vicidial.org

I just noticed when looked on a spammers post that an ad flashed and disappeared where the normal ads are.
Looked into it some more with a DOM-inspector and found that the spammer in some way inject an iframe and getting visits to his ads for everyone reading that forum-post.

here's some of the iframe on a spammers post:

Code: Select all

<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" style="background:transparent">
<div id="google_image_div" style="overflow:hidden; position:absolute">
<a id="aw0" target="_top" href="/aclk?sa=l&amp;ai=BpFjhOICFT8PgLaey4QT8kfjuApLN5ZsD8uOqskfAjbcBsJ8aEAEYASCUobMFOABQ14qs5vr_____AWDxpfyFpB-gAb7-zOgDsgEQd3d3LnZpY2lkaWFsLm9yZ7oBCTQ2OHg2MF9hc8gBAtoBO2h0dHA6Ly93d3cudmljaWRpYWwub3JnL1ZJQ0lESUFMZm9ydW0vdmlld3RvcGljLnBocD90PTI0NzYzgAIByAKisfkZqAMByAMd6AM_6AOuAfUDAAEAwPUDAAAAEKAGAg&amp;num=1&amp;sig=AOD64_1Rsu5nFbByfEUGwth1vaSQC4gIWw&amp;client=ca-pub-3789783582307001&amp;adurl=http://www.ThaiLoveLinks.com/%3Fovchn%3DGGL%26ovcpn%3DEnglish%2BSweden%2BContent%2BImage%2BAds%2BThai%2BTravel%26ovcrn%3Dimage%2Bads%26ovtac%3DPPC%26V3" onfocus="ss('go to www.ThaiLoveLinks.com','aw0')" onmousedown="st('aw0')" onmouseover="return ss('go to www.ThaiLoveLinks.com','aw0')" onmouseout="cs()" onclick="ha('aw0')">
<img style="display: none !important; visibility: hidden !important; opacity: 0 !important">
</a>
<style>div,ul,li{margin:0px;padding:0px}#abgc{height:15px;left:449px;overflow:hidden;position:absolute;top:0;width:77px;z-index:9010}#abgb{position:absolute;left:0;margin:0}#abgs{margin:0;position:absolute;left:0px;overflow:hidden;display:none}
</style>
<div id="abgc" style="top: 0px; visibility: visible; ">
<div id="abgb">
<img style="display: none !important; visibility: hidden !important; opacity: 0 !important">
</div>
<div id="abgs">
<a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.vicidial.org/VICIDIALforum/viewtopic.php%253Ft%253D24763%26hl%3Den%26client%3Dca-pub-3789783582307001%26adU%3Dwww.ThaiLoveLinks.com%26adT%3DImageAd%26gl%3DSE&amp;usg=AFQjCNE117QmYvCVdymPummIYB4uCTh7eA" target="_blank">
<img style="display: none !important; visibility: hidden !important; opacity: 0 !important">
</a>
</div>
</div>
<script>var abgp={el:document.getElementById('abgc'),ael:document.getElementById('abgs'),iel:document.getElementById('abgb'),h:'449',s:'391'};
</script>
<script src="http://pagead2.googlesyndication.com/pagead/js/r20120405/r20110914/abg.js">
</script>
</div>
</body>


This isnt just a issue where they make money, they can probably get cookies from the user to
So this need to be fixed!

as Op3r wrote in this post http://www.vicidial.org/VICIDIALforum/v ... hp?t=24647

Ill volunteer to upgrade it + make it mobile device friendly.

I to volunteer

Thanks for the post, we will look into this.

Hoping this will be resolve soon to enable private messaging on the board again.

try upgrading to the latest phpbb or convert the data into simplemachines

We are testing upgrading, but it takes a long time, we might end up having to purge the private messages storage(which is 99% spam) in order to not have the forums down for an entire day.

I think I haven't received any spam in a PM so I don't know how it looks but wouldn't it be possible to do something like:

SELECT privmsgs_id FROM phpbb_privmsgs
WHERE privmsgs_subject IN ('regular spam subject','some other subject used by spammers')

or maybe this:

SELECT privmsgs_id FROM phpbb_privmsgs p
INNER JOIN phpbb_banlist b ON b.ban_userid=p.privmsgs_from_userid

to get the id's of the messages to remove.
(have not tested it, just googled on the table structure for phpbb)

Anything I can do to help just tell me.

We did a lot of testing yesterday and we have it down to a 2-hour process for upgrading to phpbb3, which we will probably do this weekend.

using captcha can help eliminate spammers

The forums have been updated.

Great! though there are a lot more spam now then I'm used to see but some of them registered more then a month ago,
I guess thats how it is in the beginning. hopefully they wont be able to use any security holes... yet...
one spammer apparently joined a few hours ago, are you planning on adding a captcha or similar to register?

There is already a form of captcha on the registration. The problem is captcha only stops bots. Live people can still register and post. The old forums had a patch which we are working on applying to the new ones that made is so you could not post links for 5 days. This meant spammers had to wait five days from registration before putting their stuff up. I have to reapply the patch to the new forums.

That patch is applied. There are a few others we are thinking about.

Yeah that made a huge different I can see now!
I'm amazed that its probably real people thats posting all spam, damn.

Yep, and they are probably being paid 10 cents an hour to do it

Forum looks nice , great job guys

mcargile wrote:Yep, and they are probably being paid 10 cents an hour to do it

That's too high! I offer you 8 cents an hour!

Kidding aside, the forum looks fine.

Can we add tapatalk support or make it more iphone friendly? See pinching in and out is quite dangerous when browsing the forum in a secluded place. I'd rather hang out here than reddit or slashdot during me time.