Get exclusive CAP network offers from top brands

View CAP Offers

Reply To: Forum Spam

[bsa_pro_ad_space id=2]
#723435
Anonymous
Inactive

Most of the ‘holes’ in the Open Source softwares that allow auto posting and auto registering are really not ‘holes’ per se.

In this example, it appears that they are looking for a particular login file (maybe register.php) and registering via php by filling in the form and submitting.

They have then figured out how to either read the CAPTCHA or (maybe more likely) try as many times as necessary until they run through the list of images that the forum has to offer for CAPTCHA.

After this is complete, I would assume that they use POP to activate the account by using the activation link in the email.

After all that – It would be simple to fill out a post in any forum you want since most forums use indexing to point to the forums. All they would have to do is find forum with index 1 and create a post.

So – not much of an exploit in order to get the job done on this one. Just someone spending a lot of time just to spam the shit out of people. It is pretty disgusting if you ask me.

Anyway – I would have to agree with Waz and say that if you were to change the common filenames (register.php to signup.php or something like that) – it would foil this type of spammer.

However – that may be a lot harder than you think with some of the forum software.