Has your MSE forum email address been spammed.
Options
Comments
-
I've yet to get spam from the email address I use for MSE - and it's my primary address, but then I think I've got a rep round the 'net for harassing the spammers back and reporting them to their ISPs.
Btw, Martin, I take it you meant "ISP" in your insert to the OP rather than "ESP"?
It's worse for me - I've got a Yankee keyboard layout on my laptop - nothing's where it's meant to be0 -
Your email address may have been intercept by someone sniffing internet traffic to/from MSE, you and your email provider. Or your email provider may have a security problem.0
-
Hello TimothyEBaldwin!Your email address may have been intercept by someone sniffing internet traffic to/from MSE, you and your email provider. Or your email provider may have a security problem.
Yes, that is always a possibility, except in my case, apart from an email two years or so years ago, I've not had any emails from MSE...apart from the Spam message that popped up at the same time as the others.
I'm therefore almost 100% certain that the problem was not that.
Several people who use unique email addresses for this Forum have all received more or less the same Spam at more or less the same time. This, I regret, does look like an email list has been compromised.
The important issue is to work out how, and plug the hole.
FUWW0 -
Start with the obvious - such as external entry to your DB server, and logins to any sort of console which runs on your server (SSH?). Then it gets messy.
Something to keep in mind is that if the email list was extracted from MSE it could have been done months or years ago and log files may have been erased since then.
I said earlier that something similar happened to me on another forum which I'd also consider reputable. I registered another account to see if it happened again and that was two years ago and it hasn't. Which sounds to me like there's a vunerability that very few people know about and the attacker doesn't hit the same place twice in order to avoid being caught.0 -
It's probably going to be hard to trace down. The forum could have been misconfigured for a short period of time or had a bug at some point that exposed all the e-mail addresses to to the web e.g. this one:
http://www.vbulletin.com/forum/showthread.php?t=258527
Or maybe there is or has been a hole in the database and someone's got a spam harvesting technique that exploits it. Probably wouldn't have to log detail to be able to spot that.0 -
Hello Pound!Something to keep in mind is that if the email list was extracted from MSE it could have been done months or years ago and log files may have been erased since then.
Good point.
It may be worth looking at when people Registered to see if there is a time link, i.e. was it a batch of people from 12 months/24 months ago.
The exploit could've been plugged a while ago.
I've only had the one Spam message. Nothing else so far.
FUWW0 -
I understand that the MSE enquiry relates specifically/particularly to those members with an e-mail address used uniquely for here - which does not apply to me - but for the record I had a "DHS - from the FBI" with an .exe file attachment today, similar to those noted by other posters.If many little people, in many little places, do many little things,
they can change the face of the world.
- African proverb -0 -
Hello *MF*!I understand that the MSE enquiry relates specifically/particularly to those members with an e-mail address used uniquely for here - which does not apply to me - but for the record I had a "DHS - from the FBI" with an .exe file attachment today, similar to those noted by other posters.
No, it will affect others, it was only that people with unique emails linked to MSE would've spotted this first. The fact you have received it suggests your email has been compromised too, or it could have come because your email address was already on a Spam list.
Very hard to tell now, but the people with unique MSE email addresses are the ones who would spot this sort of thing happening.
FUWW0 -
Hi folks,
Thank you for all your help and information on this.
After spending quite a substantial amount of time investigating, we have not been able to find any obvious loopholes or record of penetrations of our security.
However, the number of reports by users with unique e-mail addresses makes it difficult to argue against the fact that at least some of our Forum e-mail database has fallen into the hands of spammers.
Based on what we’ve found, we can only surmise two possible ways of this happening.•A security loophole in vBulletin.
The software we use for the Forum is a third-party software, called vBulletin that is widely used across the web. It is possible there is a security loophole with that (there have been reports of similar incidents on other sites, although we’ve no idea of how true they are).•Brute force
The other alternative is simply someone has simply brute forced their way to break into our administration section and taken a few emails that way.
The former we can do little about. As to the latter we have taken a number of steps to beef up our security and lock down access to outsiders. This is the first time anything like this has happened in MSE six years, we don't take things for granted, and we do take this seriously. Obviously we’re not going to publish here the extra security steps taken as that would defeat the point in them.
Thankfully, we only keep registration e-mail addresses, so the downside problem is relatively limited, although we do understand that the increase in spam is annoying.
We would just like to reiterate at this point that we would never voluntarily share our users personal information with anyone else so for this to happen is frustrating and we’re trying to ensure that it doesn’t happen again.
Please accept our apologies for this happening and thank you to the users who brought it to our attention and do let us know if you suspect anything like this has occurred in future.
Webby0 -
We would just like to reiterate at this point that we would never voluntarily share our users personal information with anyone else so for this to happen is frustrating and we’re trying to ensure that it doesn’t happen again.
Please accept our apologies for this happening and thank you to the users who brought it to our attention and do let us know if you suspect anything like this has occurred in future.
I think everyone does understand that, and none of the Posts here have been critical of MSE.
These things happen, sadly.
I'll change my MSE email address to something else unique, and that will help to serve as a first line warning if anything like this happens again. If others with unique emails do the same, then at least we can let you know.
I stress that no criticism has been intended against MSE. The main aim was to help find the loophole. I suspect it may have happened some time ago, and the email list has only just been handed over to a Spam list.
Keep up the good work.
FUWW0
This discussion has been closed.
Categories
- All Categories
- 343.6K Banking & Borrowing
- 250.2K Reduce Debt & Boost Income
- 449.9K Spending & Discounts
- 235.7K Work, Benefits & Business
- 608.7K Mortgages, Homes & Bills
- 173.3K Life & Family
- 248.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards