Welcome to CubChat - The Forum For Honda Cubs (and Similar Motorcycles)
RE: c90club is offline.
Posted by : Newt (92.24.191.222) 
Inappropriate or SPAM?
On Saturday 12/07/14 at 15:44:12
Yes, we were being exploited by spammers, most likely Russian, they found access to the server through old add-ons to the phpBB script the board runs on.
Some of these add-ons have been there years, but some clever bugger found a way to exploit them.
Here's the explanation I posted on Facebook.
"Right, it's time to 'come clean' about the problems we are experiencing.
Basically, we were exploited through old add ons to the PhPBB system the forum runs on.
This enabled Russian (probably) spammers to send their spam through our (powerful) server.
This doesn't affect our membership or the forum, although it can slow it considerably.
It is estimated there are around 150,000 servers in the UK CURRENTLY compromised by spammers, specifically 'stealthratbot'
The consequence of this happening to a server, is that Hotmail, Yahoo, Live etc. see upwards of 60,000 emails per HOUR coming off the server and refuse to handle ALL mail from that server.
TBH we've been battling with them for some time, hence some problems with people getting emails from c90club.
We have been reticent about going public with it for a few reasons.
First, although we are 'hacked', there is NO question of personal data being compromised or stolen. Even we can't access passwords or PM's, it's all encrypted. And this isn't their intent. They simply want to send their spam mails from our server!
Second, if we say 'We have a problem with spam' members will incorrectly think, oh no, my email will be spammed!
This is not true! The software the spammers use such as Black Hat etc. will often work generating random, arbitrary email addresses. Emails on our server HAVE NOT BEEN COMPROMISED.
Other than the consequence we are having difficulty sending our email to our membership due to being blacklisted for the volume of emails generated from our server. Thanks spammers.
Thirdly, if we said 'We have stealthratbot virus on our server'
members will think, 'Oh no! If I visit c90club, I'll get a virus!'
Again, myth. It's a script, on our server, placed by spammers within add ons to the PhPBB to exploit our server. You will NOT get a virus!
And finally, most members problems with email, are as a result of their own shortcomings. Harsh, but true. And we just know, some members will blame our current problems whatever. Even when they are not remotely related.
So, having got 'un banned' we were capped. Slowly the cap was lifted, but alas the spammers found another point of entry.
James is now rebuilding the site from root up, but the database accrued over 5 years is mahoosive, and proving difficult to import.
There are work arounds, but it all takes time.
We are very fortunate to have someone savvy at the helm. This would, ordinarily, on sites run by people like me, be the death of the site. It's not easy to shake these buggers off once they are in. I certainly couldn't, but I'm confident in James!"
Further to this;
"Kev, we're not hacked. We've been exploited. We were sending Ruskie's spam out at 60,000 emails an hour.
Ag rebuilt it, but it then dropped into the etheric. The hosting company don't know what happened. The tech guy at the hosting co. is a major player, being head of server admin for a major, major household name computer company as recognisable as 'Microsoft' and it's beaten him too, so they have had to take advice.
Basically, James has found a bug in the Apache code working above the Unix of the server.
I can say, the website, as it was when taken offline, is parked on a domain, functional, and up to date.
We've discussed pointing folk at it, but there are good reasons not to.
In the meantime, don't worry, use the time well, and
GET OUT ON YA BIKES!!!!!! "
I'm obviously hopeful it's fixed asap, as the East Anglian Rideout is next weekend!
Message Thread:
Back to main forum
Sorry, this post has timed out and can no longer be responded to (feel free to blame spammers).
If there are more recent replies, you might still be able to reply to those!
Just a counter down here...
