Thanks to the Black Hat community not keeping a lid on their activities I’ve been made aware of a spamming system targetted at the DigitalPoint forums. It can, however, be used on any vBulletin forum – I would assume. Some have implemented different rules around when you can send a private message, and some might even have captcha – but it’s all circumventable.
Forum Admins then have some questions to ask themselves
- Do you limit the ability to send Private Messages until after a user has a certain number of posts – thus increasing the volume of spam posts in the forum, but at least it’s all out in the open.
- Do you allow anyone to send Private Messages and risk the zero post spammers having a field day.
There is an upside to all this spam. I’ve returned to long forgotten forums just to advise their admins that I’ve been spammed and to urge them to take action. There’s a chance I might have stayed, made a few posts…
vBulletin Techs have some choices too! The Control Panel could be extended to include an alarm system where the mods are alerted if:
- A user with fewer than X posts sends more than Y private messages
- A user sends seemingly identical private messages to more than X users
Or they could include a rolling display of the Private Messages being sent with the name, recipient, subject and time (not the content) so that trends can be observed manually. Not efficient but it might be easier than configuring an alarm system.