# Unapproved Visitor



## Enon49 (Mar 21, 2018)

I have a notification from an ""Unapproved Visitor""

Am I being stalked by ""Model Trees""

I do not understand

MrToad


----------



## Guest (Dec 29, 2018)

I received that too! What is that all about?

Emile


----------



## wvgca (Jan 21, 2013)

probably not being stalked 
more likely just wanted to know (some how) if you wanted to purchase some model trees, he has a store on etsy


----------



## Rocky Mountaineer (Sep 19, 2015)

I've encountered these messages the past day or two as well as this morning again. About 3 or 4 messages in total so far. They're all the same.... Somebody trying to sell trees and scenery. Very atrange.

David


----------



## Rocky Mountaineer (Sep 19, 2015)

wvgca said:


> probably not being stalked
> more likely just wanted to know (some how) if you wanted to purchase some model tress, he has a store on etsy


Hmmm... I don't care where he has a store. I'm not interested in buying any, and it's annoying that he's somehow sending messages inside MTF. 

David


----------



## wvgca (Jan 21, 2013)

Rocky Mountaineer said:


> Hmmm... I don't care where he has a store. I'm not interested in buying any, and it's annoying that he's somehow sending messages inside MTF.
> 
> David





he is doing the same [sort of] as any other new user, they have the capabliity of sending you private messages, if they choose to do so .
although it's easier if a moderator or admin lets him know this is not exactly an approved method of selling stuff ..


the new user seems to have joined on boxing day


----------



## gunrunnerjohn (Nov 10, 2010)

I haven't seen any of those, let's see if we can step on his neck. 

Do you have a user name or a screen shot of the actual message?


----------



## Guest (Dec 29, 2018)

gunrunnerjohn said:


> I haven't seen any of those, let's see if we can step on his neck.


WOW! Now that's the way to run a Forum! MTF doesn't pander to Advertisers! MTF just STEPS ON THEIR NECK!
MTF Members come first!

Well done John! You really put the "Gun" in Gunrunnerjohn. Even John Wayne and Clint Eastwood would have to admit that You are one Bad Dude!

Thanks for watching out for the Members.

Emile


----------



## Krieglok (Sep 7, 2013)

Just an ad...this is what appeared in my inbox...


----------



## gunrunnerjohn (Nov 10, 2010)

TheBigCrabCake said:


> WOW! Now that's the way to run a Forum! MTF doesn't pander to Advertisers! MTF just STEPS ON THEIR NECK!
> MTF Members come first!
> 
> Well done John! You really put the "Gun" in Gunrunnerjohn. Even John Wayne and Clint Eastwood would have to admit that You are one Bad Dude!
> ...


Well, it doesn't sound like this is an "approved" advertiser.


----------



## gunrunnerjohn (Nov 10, 2010)

I'm looking into how we stop this character.


----------



## T-Man (May 16, 2008)

Thank you John.


----------



## Dennis461 (Jan 5, 2018)

Add him to your ignore list.

Not rocket science


----------



## gunrunnerjohn (Nov 10, 2010)

That's not really a solution, we don't want stuff like this getting in at all, you shouldn't have to stop SPAM from showing up in your private messages!


----------



## Bwells (Mar 30, 2014)

John, I thought you closed the loophole when Ed-RRR sent 6 PMs after he was banned. I didn't think it was possible to send a picture via PM.


----------



## Rocky Mountaineer (Sep 19, 2015)

Thanks John, I like your style of thinking!!! 

David


----------



## T-Man (May 16, 2008)

One word of advice is not answer the notification. It gives him the right to answer back. 


I think someone banned the member


----------



## Big Ed (Jun 16, 2009)

gunrunnerjohn said:


> I'm looking into how we stop this character.


Step on his neck ha ha ha. :laugh:

John the enforcer.


----------



## gunrunnerjohn (Nov 10, 2010)

I think he's gone, and he probably has a footprint on his neck.


----------



## Rocky Mountaineer (Sep 19, 2015)

You da man, John!!!


----------



## gunrunnerjohn (Nov 10, 2010)

I think it's Bob's footprint on his neck.


----------



## Gramps (Feb 28, 2016)

I got it as a notification on 12/28, wasn't sure what that meant, opened and it was the scenery ad. Tried to delete it but can't. Now I know not to open any "Unapprooved Visitor" messages. Lesson learned.


----------



## Vincent (Jan 28, 2018)

I got a message from him, and here is the link. NO, Don't contact him. If an admin wants the link, send me a PM.


----------



## Jeff T (Dec 27, 2011)




----------



## Traindiesel (Sep 8, 2015)

I didn’t get any messages of the sort, but maybe it is a Lionel employee in disguise getting revenge for all the recent negative feedback!!


----------



## Guest (Dec 30, 2018)

View attachment 478370


----------



## gunrunnerjohn (Nov 10, 2010)

Gramps said:


> I got it as a notification on 12/28, wasn't sure what that meant, opened and it was the scenery ad. Tried to delete it but can't. Now I know not to open any "Unapprooved Visitor" messages. Lesson learned.


I don't know why you can't delete them, but I deleted them from both of your profiles.


----------



## Ron M (Mar 18, 2016)

I could not delete the message either.


----------



## gunrunnerjohn (Nov 10, 2010)

I'm looking into fixing that for users, I don't know why you guys can't delete visitor messages, it's your profile.

I'll go kill it.

We're working on not allowing it to happen again.


----------



## Vincent (Jan 28, 2018)

gunrunnerjohn said:


> I'm looking into fixing that for users, I don't know why you guys can't delete visitor messages, it's your profile.
> 
> I'll go kill it.
> 
> We're working on not allowing it to happen again.


Smite him, John!


----------



## Guest (Dec 30, 2018)

The cartoons from Emile keep getting better and better. :smilie_auslachen::smilie_auslachen:


----------



## Ron M (Mar 18, 2016)

Thank you John. Could be operator error on our end but appreciate you taking care of it


----------



## mike77406 (Feb 7, 2016)

The funny thing for me is that that was the first private message I have gotten here. :laugh:


----------



## Traindiesel (Sep 8, 2015)

Emile, he would have gotten away with it too except for those meddling teenagers and their dog!


----------



## Guest (Dec 31, 2018)

Traindiesel said:


> Emile, he would have gotten away with it too except for those meddling teenagers and their dog!


Especially that Dog! “Scooby Dooby Do!...Hehehehehe!”

View attachment 478616


----------



## Guest (Dec 31, 2018)

The "poor" dog was only along for the ride.


----------



## Guest (Dec 31, 2018)

Passenger Train Collector said:


> The "poor" dog was only along for the ride.


What Dog can resist a Ride In The Car?

Unapproved Visitors? Pennsy and Zephyr are on the case.

Emile

View attachment 478632


----------



## Guest (Dec 31, 2018)

I love it, Emile. You are absolutely correct, most dogs love a ride in the car, certainly our two do as well. 

The minute our coats go on, they are at the door. Good thing that they are well behaved as we take them most places.


----------



## CV-62 (Dec 9, 2018)

Nice looking hay bales though. The guy has talent.


----------



## Guest (Dec 31, 2018)

Welcome to the MTF, CV-62.


----------



## wvgca (Jan 21, 2013)

guy [or girl] showed up again, with a different user name ....
at least posted in the 'for sale elsewhere' section, with a label 'sticky', lol


gotta give them credit for trying to push their product ...


----------



## highvoltage (Apr 6, 2014)

wvgca said:


> guy [or girl] showed up again, with a different user name ....
> at least posted in the 'for sale elsewhere' section, with a label 'sticky', lol
> 
> gotta give them credit for trying to push their product ...


 Now they're back as "Tree Railroad." Two postings, one as you pointed out, the other in "Want to Buy (member-to-member)."

They are persistent, I'll give them that.


----------



## Guest (Jan 1, 2019)

The post says they ship from Vietnam. The bales look like rolls of marijuana! French Connection?:smokin::smokin::smokin:

Emile


----------



## Roving Sign (Apr 23, 2017)

And check this out - this looks much worse

https://www.modeltrainforum.com/showthread.php?t=176654

They have to have some Forum admin privileges to make a post "sticky" like that.

https://www.modeltrainforum.com/forumdisplay.php?f=42

ALERT!


----------



## Guest (Jan 1, 2019)

Roving Sign said:


> And check this out - this looks much worse
> 
> https://www.modeltrainforum.com/showthread.php?t=176654
> 
> ...


The posts says: "100% handmade and ready to plant."

What???

Their Avitar looks like Cannabis! Not sure if we need an Administrator or the D.E.A.!


----------



## gunrunnerjohn (Nov 10, 2010)

I confess, I can't imagine how he got that to be a sticky, that's not something a new user should be able to do! I think we have a security breech somewhere!


----------



## Roving Sign (Apr 23, 2017)

Some quick detective work shows this site (MTF) is using some woefully out of date Security Software

https://www.dragonbyte-tech.com/store/vbsecurity.123/releases

2.2.0
Feb 16, 2016

I'm assuming this is a hosted, turnkey-type account? So - the vendor should be on this.


----------



## gunrunnerjohn (Nov 10, 2010)

I suspect it may be as simple as someone got a mod password.


----------



## Roving Sign (Apr 23, 2017)

gunrunnerjohn said:


> I suspect it may be as simple as someone got a mod password.


Which might be simple

https://en.wikipedia.org/wiki/VBulletin

Can't quite see a good version history - but the MTF stylesheet says " vBulletin 3.8.8 CSS"

And the Jelsoft reference seems out of date too - could MTF be using a pre-2007 version of Vbulletin? (that might explain the old security software)


----------



## gunrunnerjohn (Nov 10, 2010)

I know it's an older version of vB, but I have no control over that.


----------



## Roving Sign (Apr 23, 2017)

gunrunnerjohn said:


> I know it's an older version of vB, but I have no control over that.


I suspect this issue is out your hands. (and no critique intended!)

I'm a big fan of SMF (Simple Machines Forum).

https://www.simplemachines.org/

Forum software is one of those areas Open Source has pretty much been the driving force - and makes the best product.

The big issue with forums like MTF is image hosting - that's what sucks up all the resources - and pushes people to hosted products.


----------



## wvgca (Jan 21, 2013)

the post is labeled a sticky, just on the header line ...
it's NOT actually a sticky ... look at the lines underneath the header


----------



## gunrunnerjohn (Nov 10, 2010)

I think you're right, since it's still the last one (deleted), it fooled me being at the top. He'll give up before I do.


----------



## bigdodgetrain (Jun 12, 2015)

what does this mean for MTF?
Stable release
5.4.5 (November 14, 2018; 47 days ago)

did MTF update?

can one of the mods contact the MTF owners?


----------



## Guest (Jan 2, 2019)

I don’t know if this is important but just in case: on the Statistics page of my profile it usually says:

Current Activity: Viewing Forum O Scale

But a couple days ago it said:

Current Activity: Moderating

And “Model Tree” is listed as a Recent Visitor to my Profile. 

Is “Model Tree” hacking in through current Member accounts?

Emile


----------



## Roving Sign (Apr 23, 2017)

bigdodgetrain said:


> what does this mean for MTF?
> Stable release
> 5.4.5 (November 14, 2018; 47 days ago)
> 
> ...


Its probably not as easy as that...

Servers consist of various base software packages (Apache/PHP/MySQL) - these have to updated for the newest versions of stuff like VBulletin to actually work.

Since we seem to running a 10 year old version of VBulletin - I suspect this is a sign that the server software is out of date (perhaps due to hardware limits)

Speculating further - the original company that was brokering these turnkey forum setups - has been bought by another company - and is now just an asset to "Vertical Scope" - whoever that is.

Not a good situation...


----------



## Roving Sign (Apr 23, 2017)

TheBigCrabCake said:


> I don’t know if this is important but just in case: on the Statistics page of my profile it usually says:
> 
> Current Activity: Viewing Forum O Scale
> 
> ...


If the info in the wikipedia link is accurate - they likely have access to the whole data base - not good.

I can't say what they can see or not see - but I think at worst you might have your email harvested.


----------



## highvoltage (Apr 6, 2014)

I was also wondering how they were able to blast out a number of visitor messages. Based on responses to this thread, there were quite a few that were distributed. Did everyone get one?


----------



## Roving Sign (Apr 23, 2017)

highvoltage said:


> I was also wondering how they were able to blast out a number of visitor messages. Based on responses to this thread, there were quite a few that were distributed. Did everyone get one?


Did anyone happen to notice if the images were served from MTF or were they hosted elsewhere?

Kind of not good if they were hosted off site - they might have your IP address.


----------



## gunrunnerjohn (Nov 10, 2010)

We're still running the same release as we have for some time.

Latest version available: 3.8.11. You are currently running vBulletin version 3.8.8 Patch Level 2.


----------



## highvoltage (Apr 6, 2014)

Roving Sign said:


> Did anyone happen to notice if the images were served from MTF or were they hosted elsewhere?...


 Can't tell now, they're banned and both of their posts are gone.

Edit: Did a bit more digging, the one picture of the hay bales was from their Etsy site.


----------



## Roving Sign (Apr 23, 2017)

gunrunnerjohn said:


> We're still running the same release as we have for some time.
> 
> Latest version available: 3.8.11. You are currently running vBulletin version 3.8.8 Patch Level 2.


I looked over at the Vbulletin forum and found this

https://www.vbulletin.com/forum/for...-spammers-bypassing-human-interface-questions

Recent.

Also - Some indication that 3.8.11 is the only 3.X version that is supported.

From a support mod: _"Make sure you're using a version of vBulletin compatible with your server. Though, for security and stability, the only viable versions of vBulletin 3 and vBulletin 4 are 3.8.11 and 4.2.5 at this time."_


----------



## Roving Sign (Apr 23, 2017)

highvoltage said:


> Can't tell now, they're banned and both of their posts are gone.
> 
> Edit: Did a bit more digging, the one picture of the hay bales was from their Etsy site.


I saw the Etsy link - but was image really served from etsy? Im thinking not...?


----------



## gunrunnerjohn (Nov 10, 2010)

As I said, I have no control over what version of vB that VS installs here, so it is what it is.


----------



## highvoltage (Apr 6, 2014)

Roving Sign said:


> I saw the Etsy link - but was image really served from etsy? Im thinking not...?


I deleted my visitor message so I went to yours . Right click on the image and inspect element. The img src will be an etsy link.


----------



## Vincent (Jan 28, 2018)

I only got the first message and deleted it with no problem. Hopefully, the problem is solved.


(John smote 'em good!)


----------

