Jump to content

Member using bug to bypass word-filter

Featured Replies

Posted

1. We setup word filter to prevent Members advertising spam on our forum.
Sensitive words (eg xxx club ) are word-filter for moderator's approval.

2. Recently a wave of new Members managed to bypass the "word-filter" using in-place Title Edit Title.

3. How they did it:

i. Post a NEW topic Titled: "Hello World". Successfully posted !
ii. Click to view topic, then Inplace-Edit the Topic Title to "xxx club" which is supposed to be word-filter.
(Left hold mouse button on Title)
iii. It seems the Inplace-Edit of Topic Title did NOT invoke word-filter check.
Note that bypass will NOT work if they click edit and change topic title via the edit box.

4. Appreciate someone advise a fix as spammers are now having a field day.

Thanks

 

 

I hope you submitted this as a ticket too, otherwise it may take some time for the developers to be aware of this issue.

I have reported this to our internal bug tracker

As an immediate fix, make sure to review and / or escalate your registration security including: 

1. Changing your Q&A security questions

2. Ensuring your IPS Spam Defense service is active with your license.  

3. Remove the edit functions from the membergroup permissions as a temporary stopgap.  

  • Author
17 hours ago, Joel R said:

3. Remove the edit functions from the membergroup permissions as a temporary stopgap.  

 

Can advise how to do (3) above. I cannot find in Admin Group Member permission to DISABLE Edit Topic  Title.

Thanks in advance.

 

We have fixed this for an upcoming release:)

  • 2 weeks later...
  • Author
On 8/21/2019 at 11:34 PM, Daniel F said:

We have fixed this for an upcoming release:)

1. Glad to hear that. I just created a support ticket to get the fix.

2. The spammers took a "holiday" and are back nightly :-(


Thanks.

  • Author
On 8/21/2019 at 11:34 PM, Daniel F said:

We have fixed this for an upcoming release:)

@Daniel F

1. I just UPGRADED to 4.4.6 hoping it will stop the spammers.
I noticed the spammers try / error. They managed to bypass the "Word Filter" in Topic Title again 😞

2. I believed they used the In-Place Edit of Title in "Topic Listing".
ie In Topic Listing of the forum, they left click on a "HelloWorld" Topic created by themselves earlier.
Left click on a Topic Title and changed to "XXX Club".  "XXX" in my word filter is bypassed.
This also does NOT call "Word Filter".

 

3 hours ago, BlowingWind said:

@Daniel F

1. I just UPGRADED to 4.4.6 hoping it will stop the spammers.
I noticed the spammers try / error. They managed to bypass the "Word Filter" in Topic Title again 😞

2. I believed they used the In-Place Edit of Title in "Topic Listing".
ie In Topic Listing of the forum, they left click on a "HelloWorld" Topic created by themselves earlier.
Left click on a Topic Title and changed to "XXX Club".  "XXX" in my word filter is bypassed.
This also does NOT call "Word Filter".

 

Daniel's reply came two days after the release of 4.4.6. This will most likely have to wait till 4.4.7.

  • Author

1. I digged inside my web logs and found perhaps other ways they were bypass the word filter.  I am on IPB 4.4.6 (latest as at now).

There are many of the lines as the spammers posted multiple spams,
but I just extract one line for illustration: Notice the escape % in the URL.

<IP redacted> - [01/Sep/2019:02:34:03 +0800] "POST /forum/topic/104288-s%D0%B5x-%D1%81lub/?do=edit HTTP/2.0" 301 0 "https://<URL-redacted>/forum/topic/104288-s%D0%B5x-%D1%81lub/?do=edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0"

 

2. I noticed they seem to be using URL "special escape characters" to "bypass" the Topic edit.
The post is a  spam with title "Sex Club", all "English" ASCII, so there was no need to use escape / special characters.

 

 

 

Yea, the fix wasn’t included in the recent release! I’ll see if we can provide a patch for this, if not, it will be included in the next official release.

  • Author

I found another way to bypass Word Filter. At least work on 4.4.6 on my forum.

 

a. In an existing topic, post a reply with just a dot ie "." Save.

b. Then Edit the post and paste in a message including the "filtered word" eg Please come to XXX Club. (where XXX is banned filter word).
For some reason, word filter is NOT invoked.

 

 

Archived

This topic is now archived and is closed to further replies.

Recently Browsing 0

  • No registered users viewing this page.