'Remove Klez from Big-O-Software' Spam

[XMenKMan]

i think they did the right thing. as michael said...its the fact that he abused the system.

The system? Abused it? How could he have abused the sytsem when he emailed people who choose to list their email address which means they accept the rsik of people on this site emailing them? And plus he speicifally stated it as a member of the big-O forums at one point. Plus anyone who belongs to the boards, should know what an email from them would like like (Mail address wise). Besides he has EVERY right to email the people he believes are spamming his email address cause by THESE boards. He asked for them to do it, they did nothing, he said he would do it, they did nothing, he did it, they killed it. If you didn't want the email, simply click the delete button, empty the trash and you will never see it again. Don't go complaining that someone used the email address that you chose to let everyone know. It used to be if some Porn Advertisor was browsing the site, and decided to email everyone, tough crap. You accepted the responsibility of being so called "spam mailed" (which this is NOT!) by anyone anonymous person.

[Michael]

The system? Abused it? How could he have abused the sytsem when he emailed people who choose to list their email address which means they accept the rsik of people on this site emailing them?

Incorrect. My email address should not be publicly available, and even if it is, that does not condone using it as a recipient of spam and mass emails.

And plus he speicifally stated it as a member of the big-O forums at one point. Plus anyone who belongs to the boards, should know what an email from them would like like (Mail address wise).

Again, he posed as Big-O software, which he is not a spokesperson for.

Besides he has EVERY right to email the people he believes are spamming his email address cause by THESE boards. He asked for them to do it, they did nothing, he said he would do it, they did nothing, he did it, they killed it.

He has no reason to suspect me. Klez is not present on my system. Besides, I have Norton Antivirus, which has always kept my system protected, and I regularly scan for viruses anyway.

If you didn't want the email, simply click the delete button, empty the trash and you will never see it again. Don't go complaining that someone used the email address that you chose to let everyone know. It used to be if some Porn Advertisor was browsing the site, and decided to email everyone, tough crap. You accepted the responsibility of being so called "spam mailed" (which this is NOT!) by anyone anonymous person.

The same can be send of traditional spam, yet we all bitch about that.

[harra]

When you chose the option to allow your e-mail be visible in the profile preferences, you are giving members permission to e-mail you THROUGH the boards. If you notice, when you click on the 'E-mail' button on a user it gives you a web form to e-mail the person. A member has every right to believe that they will either receive a message through this web form which will result in a mail message sent through the Big-O Software discussion board OR they will receive mail from another member who they EXPLICITELY gave permission to e-mail them as in "Hey Bob, you can email me at someone@domain.com".

I could care less about the e-mail. I found the e-mail useful but as sure as I am that I'm sitting in an office in Downtown Houston, I can tell you that someone, if not several someones, sent Mark and Ryan messages telling them they weren't happy about it. Also, the message looked very much like it was coming from Big-O Software themselves. If you read the message CAREFULLY you could tell that it was from a USER of the boards, especially since he signed it, but most people don't read anything completely (remember most of us are the product of the US public education system, me included).

I am a moderator of another board that caters toward VB/VBA developers and I wouldn't have taken this kind of action lightly, either. I consider this an abuse of the system because the e-mail addresses were most likely obtained in a manner that wasn't expected by the members. The message was sent from an outside source, not through the boards (which is also how a member would reasonably expect to have their e-mail adress obtained). I don't know how Brian did it but he is very familar with the phpbb boards and probably knows how to get everyone's email.

As you can see it all comes down to reasonable expectations. A member doesn't have a reasonable expectation to receive mail in this manner and therefore it is an abuse of the system.

[Matt]

first, xmenkman, i do NOT have my email address shown and never have, so the only way i can figure he got it is to hack or abuse or do something to this system...its a violation of my privacy, as i see it

When you chose the option to allow your e-mail be visible in the profile preferences, you are giving members permission to e-mail you THROUGH the boards. If you notice, when you click on the 'E-mail' button on a user it gives you a web form to e-mail the person.

they just did this after plasma sent this email. the way it was done before is if you put your mouse over the email link, it shows the email addy at the bottom of the screen. I like the way they have it now...

[harra]

KooLTaB101,

Sorry for posting the erroneous data, as you can tell, I've never sent and e-mail from within the boards before. All the boards I've ever been on before used a webform when you click on the e-mail button.

I didn't mean to mislead about how to boards operated. Sorry.

Ray

P.S. As you can also see I Don't have my e-mail address visible (indicated by the lack of an e-mail button on the bottom of this thread), yet I got a mail message this morning

[Matt]

harra...no harsh feelings! i didnt mean to snap at you if you saw it that way...i was just kind of irrated b/c plasma got my email and it seems that he did it illegally...b/c you dont have your email checked either.

[harra]

KooLTaB101,
I didn't take offense to the statement you had made, it just made me realize that I dispensed with false information. I tend to try and think before I speak on the boards and not speak untruths. But, unfortunately, I based my statement on what I saw today and it was the first time I tried to send an e-mail.

Oh well, I guess my appology was more for the other people who are reading this post, which probably won't last too long and go the way of all the "When is the next AIM+ coming out" posts.....the circular file bin....lol

Ray

[Michael]

I am a moderator of another board that caters toward VB/VBA developers and I wouldn't have taken this kind of action lightly, either. I consider this an abuse of the system because the e-mail addresses were most likely obtained in a manner that wasn't expected by the members. The message was sent from an outside source, not through the boards (which is also how a member would reasonably expect to have their e-mail adress obtained). I don't know how Brian did it but he is very familar with the phpbb boards and probably knows how to get everyone's email.

Precisely my point as well. I administer a phpBB2 board, and I have one moderator that often "runs amuck" and abuses the announcement/sticky system, along with other privileges. Now, he's never done anything to hurt the boards, a user, or a user's system, but of course, I take offense (as Admin) to anyone abusing the privileges set up.

This is why I agree with Mark and Ryan's punishment. Not only are these their boards, which they administer, but the use of the Big-O name should (morally, it not legally) be restricted to their use. Plasma's posing as a mouthpiece of Big-O was way out of line, as was his abuse of the forum access privileges (which I, as a fellow Administrator, take offense to).

[harra]

What gets me more concerned was this was done by a REGULAR USER. He didn't have administrator or moderator priviledges. I kind of want to know how the e-mail addresses were obtained. Where was the "Achilles Heel" in the system that allowed him to get all those e-mail addresses. Like I said before, if he could send a rather innoculous message, just think what someone could do if they wanted to deliver a destructive cargo.

[Big-O Ryan]

He exploited a bug in phpBB, in order to obtain both the public e-mail addresses and the hidden ones. Fortunately, this vulnerability is no longer relavant since all e-mail addresses are now hidden all the time. Unfortunately, he obviously got what he wanted.

He explicitly indicated to us (by PM) his awareness that he was exploiting a bug in the system, and his intent to do something that would not be well received.

[Matt]

to show some humor to this whole thing...the admins put the name 'idiot' as plasmas rank...look here http://discuss.big-o-software.com/profi ... file&u=827

[harra]

I'm now glad to know how it was done (exploiting a bug in the phpbb system) and that Mark and Ryan feel confident that further duplications of this type of system abuse won't happen again.

Thanks for filling us in, Ryan.

Ray

[DADINK13]

He exploited a bug in phpBB, in order to obtain both the public e-mail addresses and the hidden ones. Fortunately, this vulnerability is no longer relavant since all e-mail addresses are now hidden all the time. Unfortunately, he obviously got what he wanted.

He explicitly indicated to us (by PM) his awareness that he was exploiting a bug in the system, and his intent to do something that would not be well received.

Bravo! Still a shame though..

[SparkleSatine]

He exploited a bug in phpBB, in order to obtain both the public e-mail addresses and the hidden ones. Fortunately, this vulnerability is no longer relavant since all e-mail addresses are now hidden all the time. Unfortunately, he obviously got what he wanted.

He explicitly indicated to us (by PM) his awareness that he was exploiting a bug in the system, and his intent to do something that would not be well received.

.......So......in a way, he e-martyered himself?

[plasma2002]

Ok, i created a temporary account to mainly reply to this thread.

Im gonna talk about the various things i did the past few days.

First of all, i think that overall this was a drastic measure done due to the lack of any.

Second, i had NO intention of causing anyone to get pissed.... especially this much. I was offering helpfull advice in email to the users of a board that MAY have become vulnerable by means of the OTHER users on Big-O.
You can call the email itself spam, but i honestly dont think it was. I guess you could define spam, but i myself see spam as junk mail, usually with the intent of getting my money for something.

The names on the reply address included Big-O because i wanted to make sure people knew what the email was about etc., i was not trying to 'spoof' the email at all. I included a direct link to MY site as well as MY AIM SN's just so people knew its not from the Big-O team.

The email contained NOTHING bad at all. I make my emails professional all the time, i didnt write in that style to try to imitate any Big-O administrators.

Now, about the email extraction. Yes... i admit i should NOT have done this. (and true, it cant be done any longer) I didnt want to. But i needed SOME way of helping the people that have klez to get rid of it. I have made numerous posts about it, i have asked Big-O to aid in helping people. I waqs left to stop the virus from flooding my server to myself. I did what i could. I said i was going to have to do something on my own on the last post on the thread about klez (and btw, that was not meant as a threat), and there was still no response.

Now i realize Big-O wouldnt really want to go to the trouble i did (which was a lot), but there IS a mass email feature in the admini section of phpBB. I honestly dont see how it could have been that bad to deal with.

I did what i could. The way that my mail server is set up, my klez infected files DO NOT get automatically deleted. So if you could only imagine about 30 emails flooding my server every 24 hours or so. Its rather stupid to just ignore them.

To all of you that are sympathetic towards me, i apprecieate the understanding. To the rest of you, i see your points, some i dont agree with, but i understand why you feel the way you feel also.

The email's will NOT be used again in the future, i can assure you of this.

-
-
-Brian G.
-
-