Jump to content
We promise no intrusive ads, Please help keep the community alive
Consider supporting us by disabling your ad blocker / add to whitelist / purchasing VIP.

Spam bot attack


Eudemon
 Share

Recommended Posts

Today middle of the night I received domain email.turboduck.net disabled notification from our SMTP (email) provider

After brief investigation I found out "share via email" feature was abused by sharing then editing subject and content, essentially bots using the system to send spams

(why wasn't this discovered sooner? I am one man okay, don't have time to read system logs all day, and the system is complex I can't possible identify all the loopholes. The underlying issue was fixed within 5 mins of me receiving notification)

below is server access log

20200310231503.png

I have disabled the feature and communicated back with the provider for ban lift

looking at the email log, about one million emails was sent out in the past five days, looks like I will be getting hit with big bill

in the meantime I have switched email system to be server generated (this method however, is generally not trusted by email clients, therefore likely land in junk box)

I expect temporary disturb on new registration as well as site email notifications but I am working to bring it back to normal ASAP

This incident also likely give domain a reputation hit

 

---

not directly related but I also want to take this chance to express following:

Use common sense to avoid scam

It has come to my attention that some scammers were using our personal messaging system to ask for private contact, please use your best judgement to avoid further contact and report such activities 

I want to take this chance to ensure you that we respect your privacy, we do not disclose any of your sensitive profile information, including email. We also employ industry best practices for example, reCaptcha, check against known spam database, encryption, monitor reports and actively remove spammer accounts who occasionally went through

I advise you to use report button on every content to help us clean up spams

 

Regards,

Diablo (Eudemon)

Link to comment
Share on other sites

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share



×
×
  • Create New...