Spam Email Sent From Spoofee

Spoofee

Spoofee

Spoofee.com!
Staff member
Joined
Dec 21, 2001
Messages
106,617
Reaction score
1,966
Points
113
Around 05/29/11 4:00pm, an user called Kevin1/Kevin2 has used our admin email feature to email all our users spam email(s)

Please visit our partners website to keep this forum running, we are in danger of shuting down so please visit this website now...
Click to expand...

We immediately banned the user and changed our administrator password.

This was an exploit with vBulletin 4.1.2 and the vBulletin software was patched to the latest 4.1.4 beta. We've also contacted the vBulletin team about anymore insight.
Here is a site where a hacker is selling how to hack 4.1.2.

Going forward, we will take extra security measures to make sure every patch is installed asap.

Thank you everyone for the notice and thanks to spazntwitch for the call and research.

- This post will be updated as new information comes in.
 
Last edited:
Thanks spaz. I banned him and disabled new user registration

Spammer was clever to wait until memorial day weekend to take advantage of the vulnerability
 
I don't think s/he is using new user registration. I'll send you a PM explaining why.
 
I just hope this isn't going to be a drawn-out affair where the original "hacker" doesn't keep creating new accounts after old ones are removed. I hope you can get it sorted quickly!
 
Thanks spaz for the heads up. Word spread pretty fast on this issue, so I came on over to see what was going on. Any idears on how this happened?
 
Glad I can stop posting threads now. I posted three that were all deleted. Had to resort to trying to contact you outside of the forums, since it had been compromised. :P

It sounds like you guys have this under control now, but if you need a hand tracking this down, I'm a developer and would be willing to help.
 
Thanks for the help Ordanos. There was certainly help from other individuals too including monkfish and Birdhunter_007 that tipped me to the issue.

This was certainly a group effort and very, very much appreciated. :clap:
 
The moment we stop caring about things like this is the moment everything goes downhill. I was wondering whether Spoofee's account was compromised. Looking at his page, it would give his last activity as viewing the thread that someone had just posted a warning about the spam. Then, suddenly the thread would be gone. I'm glad spazntwitch noticed at least my post (not sure if others' were noticed).
 
Okay, just checking in b/c I also got one of those emails from webmaster@spoofee saying the site was going to be shut down and to go to some gamekiller.com site - which I thought was just too odd to make any sense. Glad it has been cleared up.
 
Sorry for the bandwidth guys, I sent a followup email stating what happened.

We updated the vBulletin software, changed passwords and reached out to the vBulletin team.
 
Is there any possibility of our user passwords or email being compromised?
 
Most likely they didn't get the password's, but its prop a good idea to change it anyway.

Kage_
 
Hackers suck. Im an IT major and this is actually my topic for my final paper! I got the email message last night and logged in to see whats going on. Do people really have nothing else better to do?
 
@TheRingWraithe : Most likely, "Kevin" used the exploit to get the admin password and created him/herself an admin account to spam.

The user had access to all the email addresses but unlikely he/she collected them.

@animesector : Totally agreed. There is a law against it.
§ 1030 : AS AMENDED OCT. 11, 1996
 
Spoofee said:
@TheRingWraithe : Most likely, "Kevin" used the exploit to get the admin password and created him/herself an admin account to spam.

The user had access to all the email addresses but unlikely he/she collected them.
Click to expand...
It sounds like you guys aren't dealing in very many absolutes here. Are you checking the various log files and seeing exactly what this user did rather than just making assumptions? First thing I'd be checking is the Apache log files and looking at all the requests from the user and being absolutely sure there are no other accounts. I hope you're doing more than just looking at the web interface and making assumptions.

Also, since users were directed to another (possibly malicious) website in the fake email, it might be prudent to let them know that their systems could be compromised. I didn't go to that site, but it's a possibility that an unpatched (browser,flash,adobe reader,etc) user that went there could've received malware.
 
Sheesh! I thought Spoofee must have deleted my post when I put the email on last night. (To protect people from clicking the link-even though I tried to disable it) Now ya'll are saying it was the yayhoo? Creepy.
 
Just another reason that all cats should be banned from this web site.
 
If any of you are concerned about your password being compromised, you can always change it here.

Spoofee's forum allows for very complex passwords, up to 50 characters long, and you can use any of the following:
  • Numbers
  • Uppercase letters
  • Lowercase letters
  • Special characters (!, $, %, &, ...)
  • Brackets ([, ], {, }, (, ), <, >)

To give you an idea of how complex you can get, this was partially my former password. I'm not ashamed to post it here because this is the only location where I used it.

d+v"{o,r[#n^$-;`g/}>m9=s2ej4]<5uc38*'\.7ip_k6

And if you are wondering where the password came from, look no further than here. I use the KeePass password manager for all of my passwords.
 
spazntwitch said:
If any of you are concerned about your password being compromised, you can always change it here.

And if you are wondering where the password came from, look no further than here. I use the KeePass password manager for all of my passwords.
Click to expand...
KeePass has a password generator built right into it. When you create a new entry just click the button next to the repeat password box. No need to use a separate site when you have that.
 
You must log in or register to reply here.
Back
Top