Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted August 20, 20195 yr 1. We setup word filter to prevent Members advertising spam on our forum. Sensitive words (eg xxx club ) are word-filter for moderator's approval. 2. Recently a wave of new Members managed to bypass the "word-filter" using in-place Title Edit Title. 3. How they did it: i. Post a NEW topic Titled: "Hello World". Successfully posted ! ii. Click to view topic, then Inplace-Edit the Topic Title to "xxx club" which is supposed to be word-filter. (Left hold mouse button on Title) iii. It seems the Inplace-Edit of Topic Title did NOT invoke word-filter check. Note that bypass will NOT work if they click edit and change topic title via the edit box. 4. Appreciate someone advise a fix as spammers are now having a field day. Thanks
August 20, 20195 yr I hope you submitted this as a ticket too, otherwise it may take some time for the developers to be aware of this issue.
August 20, 20195 yr As an immediate fix, make sure to review and / or escalate your registration security including: 1. Changing your Q&A security questions 2. Ensuring your IPS Spam Defense service is active with your license. 3. Remove the edit functions from the membergroup permissions as a temporary stopgap.
August 21, 20195 yr Author 17 hours ago, Joel R said: 3. Remove the edit functions from the membergroup permissions as a temporary stopgap. Can advise how to do (3) above. I cannot find in Admin Group Member permission to DISABLE Edit Topic Title. Thanks in advance.
August 30, 20195 yr Author On 8/21/2019 at 11:34 PM, Daniel F said: We have fixed this for an upcoming release:) 1. Glad to hear that. I just created a support ticket to get the fix. 2. The spammers took a "holiday" and are back nightly :-( Thanks.
September 1, 20195 yr Author On 8/21/2019 at 11:34 PM, Daniel F said: We have fixed this for an upcoming release:) @Daniel F 1. I just UPGRADED to 4.4.6 hoping it will stop the spammers. I noticed the spammers try / error. They managed to bypass the "Word Filter" in Topic Title again 😞 2. I believed they used the In-Place Edit of Title in "Topic Listing". ie In Topic Listing of the forum, they left click on a "HelloWorld" Topic created by themselves earlier. Left click on a Topic Title and changed to "XXX Club". "XXX" in my word filter is bypassed. This also does NOT call "Word Filter".
September 1, 20195 yr 3 hours ago, BlowingWind said: @Daniel F 1. I just UPGRADED to 4.4.6 hoping it will stop the spammers. I noticed the spammers try / error. They managed to bypass the "Word Filter" in Topic Title again 😞 2. I believed they used the In-Place Edit of Title in "Topic Listing". ie In Topic Listing of the forum, they left click on a "HelloWorld" Topic created by themselves earlier. Left click on a Topic Title and changed to "XXX Club". "XXX" in my word filter is bypassed. This also does NOT call "Word Filter". Daniel's reply came two days after the release of 4.4.6. This will most likely have to wait till 4.4.7.
September 1, 20195 yr Author 1. I digged inside my web logs and found perhaps other ways they were bypass the word filter. I am on IPB 4.4.6 (latest as at now). There are many of the lines as the spammers posted multiple spams, but I just extract one line for illustration: Notice the escape % in the URL. <IP redacted> - [01/Sep/2019:02:34:03 +0800] "POST /forum/topic/104288-s%D0%B5x-%D1%81lub/?do=edit HTTP/2.0" 301 0 "https://<URL-redacted>/forum/topic/104288-s%D0%B5x-%D1%81lub/?do=edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" 2. I noticed they seem to be using URL "special escape characters" to "bypass" the Topic edit. The post is a spam with title "Sex Club", all "English" ASCII, so there was no need to use escape / special characters.
September 1, 20195 yr Yea, the fix wasn’t included in the recent release! I’ll see if we can provide a patch for this, if not, it will be included in the next official release.
September 4, 20195 yr Author I found another way to bypass Word Filter. At least work on 4.4.6 on my forum. a. In an existing topic, post a reply with just a dot ie "." Save. b. Then Edit the post and paste in a message including the "filtered word" eg Please come to XXX Club. (where XXX is banned filter word). For some reason, word filter is NOT invoked.
Archived
This topic is now archived and is closed to further replies.