interesting.

The test we did used email.com address. But I could ask my friend to create email accounts using several services (like gmail, hotmail, yahoo, etc.) and see if he can get registered using names similar to "Spanking Video" or "Mechanical Bulls West Chester Pa" (both of those are valid names of current members) or similar obviously non model train related user names and see if any get created.


Peteski

Country: USA | Posts: 3324 Go to Top of Page

Ken Rice

Posted - 2012 April 23 :  6:38:08 PM  Show Profile  Visit Ken Rice's Homepage
I'm just hazarding a guess. The company I work for provides several web services, and I know it's a constant battle to keep abuse down to a minimum. Strategies change constantly, and in some cases can depend on things you might not expect. The goal is always to block as many bad guys as possible without inconveniencing any good guys. Especially the good guys who pay us money :-)

The point is, it's very is to ask Atlas to do something about it. Coming from the other side, it's very hard to do something effective about it without inconveniencing the good guys. I have a lot of sympathy for them.

Oh yes, and keep in mind that if you do try experiments like that, you will probably make someone who's job it is to peruse log files spend time looking at it. Your experiment may be someone else's headache over morning coffee.

- Ken


My blog: http://rices-rails.blogspot.com/

Country: USA | Posts: 1093 Go to Top of Page

peteski

Posted - 2012 April 24 :  01:50:36 AM  Show Profile
Ken, you think I'll really be inconveniencing the admin of this forum that much? How about all those dozens (or maybe hundreds) they already receive each day and few get through and automatically approved? Here is another one which just showed up: samsung vibrant giveaway
You think that my friend setting up 4 or 5 email addresses and then requesting forum account will be that much of an inconvenience to the administrator?

We have been mentioning to Atlas that there is something fishy going on with the forum but this fact is not acknowledged and as far as I can tell, nothing gets done about it either (as spammers are continuously showing up as new users). Just look at the posts about spammers in this section of the forum (list year's worth of posts). At this point I'm simply curious how those spammers get through. Whether this is done through some automatic approval or through some back door in the forum.


Peteski

Country: USA | Posts: 3324 Go to Top of Page

switchhand

Posted - 2012 April 24 :  08:43:57 AM  Show Profile
quote:
Originally posted by peteski

Ken, you think I'll really be inconveniencing the admin of this forum that much? How about all those dozens (or maybe hundreds) they already receive each day and few get through and automatically approved? Here is another one which just showed up: samsung vibrant giveaway
You think that my friend setting up 4 or 5 email addresses and then requesting forum account will be that much of an inconvenience to the administrator?

We have been mentioning to Atlas that there is something fishy going on with the forum but this fact is not acknowledged and as far as I can tell, nothing gets done about it either (as spammers are continuously showing up as new users). Just look at the posts about spammers in this section of the forum (list year's worth of posts). At this point I'm simply curious how those spammers get through. Whether this is done through some automatic approval or through some back door in the forum.




Peeski. I'm pretty sure if it really was a big problem, the "Big Boss" of the forum would have taken care of it by now. Think you need to chill back a bit.



Country: USA | Posts: 2689 Go to Top of Page

peteski

Posted - 2012 April 24 :  3:48:14 PM  Show Profile
quote:
Originally posted by switchhand



Peeski. I'm pretty sure if it really was a big problem, the "Big Boss" of the forum would have taken care of it by now. Think you need to chill back a bit.



You would think so, wouldn't you.

Actually in the past I had the same relaxed view of all the oddities on this forum. Things like time mismatch between basic and advanced forums, Messed up daylight savings time changeover, year 1709 in the copyright tag on the bottom of each page, and all the obviously smapper user names which show up in the "Newest Member" line. I thought it was all harmless. But now since the spammers are actually posting messages to the forum I think that there is more to worry about. To me that crosses the line between harmless and not so harmless.

The fact that one of my credit cards was hijacked couple of weeks ago makes me more jumpy. I'm not saying that it happened here, but I'm just saying.... Ignore the small signs of a possible problem and the problem will most likely get bigger.


Peteski

Country: USA | Posts: 3324 Go to Top of Page
  Topic Next Topic: NMRA Train Show 2012  
 Forum Locked |   Printer Friendly
Jump To:
Atlas Model Railroad Co. © 1709-2011 Atlas Models Go To Top Of Page
This page was generated in 0.56 seconds. Powered By: Snitz Forums 2000