Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

plusine 1036 result list, spinlock ARWSL, Download winmysqladmin 1.4, danecki n2, Wwwxxxc,memo, Www.xxx.com, www.xxx.com.b, gentoo apache Temporary failure in name resolution, wmi query no such interface supported, www.xxx.com

Links

XODOX
Impressum

#1: phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures

Posted on 2006-03-07 13:53:37 by Juuso Hukkanen

During the last few days a bot using a name FuntKlakow, has been
registering to at least hundreds (maybe thousands) of phpBB forums.

http://www.google.com/search?hl=com&q=FuntKlakow&btnG=Hae&me ta=

Bot is also capable for posting to forums:
http://forum.uebimiau.org/search.php?search_author=FuntKlako w
http://www.alternativ.ro/forum/search.php?search_author=Funt Klakow

But most on most forums the bot keeps silent.

Ok, what is a danger?
Next time the phpBB announces a critical vulnerability, the bot would
have everything ready (just a post click away) from attacking
thousands of sites/forums.

Best defence against these kinds of bot-members, might be setting up
honeypot-forums, which the search engines can find but to which there
are no permanent links from the web. When new bot-members are
detected, such would be listed at each particular forum makers
homepage.

When a bot would then try to register to a forum, the forum program
would check the user/bot inputted user-name (or other characteristics)
and if those would match to those catched by a honeypot-forums,
registerin such user detais would be eliminated ( and possible IP
banned for some time)

Juuso Hukkanen
(to reply by e-mail set addresses month and year to correct)

ps. damn <control-N> did send an early draft of this post :)

Report this message

#2: Re: phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures

Posted on 2006-03-07 15:38:38 by unknown

Post removed (X-No-Archive: yes)

Report this message

#3: Re: phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures

Posted on 2006-03-07 17:07:12 by comphelp

Juuso Hukkanen <juuso_12_2003@tele3d.net> writes:

> Best defence against these kinds of bot-members, might be setting up
> honeypot-forums, which the search engines can find but to which there
> are no permanent links from the web. When new bot-members are
> detected, such would be listed at each particular forum makers
> homepage.

I really like the tactic, but I'm confused on how a search engine
might find the honeypot without any permanent link from the web?

Can you give an example? Say, just naming it /forum or something
off the root of a domain?

Thanks for the heads up!

--
Todd H.
http://www.toddh.net/

Report this message

#4: Re: phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures

Posted on 2006-03-07 17:10:12 by Vampi Fangs

On Tue, 07 Mar 2006 14:53:37 +0200, Juuso Hukkanen
<juuso_12_2003@tele3d.net> wrote:

>During the last few days a bot using a name FuntKlakow, has been
>registering to at least hundreds (maybe thousands) of phpBB forums.
>
>http://www.google.com/search?hl=com&q=FuntKlakow&btnG=Hae&m eta=
>
>Bot is also capable for posting to forums:
>http://forum.uebimiau.org/search.php?search_author=FuntKlak ow
>http://www.alternativ.ro/forum/search.php?search_author=Fun tKlakow
>
>But most on most forums the bot keeps silent.
>
>Ok, what is a danger?
>Next time the phpBB announces a critical vulnerability, the bot would
>have everything ready (just a post click away) from attacking
>thousands of sites/forums.

nicely malicious ...

the proactive banning of the nefarious FuntKlakow nym seems prudent :)

--

V--V

"It's liberty for all, democracy's our style,
unless you are against us,
then it's prison without trial."

Rolling Stones "Sweet Neo Con"

Report this message

#5: Re: phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures

Posted on 2006-03-08 10:12:58 by lahippel.at.ieee.org

Leythos wrote:

> In article <duvq02lf07skq6h0500ft2qrhhsulbejup@4ax.com>, juuso_12_2003
> @tele3d.net says...
>> During the last few days a bot using a name FuntKlakow, has been
>> registering to at least hundreds (maybe thousands) of phpBB forums.
>
> What version of PHPBB are you running?
>
> There are known issues with early versions and even known patches for
> later versions.

And then there are those libraries that aren't maintained any more.
http://secunia.com/advisories/19028/

-- Lassi

Report this message

#6: Re: phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures

Posted on 2006-03-08 12:59:53 by unknown

Post removed (X-No-Archive: yes)

Report this message