Rdq forum? Cause for alarm?

[Wheez]

Has anyone looked at the forums on rdq lately?
Lots of new accounts with tons of posts, all posts marked as hidden, titles including everything from fake IDs to voodoo spells...
Thought I'd ask if that's a known issue or not...
Funny enough i was trying to figure out how to change my password on rdq and saw that, so if anyone knows how, you might want to... (and if you'd fill me in as to how--id appreciate it)
Wheez

[Pathfinder075]

Probably they haven't kept up with forum upgrades and someone is using a (fixed in the latest version) exploit to bypass security features. I'm not saying that is the cause, because if you don't keep up with system upgrades too, people will eventually be able to hack there way in via other means.

It's happened on places I've been admin before (but not places I ran or had root access to). A zero day appears and the forum software provider releases an update, but until everyone upgrades, you have 1000s of vulnerable boards. It's the main reason for keeping regular backups of the database.

Probably will be fixed soon if someone points out to RDQ they have been hacked. Thankfully since we are going into a weekend, they will have time to play with it. At the very least they should probably take it down, until that time.

[Rob Axel]

.. I’m the only mod left on that forum, They are using a weird format and i have been fighting the spam on it for close to a year. I have VERY limited control / access..
I offered suggestions but havnt heard back, I will reach out after the holidays. They have a great concept with building “points” as u contribute.. at first we had to deal with guys making single word posts.. it bogged the user interface down with crap.. Tyler seemed concerned at one point.. I may have to contact him directly and see what he thinks..

[Pathfinder075]

You might want to contact him and make sure it is just the forum that's been attacked. If they've taken the main web server, that might leave the shop side open which could be slightly more problematic.

If not (and you've been mod for a while) ask him for admin privileges and take over the admin side and get everything upgraded as best you can. If they don't want to run it themselves, they either need to designate an admin to do so or shut it down. There are enough forums that never get upgraded and end up being hacked and used for generating spam or have there user databases dumped and sold on the darknet.

This error at the top of the page in the 'General Discussion' area tells me it's maybe been hacked or the person who coded up that Shopify App was an idiot and didn't put in proper error checking to deal with people trying to overflow the fields (not that i know anything about coding, well a little maybe). As much as it looks nice, they'd be better putting something mainstream on, like MyBB, phpBB or Invision.

Liquid syntax error: Variable '{{{ Black magic death spells on ex lover , Revenge instant death spells powerful instant death spells online instant spell that work fast in USA, UK, Kuwait, Germany, Asian, Europe, Philippines, Canada, South Africa, Italy, Peru, India, Iran, Gambia. Sweden, Australia, Nigeria, Spain, Ghana, California, Greece, THE HOPE 7demons Voodoo death spell casters spell to make someone sick and die without delay

If you get access, try and implement the StopForumSpam API into the Register PHP code. it's pretty easy to hook it in and that will wipe out a chunk of the spam you get, but not all. Admins and Mods are the only way to deal with all of it. But you can get rid of a fair chunk by using stopforumspam and deploying both IP and Username checking.

Other more radical things that could be done. Block all VPNs and Tor Exits. Best to do it from the webserver, either by using a frontend for iptables, or you can do it from CPanel if they have that. Worst case hook a basic check into the Register script and grab a copy of the exit nodes from below (or google it).

https://check.torproject.org/torbulkexitlist

There are many more ways beyond that, but that's what i use on all the places I run. I also linked fail2ban to the forum registration, so if they are trying to break into the server, they get banned from registering on the forum as well as being banned by fail2ban.

Some of these methods need root access.

[Suros]

make someone sick and die without delay

I laughed much harder at this than I should've.

[Wheez]

Im embarrassingly oblivious to everything you guys are saying...
I was kinda just worried about if rdq was at risk, figured it might just be someone trying to take advantage of the points system. You guys make it sound much scarier... Sounds like an episode of mr. robot.
I probably should have paid more attention in computer class or something...
I still can't even figure out how to change my password lol

[Pathfinder075]

I laughed much harder at this than I should've.

After I re-read it earlier I realised something.  Does the spell work less well if cast in countries other than USA, UK, Kuwait, Germany, Asian, Europe, Philippines, Canada, South Africa, Italy, Peru, India, Iran, Gambia. Sweden, Australia, Nigeria, Spain, Ghana, California, Greece? 

[Rob Axel]

I contacted Tyler, he informed me “shpify” is the platform and there is no chance of a breach into RDQs site. Funds ran out with this platform and Tyler said they will look into this with all the spam… worst case, the forum will get shut down, which would be a shame. There is quite a lot of good information for new pilots there. Also, it was very easy to upload pics/videos.
I wonder if it can be “locked” and used as info rather than just completely shutting it down..

[Pathfinder075]

I wonder if it can be “locked” and used as info rather than just completely shutting it down..

If you can, that's what i'd do.

Before that though, I would delete as much spam as you can.  Maybe remove the Register function, then spend a couple of weeks pruning it back and then get Tyler to lock it.

[burkeomatic]

I contacted Tyler, he informed me “shpify” is the platform and there is no chance of a breach into RDQs site.  Funds ran out with this platform and Tyler said they will look into this with all the spam… worst case, the forum will get shut down, which would be a shame.  There is quite a lot of good information for new pilots there.  Also, it was very easy to upload pics/videos.  
 I wonder if it can be “locked” and used as info rather than just completely shutting it down..

I've got some experience moderating and even less admining. Just my crappy little proboards forum as far as admin goes, but if you need me to make an account and jump in over there to help I would be glad to if you give me the access.

[the.ronin]

First off, hi all!! Been a minute lol.

I remember when they launched that forum and you would get points for posts which you could then exchange for store credit. Great idea in theory ... I guess lol.

[Banelle]

First off, hi all!!    Been a minute lol.

I remember when they launched that forum and you would get points for posts which you could then exchange for store credit.  Great idea in theory ... I guess lol.

I see no downside to this, and neither does my botnet.

[Rob Axel]

.. I think Tyler and the crew may have got things kinda in check.. the past several days I’ve seen some new activity.. and minimal spam (new).. As far as I can tell, the points are still being offered…

[Rob Axel]

Apparently the forum is not accessible.. kinda sucks.. I have A LOT of informational threads on tinyhawks..

[Rob Axel]

… bad news, I got confirmation from Max at RDQ.. the forum is no longer in existence.. they tried to use another platform and transfer threads, but it ended up being unsuccessful..
Hey, gotta give them props.. the bots and spam hit that forum like no ones business..
well… time to move on..