The NEW Build Your Own Arcade Controls
Main => Forum/Website Discussion => Topic started by: Rockstead on April 23, 2021, 09:45:14 pm
-
I recently posted on the buy and sell sub and I just had a pretty good phishing attempt on my personal email.
The send email was from saint@arcadecontrols.com and what made me realize that it was a phishing attempt was that 1. The reply to address was different, it was bally00life@gmail.com 2. It was weird that Saint wouldn’t have message me through a pm on the board.
The fake saint wanted me to email Regis at freedomwayxx@outlook.com for the Time Crisis Red Pedal I was looking for.
I have to think that it’s very likely the user database on arcadecontrols is compromised as the phisher was able to retrieve the email account that I have on my profile here.
I have already reached out to Saint to let him know, and he did confirm it wasn’t him.
-
I'll certainly take a look but it'd be a fairly odd way of going about things. I've asked for the message header from the email he received so I can look at the sending server's info.
-
Thanks for taking it seriously and looking at it so promptly, I sent you the info.
I posted this in case someone else had something similar happen, it wasn’t like those normal phishing attempts people get on a daily basis, it was very targeted using credible information and someone that took their time to personally target my ad along with having my personal email.
-
OK I'm leaving this up because it was a clever but annoying non-hack by a new and now banned forum member and people will want to know what he did and how.
When someone sends you a PM here on the forum, the forum will send you an email with the contents of the PM. It comes from the arcadecontrols.com server, sent to the email you have on file here on the server. The person who sent you the PM doesn't have your email info.
What this guy did was immediately after sending the PM, and then waiting for a moment, he deletes the PM. You log on to the forum, no PM. However, you did get an email to your private email address with the contents of the message he sent you.
He sent the same PM to 6 additional people, all telling them to email a specific email address to get an arcade part they mentioned they were looking for here on the forum.
Clever and annoying bit of marketing spam.
If you got a PM or an email from the forum with the contents of a PM telling you to email "Regis" at "fredomwayxx@outlook...." it's SPAM from user bally00life, who is now banned.
A snippet of the raw database showing what he's done is attached:
Note, the forum database was not compromised. He's abusing the functionality of the forum software that sends email notifications.
-
. . . and the one post for that account is now in Post Hell. :police:
Scott
-
Thanks :)
-
I’m sure we’re going to see a lot of “totally coincidental” nuttery around here for a few days....
-
He sent me a private message. Very directed. Obviously it's a phishing email. I didn't click it and deleted the message.
-
I'd take this up with SMF. That's some sloppy code if an exploit like that can be used. I haven't used SMF in about 5 or 6 years, but I'll bet you anything there is a MOD you could install in the admin panel that could prevent new users from being able to send private messages (with E-mail notification) until "x" number of posts. Otherwise, I can probably make you one. Most of the MODS I have done are found in the PhPBB forum database, but SMF ain't much different. That's some pretty simple PhP code to write up and make happen. Perhaps it's in there already and you just need to change a setting.
EDIT: Another thing you can do is just put a disclaimer on the E-mail notifications that get sent out that simply say something like "ARCADE CONTROL WILL NEVER ASK YOU FOR YOUR PASSWORD AND YADDA YADDA AND SUCH AND SUCH". Pretty sure you get what I'm saying. That option should already be there I believe.
-
Good job Saint, Burn all scammers at the steak!
Low life mutha ---smurfs---!
-
Simple but obvious abuse of the system. Sometimes scammers can be more direct, simply creating an account then spamming everyone via PM. This guy just took it one step further.
Many forums have already woken up to this and prevent users from sending PMs until they've made 10 posts or whatever.
I'd strongly suggest that this option be enabled.
I don't know if the forum has the ability to moderate the first x posts as well, but I'd suggest doing that too. If anything, it will keep the moderators on their toes. :P
-
OK I'm leaving this up because it was a clever but annoying non-hack by a new and now banned forum member and people will want to know what he did and how.
When someone sends you a PM here on the forum, the forum will send you an email with the contents of the PM. It comes from the arcadecontrols.com server, sent to the email you have on file here on the server. The person who sent you the PM doesn't have your email info.
What this guy did was immediately after sending the PM, and then waiting for a moment, he deletes the PM. You log on to the forum, no PM. However, you did get an email to your private email address with the contents of the message he sent you.
He sent the same PM to 6 additional people, all telling them to email a specific email address to get an arcade part they mentioned they were looking for here on the forum.
Clever and annoying bit of marketing spam.
If you got a PM or an email from the forum with the contents of a PM telling you to email "Regis" at "fredomwayxx@outlook...." it's SPAM from user bally00life, who is now banned.
A snippet of the raw database showing what he's done is attached:
Note, the forum database was not compromised. He's abusing the functionality of the forum software that sends email notifications.
One thing that was different from a normal PM notification, the email I received was from email “saint@arcadecontrols.com”, where as a PM notification has the sender name “ The NEW Build Your Own Arcade Controls”
How was he able to change that?
-
I don't know if the forum has the ability to moderate the first x posts as well, but I'd suggest doing that too. If anything, it will keep the moderators on their toes. :P
We've been doing that for over 6 1/2 years. ;)
Before that, spam was a common sight around here.
Now, almost all spam accounts (~99.9%) are identified and eliminated before forum members see anything from them.
Without going into the methods and procedures that we mods use to do that, I think we've found a good balance between minimizing friction for legitimate new forum members and eliminating spammers. :cheers:
Scott
-
@PL1: no need to reveal your methods, the processes involved are most likely just an elementary application of logic. I thought you must have had some kind of control given the lack of spam, but because I joined a long time ago I never saw moderation.
@Rockstead: a real email has to come from a designated real email address. For some reason Saint nominated himself instead of having a dedicated account just for the forum. It's nothing unusual.
-
Yeah that’s why I want to see a copy of the email in addition to the header you sent me - I’d like to track that down. Will dig through server outgoing email logs as well.
OK I'm leaving this up because it was a clever but annoying non-hack by a new and now banned forum member and people will want to know what he did and how.
When someone sends you a PM here on the forum, the forum will send you an email with the contents of the PM. It comes from the arcadecontrols.com server, sent to the email you have on file here on the server. The person who sent you the PM doesn't have your email info.
What this guy did was immediately after sending the PM, and then waiting for a moment, he deletes the PM. You log on to the forum, no PM. However, you did get an email to your private email address with the contents of the message he sent you.
He sent the same PM to 6 additional people, all telling them to email a specific email address to get an arcade part they mentioned they were looking for here on the forum.
Clever and annoying bit of marketing spam.
If you got a PM or an email from the forum with the contents of a PM telling you to email "Regis" at "fredomwayxx@outlook...." it's SPAM from user bally00life, who is now banned.
A snippet of the raw database showing what he's done is attached:
Note, the forum database was not compromised. He's abusing the functionality of the forum software that sends email notifications.
One thing that was different from a normal PM notification, the email I received was from email “saint@arcadecontrols.com”, where as a PM notification has the sender name “ The NEW Build Your Own Arcade Controls”
How was he able to change that?
-
@saint
Funny enough I just just found the email you sent me requesting that, but for some reason your real email send got captured as spam and gmail automatically put it in my spam folder, go figure :)
Forward sent
Thanks again for looking in to it.
-
Is this why I can't seem to use any features of the forums yet? Am i in limbo?
-
Is this why I can't seem to use any features of the forums yet? Am i in limbo?
Sorry about the slow response. :embarassed:
PM sent.
Scott