Spam bot got into Chiff's accounts??

Get help using the forums. If we can't help you, FEMA can.
Post Reply
User avatar
Azalin
Posts: 2783
Joined: Tue Jun 26, 2001 6:00 pm
antispam: No
Please enter the next number in sequence: 8
Location: Montreal, Canada
Contact:

Spam bot got into Chiff's accounts??

Post by Azalin »

Today I received a SPAM to an email address I use only here at Chiff. Actually, I took the habit of using a specific address for all sites I use my address on, so that I can pinpoint the source of spam... I'm not sure if you can qualify this email of SPAM, because maybe it was sent manually to many Chiff members... it's from Mysterious Records, pointing to url http://WWW.Ke-Ju.COM. It's music related, so maybe someone actually went through all members to send the email... but as far as I know, there is no way for a bot to 'fetch' email addresses automatically from phpBB, so I hope someone didn't hack the accounts!

PS: I call SPAM any unsolicited mail that is sent in an automatic, bulk manner. I don't care what the subject is.
PS2: Annoyingly enough, there is no way to get 'removed' from the company's mailing list
User avatar
Nanohedron
Moderatorer
Posts: 38212
Joined: Wed Dec 18, 2002 6:00 pm
antispam: No
Please enter the next number in sequence: 8
Tell us something.: Been a fluter, citternist, and uilleann piper; committed now to the way of the harp.

Oh, yeah: also a mod here, not a spammer. A matter of opinion, perhaps.
Location: Lefse country

Re: Spam bot got into Chiff's accounts??

Post by Nanohedron »

Just checked my email, and I have not received this spam. Dunno if that's due to good filters, or what.
"If you take music out of this world, you will have nothing but a ball of fire." - Tribal musician
User avatar
Anyanka
Posts: 312
Joined: Tue Jul 06, 2010 10:02 am
antispam: No
Location: Surrey, United Kingdom
Contact:

Re: Spam bot got into Chiff's accounts??

Post by Anyanka »

I got that spam mail too, but wouldn't be able to pinpoint the origin as I use this address for almost everything.
User avatar
benhall.1
Moderator
Posts: 14797
Joined: Wed Jan 14, 2009 5:21 pm
antispam: No
Please enter the next number in sequence: 8
Tell us something.: I'm a fiddler and, latterly, a fluter. I love the flute. I wish I'd always played it. I love the whistle as well. I'm blessed in having really lovely instruments for all of my musical interests.
Location: Unimportant island off the great mainland of Europe

Re: Spam bot got into Chiff's accounts??

Post by benhall.1 »

I got the same one, and did assume it had come via here, or that that's where the spammers had got my e-mail. But I didn't much care - I just deleted it.
User avatar
Dale
The Landlord
Posts: 10293
Joined: Wed May 16, 2001 6:00 pm
Please enter the next number in sequence: 1
Location: Chiff & Fipple's LearJet: DaleForce One
Contact:

Re: Spam bot got into Chiff's accounts??

Post by Dale »

I think that has happened before and it's hard to know why. Bots are not supposed to be able to grab user data from the forum. But, email addresses held by Epsilon weren't supposed to be breached either, but it happened.
highwood
Posts: 562
Joined: Thu Feb 07, 2008 3:30 pm
antispam: No
Please enter the next number in sequence: 12
Location: Ohio

Re: Spam bot got into Chiff's accounts??

Post by highwood »

they wouldn't have to grab user data from the forum in the sense of 'from the database'...
because email addresses are in the html of the page - the button labeled email at the bottom of each post has an email for the poster in plain text - not all posts have this button showing so it is probably some user setting.

Bill

edit: note that those saying they received the email have the email button in their posts (at least for now - does this change for old posts if their settings are updated) and the couple that posted that they did not get the email (which includes me) do not have the email button turned on
“When a Cat adopts you there is nothing to be done about it except put up with it until the wind changes.” T.S. Elliot
User avatar
MTGuru
Posts: 18663
Joined: Sat Sep 30, 2006 12:45 pm
antispam: No
Please enter the next number in sequence: 8
Location: San Diego, CA

Re: Spam bot got into Chiff's accounts??

Post by MTGuru »

Yep, what highwood said. A web scraper can suck e-mail addresses from the HTML page. Thankfully, this has not been a widespread problem here.
Vivat diabolus in musica! MTGuru's (old) GG Clips / Blackbird Clips

Joel Barish: Is there any risk of brain damage?
Dr. Mierzwiak: Well, technically speaking, the procedure is brain damage.
User avatar
Denny
Posts: 24005
Joined: Mon Nov 17, 2003 11:29 am
antispam: No
Location: N of Seattle

Re: Spam bot got into Chiff's accounts??

Post by Denny »

I've noticed that the default is to show the email address.
Someone might want to change that.

Most of the new members have email address shown.
It is somewhat like begging.
Picture a bright blue ball just spinning, spinning free
It's dizzying, the possibilities. Ashes, Ashes all fall down.
User avatar
MTGuru
Posts: 18663
Joined: Sat Sep 30, 2006 12:45 pm
antispam: No
Please enter the next number in sequence: 8
Location: San Diego, CA

Re: Spam bot got into Chiff's accounts??

Post by MTGuru »

I think we want to leave e-mail displayed by default. Individuals are welcome to turn it off. But we must have a valid e-mail addy in our database. We can change the default and/or tighten up bot access if scraping becomes a problem.
Vivat diabolus in musica! MTGuru's (old) GG Clips / Blackbird Clips

Joel Barish: Is there any risk of brain damage?
Dr. Mierzwiak: Well, technically speaking, the procedure is brain damage.
User avatar
I.D.10-t
Posts: 7657
Joined: Wed Dec 17, 2003 9:57 am
antispam: No
Location: Minneapolis, MN, USA, Earth

Re: Spam bot got into Chiff's accounts??

Post by I.D.10-t »

MTGuru wrote:I think we want to leave e-mail displayed by default. Individuals are welcome to turn it off. But we must have a valid e-mail addy in our database. We can change the default and/or tighten up bot access if scraping becomes a problem.
It would still be in the database (as mine is) but it wouldn't be automatically displayed with the little button (like mine is not to all non Admin).
"Be not deceived by the sweet words of proverbial philosophy. Sugar of lead is a poison."
User avatar
MTGuru
Posts: 18663
Joined: Sat Sep 30, 2006 12:45 pm
antispam: No
Please enter the next number in sequence: 8
Location: San Diego, CA

Re: Spam bot got into Chiff's accounts??

Post by MTGuru »

I.D.10-t wrote:It would still be in the database (as mine is) but it wouldn't be automatically displayed with the little button (like mine is not to all non Admin).
Oh, sorry ... Yes, that's right. I meant the "valid e-mail addy" comment as a separate (but related) issue.
Vivat diabolus in musica! MTGuru's (old) GG Clips / Blackbird Clips

Joel Barish: Is there any risk of brain damage?
Dr. Mierzwiak: Well, technically speaking, the procedure is brain damage.
User avatar
Denny
Posts: 24005
Joined: Mon Nov 17, 2003 11:29 am
antispam: No
Location: N of Seattle

Re: Spam bot got into Chiff's accounts??

Post by Denny »

I don't feel that many of them are tech savvy enough understand the implications of leaving it shown.
Picture a bright blue ball just spinning, spinning free
It's dizzying, the possibilities. Ashes, Ashes all fall down.
User avatar
MTGuru
Posts: 18663
Joined: Sat Sep 30, 2006 12:45 pm
antispam: No
Please enter the next number in sequence: 8
Location: San Diego, CA

Re: Spam bot got into Chiff's accounts??

Post by MTGuru »

Let's put it this way: It's been that way for 10 years. We're not inclined to change it for now. :wink:
Vivat diabolus in musica! MTGuru's (old) GG Clips / Blackbird Clips

Joel Barish: Is there any risk of brain damage?
Dr. Mierzwiak: Well, technically speaking, the procedure is brain damage.
User avatar
Azalin
Posts: 2783
Joined: Tue Jun 26, 2001 6:00 pm
antispam: No
Please enter the next number in sequence: 8
Location: Montreal, Canada
Contact:

Re: Spam bot got into Chiff's accounts??

Post by Azalin »

Well, I am shocked! I just checked the source of the HTML and yes, the email is there in plain text! The reason I am shocked is that there are many efficient ways to 'hide' or 'scramble' an email address in the source html code using javascript (those are called email obfuscators). As a web programmer, I've been doing this for years and the bots are never able to harvest displayed emails. I would have thought phpBB would be using such email scrambler, but it seems they don't!!

I just checked and it seems there's no obfuscator module available for phpBB. :-? I guess I'm going to disable the email feature then...
Post Reply