Scam Warning!

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Suggested Hosts
shotgun000
Registered User
Posts: 116
Joined: Sun Feb 05, 2006 1:57 am

Re: Scam Warning!

Post by shotgun000 »

Brf wrote:I don't know what you mean by "directly from the software".
If you board is sending any type of Email, your board's address would be in the Reply-to.
I'm not sure what my forum emails have to do with anything. The spam email message I received did not come from my forum. It came directly from phpbbspprt840@gmail.com to my outlook email.

The board I have set up is just an experimental board. A total of 3 people are registered and I have everything closed to the public, including registrations. Even bots are blocked. My board only sends emails if someone registers, or subscribes to a topic. So there is very little activity and no chance someone outside of those 3 people would have my email address.

So my question is, how did this spammer get my email address? He couldn't have signed up, nor could he have viewed any information as a guest. My email address in question is not registered on any other forum, including here.

Is it just a coincidence? Maybe, but it seems strange that I get this email only a couple of weeks after installing the forum.

Could my address have been harvested from whois information? No, because I use a different email address for my domain and VPN provider.

My conclusion is that there is some sort of exploit in the software that allowed this scammer to pull my email address from either some sort of phpbb config file or from the SQL database itself. There is just no other explanation I can come up with.

I hope that someone can come up with an explanation, other than my conclusion.

User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 17139
Joined: Thu Jan 06, 2005 1:30 pm
Location: Fishkill, NY
Name: David Colón
Contact:

Re: Scam Warning!

Post by DavidIQ »

I have received the same email at both my personal and work email, which is rather odd since I don't use my work email for much of anything...except I used it once here for a test account some time ago. With that information in mind I can assume that my email was obtained from here and not some non-existent exploit in phpBB, which today remains un-exploited in its 3.0 code line. Remembering that there was a server hack we suffered from a few years ago and that our user data was compromised and distributed, I then can come to the conclusion of where this scammer got my email addresses from.

And no phpBB is not the means by which the hacker gained access to our servers. This was accomplished through some other software and you can read all about it here and follow the discussion link for further information.
Apply to become a Jr. Extension Validator
My extensions | In need of phpBB services? | Was I helpful today?
No unsolicited PMs unless you're planning on asking for paid help.

User avatar
Phil
Former Team Member
Posts: 10403
Joined: Sat Nov 25, 2006 4:11 am
Name: Phil Crumm
Contact:

Re: Scam Warning!

Post by Phil »

I have been contacted by this scammer several times--and only on email addresses that are not associated with any forums or other websites. That being said, I really have no idea where he got the address from.
Moving on, with the wind. | My Corner of the Web

User avatar
/a3
Registered User
Posts: 411
Joined: Sun Sep 19, 2010 9:08 am
Location: /dev/random

Re: Scam Warning!

Post by /a3 »

DavidIQ wrote:I have received the same email at both my personal and work email, which is rather odd since I don't use my work email for much of anything...except I used it once here for a test account some time ago. With that information in mind I can assume that my email was obtained from here and not some non-existent exploit in phpBB, which today remains un-exploited in its 3.0 code line. Remembering that there was a server hack we suffered from a few years ago and that our user data was compromised and distributed, I then can come to the conclusion of where this scammer got my email addresses from.

And no phpBB is not the means by which the hacker gained access to our servers. This was accomplished through some other software and you can read all about it here and follow the discussion link for further information.
Well I registered here after the PHPList hack and I haven't got any emails, so it seems like it could be related.
$ git commit -m "YOLO"

User avatar
Ag2000CO
Registered User
Posts: 261
Joined: Thu Oct 14, 2010 5:19 pm
Location: CO, US
Name: Lou
Contact:

Re: Scam Warning!

Post by Ag2000CO »

/a3 wrote:Well I registered here after the PHPList hack and I haven't got any emails, so it seems like it could be related.
Its all anecdotal. I installed 3.0.7 and registered here just before (~2 weeks) the release of 3.0.8 and received the spam as soon as the new version was released. The spam came to the address used by my (test) board and a newsletter not the one I used to register here.

The spam "looks" highly targeted, however, everyone here has a phpBB forum and are registered here. We do not have access to an equal number of non-phpBB related people to know how many of them received spam about phpBB. I'm sure other male members of this forum have received "breast enlargement" spam just as women I know have received "member enlargement" spam. We all have received spam "from" anyone of a dozen banks about "our account." It only seems targeted if you happen to have an account at Wazoo State Bank. Similarly we all just happen to have phpBB forums installed.

If they hacked this forum, Why hasn't everyone received the spam (at the email used to register)? If they hacked installed forums, why haven't all the oldest and largest forums (more visible, longer exposure) receiving the spam vs in my case brand new installs? Do we know that only people related to phpBB forums has received the spam? Admittedly my view of spam is myopic, but my domain name must be known by every Russian with a computer; I don't speak Russian, I surely don't read Russian. This phpBB spam takes about 1 second more of my time than others before I report it like the rest.

Don't forget Spammer's Rule #3: Spammers are stupid.
and
Spinosa's Corollary: Spammers assume everybody is more stupid than themselves.

On the other hand, to a statistician 2 anecdotes are datum.
Last edited by Ag2000CO on Wed Aug 17, 2011 3:00 pm, edited 1 time in total.
Say what you will about Sisyphus. He always has work.

Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 25939
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Scam Warning!

Post by Paul »

Is your board online visible? And is the registration page online visible by users/bots? If so, there is you email address listed to contact you in case there are issues with registration :).
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

shotgun000
Registered User
Posts: 116
Joined: Sun Feb 05, 2006 1:57 am

Re: Scam Warning!

Post by shotgun000 »

Paul wrote:Is your board online visible? And is the registration page online visible by users/bots? If so, there is you email address listed to contact you in case there are issues with registration :).
The board is not visible to anyone except registered members.

However, I do have the registration page available. I did not see my address listed on the terms of service page or the actual registration page. I have the anti-bot question mod, so that a bot or person cannot register unless they answer the question correctly. I also looked over the FAQ and didn't see my email address there either. Did I over look where my email address would be listed?

I did a web search on my email address on both yahoo and google and found nothing. My thinking is that if my email address was visible on the forum, the bots would have picked up on it.

Again, maybe it's just a random coincidence that I have a forum, and received a phpbb scam email. However, I don't receive any other spam. It's just weird.
Last edited by shotgun000 on Wed Aug 17, 2011 3:03 pm, edited 1 time in total.

Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 25939
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Scam Warning!

Post by Paul »

What is your board address (You can send it by PM if you dont want to publish it here :))?
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

User avatar
Lumpy Burgertushie
Registered User
Posts: 67236
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Scam Warning!

Post by Lumpy Burgertushie »

I setup test boards all the time. I crete a new admin email address for each one. I get that spam at that email address sometimes. not everytime.

however, that email address is not used anywhere else, it is brand new , only created for that board.

now, I make no attempt to hide it but it is only related to that board so however they are doing it, they are getting the email address from the board, not from here and not from whois,etc.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?

User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Re: Scam Warning!

Post by drathbun »

On the registration page there is a note that says something like, "If you encounter issues with the registration process please contact the board administrator" and the board admin text is a "mailto" link. Spammers can see that link and harvest the address from there, even if you've never used it anywhere else.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image

User avatar
Lumpy Burgertushie
Registered User
Posts: 67236
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Scam Warning!

Post by Lumpy Burgertushie »

drathbun wrote:On the registration page there is a note that says something like, "If you encounter issues with the registration process please contact the board administrator" and the board admin text is a "mailto" link. Spammers can see that link and harvest the address from there, even if you've never used it anywhere else.
well, it took me a while to find it. it is only on the page if you do not have the Q&A captcha setup.

I always use that captcha so I never saw it before.

I had to go find one of my boards that is still the basic install with the basic captcha.

maybe that is why I rarely get that spam.

that must be where they are getting the email addresses. I guess they just run their bot every once in a while to find any new phpbb installs and grab that email address from that page.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?

User avatar
Ishimaru Chiaki
Registered User
Posts: 179
Joined: Thu Nov 15, 2007 4:39 am
Location: Baie-Comeau, Québec, Canada
Name: Caroline
Contact:

Re: Scam Warning!

Post by Ishimaru Chiaki »

Hello,

I just come to inform users that the scammer's address has changed. Here's the e-mail I received today :

Code: Select all

	de	phpbb support phpbbaid@gmail.com
à	******************@gmail.com
date	8 novembre 2011 11:28
objet	phpBB new version " Bertie's off to the beach"
-----------------------------------
The new version of phpBB forums is now available. We recommend that you
update your forum to this new secure version for more stablity and minor
features.

We provide paid services, so we can update the forum for you  . Also we
provide many services like : new unique style for your forum, installing
MODs or fixing any problem that affect your forum and annoy users.

IF you are interested in our services please reply to this email and we will
be happy to help you ...

Thank you
And contrary to the other address, it's already labelel as "probable phishing" with the red warning block GMail displays for suspicious e-mails.
Find my phpBB3 and GIMP tutorials on http://ishimaru.pingveno.net (New address)
My DeviantArt gallery

colorwarphotos
Registered User
Posts: 78
Joined: Tue Oct 05, 2010 11:41 am

Re: Scam Warning!

Post by colorwarphotos »

i just got this same email in my inbox about 2 days ago.
where do they find the phpbb3 user email accounts ?

Ian :D

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: Scam Warning!

Post by Pony99CA »

colorwarphotos wrote:i just got this same email in my inbox about 2 days ago.
where do they find the phpbb3 user email accounts ?
Did you read the previous posts where that exact question was discussed?

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
d.chung
Registered User
Posts: 1
Joined: Fri Dec 23, 2011 3:13 am
Location: Honolulu, HI, USA
Name: David Chung
Contact:

Re: Scam Warning!

Post by d.chung »

Ishimaru Chiaki wrote:I just come to inform users that the scammer's address has changed. Here's the e-mail I received today :

Code: Select all

	de	phpbb support phpbbaid@gmail.com
à	******************@gmail.com
date	8 novembre 2011 11:28
objet	phpBB new version " Bertie's off to the beach"
-----------------------------------
The new version of phpBB forums is now available. We recommend that you
update your forum to this new secure version for more stablity and minor
features.

We provide paid services, so we can update the forum for you  . Also we
provide many services like : new unique style for your forum, installing
MODs or fixing any problem that affect your forum and annoy users.

IF you are interested in our services please reply to this email and we will
be happy to help you ...

Thank you
+1 for the very same message, sender, and subject! However, it did prompt me to come to the phpbb site to check if there *really* was a new release.

Post Reply

Return to “phpBB Discussion”