Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

www xxx pnotes com, about NISCST exam, zRzSstbbggvbbbb... ., mknod dev pts, os error=146, simba cs, xxx girls using pierced squirrel nipple stretcher tensioner pulling stretchers to the Limit, gotnet, windows postgres psql_history, www xxxxxnb

Links

XODOX
Impressum

#1: phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures

Posted on 2006-03-07 13:53:37 by Juuso Hukkanen

During the last few days a bot using a name FuntKlakow, has been
registering to at least hundreds (maybe thousands) of phpBB forums.

http://www.google.com/search?hl=com&q=FuntKlakow&btnG=Hae&me ta=

Bot is also capable for posting to forums:
http://forum.uebimiau.org/search.php?search_author=FuntKlako w
http://www.alternativ.ro/forum/search.php?search_author=Funt Klakow

But most on most forums the bot keeps silent.

Ok, what is a danger?
Next time the phpBB announces a critical vulnerability, the bot would
have everything ready (just a post click away) from attacking
thousands of sites/forums.

Best defence against these kinds of bot-members, might be setting up
honeypot-forums, which the search engines can find but to which there
are no permanent links from the web. When new bot-members are
detected, such would be listed at each particular forum makers
homepage.

When a bot would then try to register to a forum, the forum program
would check the user/bot inputted user-name (or other characteristics)
and if those would match to those catched by a honeypot-forums,
registerin such user detais would be eliminated ( and possible IP
banned for some time)

Juuso Hukkanen
(to reply by e-mail set addresses month and year to correct)

ps. damn <control-N> did send an early draft of this post :)

Report this message

#2: Re: phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures

Posted on 2006-03-07 15:38:38 by unknown

Post removed (X-No-Archive: yes)

Report this message

#3: Re: phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures

Posted on 2006-03-07 17:07:12 by comphelp

Juuso Hukkanen <juuso_12_2003@tele3d.net> writes:

> Best defence against these kinds of bot-members, might be setting up
> honeypot-forums, which the search engines can find but to which there
> are no permanent links from the web. When new bot-members are
> detected, such would be listed at each particular forum makers
> homepage.

I really like the tactic, but I'm confused on how a search engine
might find the honeypot without any permanent link from the web?

Can you give an example? Say, just naming it /forum or something
off the root of a domain?

Thanks for the heads up!

--
Todd H.
http://www.toddh.net/

Report this message

#4: Re: phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures

Posted on 2006-03-07 17:10:12 by Vampi Fangs

On Tue, 07 Mar 2006 14:53:37 +0200, Juuso Hukkanen
<juuso_12_2003@tele3d.net> wrote:

>During the last few days a bot using a name FuntKlakow, has been
>registering to at least hundreds (maybe thousands) of phpBB forums.
>
>http://www.google.com/search?hl=com&q=FuntKlakow&btnG=Hae&m eta=
>
>Bot is also capable for posting to forums:
>http://forum.uebimiau.org/search.php?search_author=FuntKlak ow
>http://www.alternativ.ro/forum/search.php?search_author=Fun tKlakow
>
>But most on most forums the bot keeps silent.
>
>Ok, what is a danger?
>Next time the phpBB announces a critical vulnerability, the bot would
>have everything ready (just a post click away) from attacking
>thousands of sites/forums.

nicely malicious ...

the proactive banning of the nefarious FuntKlakow nym seems prudent :)

--

V--V

"It's liberty for all, democracy's our style,
unless you are against us,
then it's prison without trial."

Rolling Stones "Sweet Neo Con"

Report this message

#5: Re: phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures

Posted on 2006-03-08 10:12:58 by lahippel.at.ieee.org

Leythos wrote:

> In article <duvq02lf07skq6h0500ft2qrhhsulbejup@4ax.com>, juuso_12_2003
> @tele3d.net says...
>> During the last few days a bot using a name FuntKlakow, has been
>> registering to at least hundreds (maybe thousands) of phpBB forums.
>
> What version of PHPBB are you running?
>
> There are known issues with early versions and even known patches for
> later versions.

And then there are those libraries that aren't maintained any more.
http://secunia.com/advisories/19028/

-- Lassi

Report this message

#6: Re: phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures

Posted on 2006-03-08 12:59:53 by unknown

Post removed (X-No-Archive: yes)

Report this message