Apologies for yesterdays Porn-Spam Incident (and Post-Mortem)


(Benjamin Kampmann) #1

Hello everyone,

yesterday evening (Central European Time) we noticed a new account had been created and posted plenty of new topics to the forum. The topics contained barely any information but a pictures of mostly naked women and linked to some spammy porn sites. As soon as we noticed the Admins took action, removed the account and its created content and blocked the email and IP from registering again. It has been quiet since.

Although this took place within just a few hours and everything is cleaned up now, it appears the forum software has send some of that content in previously scheduled digest emails and – if you’ve set up your account that way – topic-tracking-emails. Causing a disturbance on the receiving end. I want to apologize for that.

In order for this to not happen again, I changed the settings and things newly created users can do on the system. We initially had move away from the defaults because it was an annoyance that people couldn’t engage in the system properly but it appears we have to bump those even further now that the vulnerability has been found and exploited by at least one attacker.

So as of now newly created accounts are back on Trust Level 0 (and Trust Level 1 if they replied to an invite – use invites people!), who can not post any pictures and only one link maximum. Our previous rule of bumping the Trust Level of everyone, who asks for it, still stays in tact of course. I am sorry we had to do this but we clearly don’t want to have these kinds of emails in our inbox.

Apologies again for the disruption. I hope it didn’t cause to much disturbance.

Have a lovely day
Ben


(Benjamin Kampmann) #3