Well, VERY disappointed in the community here.

https://www.flightsim.com/vbfs/showthread.php?324117-To-everyone-Please-Read!

I er....didnt get any of these PM's of 'sexual nature'.

I'm not good looking enough?

Not worthy?

Too old?

"I'm with it. I'm hip. TukaTukaTukaTukaTuka...."

Hopefully the scammers/spammers will eventually get bored and move on.

This is totally unacceptable unless you don't know how to secure a forum. I run two forums and a WordPress website. In the over five years I've had them online I've only had to report maybe three in total spammers to the Stop Forum Spam website for which I have an account. And at that, the permissions are set that new posters can't send PMs and their first post is held in moderation queue unless I approve it. So if they get passed the layers of security I have, their very post will never see the light of day.

Now on top of this, a forum allows you to see IPs and email addresses. I have an extension that bans damn near all reusable email addresses via an update mechanism from a GitHub repository of these email providers. IPs can be banned in CloudFlare and you'll never get past my CloudFlare implementation. I know all the tricks.

Now with just this said, the IPs, CIDRs or ASN/s used by these spammers could be blocked in CloudFlare that this site uses. Providing the aforementioned isn't from an ISP. This is what needs to be done if you have repeat offenders where their account was already banned. You attack at the IP level. And as mentioned, all first time posters should be held in moderation queue if that's not what happens now and the PM permission needs to be revoked to first time posters or set to a certain post count in order to PM. All of this should be withen the realm of possibility with this current version of vBulletin.

Addendum. I did a quick search and and it looks like this website's origin IP isn't hidden like it should be. Looks to be using OVH and is vulnerable to the Poodle Attack. On top of that, it looks like one of this site's IPs has a huge list of CVEs according to Shodan.

This can all be fixed.

https://www.flightsim.com/vbfs/showthread.php?324117-To-everyone-Please-Read!

 

I er....didnt get any of these PM's of 'sexual nature'.

I'm not good looking enough?

Not worthy?

Too old?

 

"I'm with it. I'm hip. TukaTukaTukaTukaTuka...."

Hmm... Is this about hot planes and beautiful airport scenery that they must have? LOL

They just hit over at the "other" site. Interesting, just like here a new member's first few posts are moderated but it seems that the PM system is not moderated. Stand by for a total crap attack!

PMs can be or can't be moderated depending on the forum settings. And the P in PM is not what it seems. They can be read by an Admin or Mod if the forum has a add-on, script or extension installed to allow an Admin or Mod to view them. What really needs to happen is that a new user should NOT have PM privileges until they have gained a certain amount of forum reputation by the number of posts.

Like I said, this should be taken care of at the IP level if at all possible. Even if it's a legit ISP IP, a temp block would be sufficient. If it's a cloud or hoster IP, that can be blocked on a permanent basis.

Like I said, this should be taken care of at the IP level if at all possible.

Whack-a-mole blocking seldom works for long on the Internet, as we know all too well.

Whack-a-mole blocking seldom works for long on the Internet, as we know all too well.

Say again? Who’s whacking what?

:p

Whack-a-mole blocking seldom works for long on the Internet, as we know all too well.

I'm sorry, but unless you run your own websites and know how to secure them like I do, then that statement means nothing.

It can be whack-a-mole. But if you attack it from the ASN level it really isn't. I have 78 pages of CloudFlare rules for blocking numerous ASNs from cloud/hosting providers and when that doesn't work they hit a security script I run that fills in the gap. This security script also using the AbuseIPDB API and Stop Forum Spam API. If your IP is listed at these two sources you shall not pass. LOL!

I'd have to see the IPs being used here to make a more definitive answer. In my case, if the source of shenanigans do come from legit ISPs then I will just block the used individual IPs for at least a year. If necessary I'll block or captcha the whole ASN/s. Bottom line it's more of a permission settings thing withen the forum software its self. Like I said, PM privileges should be limited to those with at least 10 posts or more and those first 10 posts should be held in moderation queue.