This is odd - I'm getting hundreds of spam e-mails. But the 'To' field has a few names I'm familiar with. I wont say the full e-mail addies, but stuff like sorcerer, lumpley, dindenver, moreno, greyorm, etc at the start and even my own e-mail. This looks like a forge list of e-mails? When the forge was hack crashed awhile back, could someone have simply copied all the e-mail addies as well?
I'm not tech savvy, so I don't know why if they are 'to' these other addresses, they are going to me.
Strange.
I did suddenly start getting a massive amount of spam e-mails myself just this morning, but I didn't recognize any of the addresses.
ditto
I registered here many years ago with an email address unique to this site, and am now starting to get spam to that unique email address. It looks like the forum database has been compromised. This has been happening quite a lot with various forums over the last year. I'd recommend forum admins to update the forum software to the latest version, use stronger passwords for admin access, and ideally to find out exactly how this happened.
Thanks for the heads-up. I'm on it.
-Vincent
site admin
Hi
I was receiving tons of that spam as well on my yahoo account (which is the address given with my Forge account). A recurring pattern in the email subject was "RE:" followed by a single funny character (scientific symbols for male and female, stars, smiley, etc.) Since one or two days I'm not getting these mails any more.
Could you all check something for me? Up at the top of the screen, hit "profile," then on the left hit "account related settings." There's an option called "hide email address from public?"
While you've been receiving this spam, has your email address been hidden from the public?
Thanks!
-Vincent
I have not hidden the email from public (but I have changed its redirect to head to my spam account).
What would the email accomplish if hidden? Let's the forum and admins notify us?
Yes.
As far as I can tell, the database is secure. The spam is almost certainly just bots trawling users' profile pages.
-Vincent
Could you make a warning for new members to the site?
Or why not disable the option of having public emails entirely?
Unfortunately, SMF doesn't provide the option to by-default hide users' emails. I might be able to modify the template to take it out.
A warning is a good idea.
-Vincent
Hey Vincent,
I was receiving the spam as well, and my email address is hidden.
Mine is checked to hidden as well, and as said, I got the e-mails.
Okay, thanks. I'll keep looking.
-Vincent
I should have mentioned, I stopped recieving mine around the time Christoph's stopped as well. Just in case I gave the impression that I was still getting them.
My email is public and that's fine with me (I accept the risks).
Vincent, another data point: my address is not hidden, and I was not getting Forge-related Spam (unless the filters on my account got it and I didn't know it).
--M. J. Young
Hello Vincent
I've started getting some again, starting 00:04 AM central European time (18 October). Latest mail subject is "◇RE: xchnmn2 vrmvqr172" (the funny character is still there, but now what follows is longer).
I received more today as well.
I just started another thread on this, then I noticed this one.
I have been getting them too, and they look like they are connected to forge related emails. I checked the IP of the sender, they are from China. But the names of the emails that sent them look spanish and the subjects have wierd symbols (IP 115.49.94.110, emails ana_esparrago_perez@hotmail.com (etc),
Ya, they've come back with a vengence again. They are mysterious in how they behave and look - someone make an RPG about them...heh
It is a foreign IP so this may be useless, but for anyone who wants to, here is how to report cyber crime (including stuff like this):
http://www.justice.gov/criminal/cybercrime/reporting.htm#cc
Hello
Mine have stopped again around the 21st. I'll stop reporting on this issue from now on.