Inappropriate Spam Private Messages
 

On behalf of chiefdelphi.com, I want to apologize for the vulgar private messages that were sent out to many of you Thursday evening. The forums were attacked, and some accounts were taken advantage of, and used to send out the inappropriate spam. I was unable to get to a computer, and the moderators wouldn't have been able to handle the massive attack that was going on. (2-3 requests per second, on multiple accounts, creating literally thousands of private messages)

The attack all came from one IP address, so I have banned that IP from the whole site. This should slow things down for now. Once I get back from IRI I will go through and fix an issue that may have prevented this.

How can you prevent this from happening? Don't have your username and password set to the same value. Go change your password now. Go change it regularly. Make it secure (letters, numbers, symbols, lowercase, uppercase, etc.).

I have gone through and removed the few thousand private messages (just the text) from the system. You may still see them listed in your inbox -- the body of the message will no longer show. Unfortunately, during this process some newer (thursday evening) private messages that weren't part of this attack may have been lost. If you sent a message Thursday night via PM, you may want to re-send it, just to be sure.

Again, sorry for the inapproriate content. There are measures in place to prevent this type of thing, but some always will slip through. Unfortunately this happened at a time when it couldn't be dealt with fast enough.

Let me know if you still have any issues with private messages, and I will try to fix them asap.

Re: Inappropriate Spam Private Messages
 

Thanks Brandon for fixing as quickly as you did. Unfortunately there are as many people trying to tear things down as make them better. We will always have attacks here but your great diligence has made CD the best website on the web. Thanks again for all you do.

Re: Inappropriate Spam Private Messages
 

Yep, thanks!

On another note, I now have 1 unread mail in my box from 1969 (no, that's not a typo) which I can't read or get rid of. That permanent "1 unread mail" is going to drive me batty. :D

Re: Inappropriate Spam Private Messages
 

Click the checkbox next to the message.

Then at the bottom of the page next to 'selected message' use the dropdown box to select 'delete' and press OK.

:)

Re: Inappropriate Spam Private Messages
 

Thanks Brandon for addressing this so quickly, especially when you had so many other things going on. It is a testament to your computer prowess that the website is as secure as it is. It's just too bad that the occasional hacker makes their way in to such a great website and tries to ruin such a good thing.


Enjoy IRI!

Robyn

Re: Inappropriate Spam Private Messages
 

Impressive speed for the size of the attack. At least is all done with now.

Re: Inappropriate Spam Private Messages
 

Brandon, do you have any way to reset the passwords of users that are using their username as their password? Most of the users involved had 0 or 1 posts and aren't likely to log in any time soon to see this message.

Re: Inappropriate Spam Private Messages
 

Thanks Brandon for clearing that up quickly.

Also, always choose very secure passwords. It would be even better to use different passwords for every service you use (computer, email, IM, Facebook, etc), so that if one account is compromised they cannot use the same password to get into every account you have.

On a related note, is there anyway to reset the unread messages function back to zero if the message was deleted? Mine still shows an unread message...

Re: Inappropriate Spam Private Messages
 

May I recommend an alphanumeric randomizer program? There are plenty for free online. It might seem like a bit much to remember for all the accounts but you get used to it.

Yes, that 1 unread message is going to drive me mad.

-Vivek

Re: Inappropriate Spam Private Messages
 

A password isn't any use if other people can figure it out easily, but it also isn't any use if you can't remember it.

Re: Inappropriate Spam Private Messages
 

Mine are completely gone as of Friday morning. Thank you very much for getting rid of the spam so quickly! Just another happy CDer knowing that Chief Delphi is the best site out there...:)

Re: Inappropriate Spam Private Messages
 

When I get back from IRI, I will be notifying those users with the same username/password that their password will be reset for them. I will also be upgrading the forums to the latest version, in the off chance that this was a vulnerability being exploited in our version of the software.

I have 2 unread PMs that I can't see in my inbox somewhere .. so I will go through and repair the PM listings when I get back home from IRI. Doing the quick fix that I did last night wasn't a complete fix .. just enough to get the inappropriate material out of peoples inboxes.

Re: Inappropriate Spam Private Messages
 

all part of web development and admnistration, always protecting your site against SQL injection, XSS attacks, etc....

Re: Inappropriate Spam Private Messages
 

I thought I had the same until I looked on the last page of my inbox. It was there, without a title, with a date sent sometime in 1969 :p

I suggest people look there to see if you can delete it.

Re: Inappropriate Spam Private Messages
 

I'm so glad I just saw this thread, I was about to contact Brandon and ask why it says in BOLD that I have 1 unread private message that once I click to access the PMs there's nothing there, not even just a heading or even a hint of a PM, just the last PM I got 2 weeks ago (that I already read and responded to).

I thought I broke something! :p