phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures
phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures
am 07.03.2006 13:53:37 von Juuso Hukkanen
During the last few days a bot using a name FuntKlakow, has been
registering to at least hundreds (maybe thousands) of phpBB forums.
http://www.google.com/search?hl=com&q=FuntKlakow&btnG=Hae&me ta=
Bot is also capable for posting to forums:
http://forum.uebimiau.org/search.php?search_author=FuntKlako w
http://www.alternativ.ro/forum/search.php?search_author=Funt Klakow
But most on most forums the bot keeps silent.
Ok, what is a danger?
Next time the phpBB announces a critical vulnerability, the bot would
have everything ready (just a post click away) from attacking
thousands of sites/forums.
Best defence against these kinds of bot-members, might be setting up
honeypot-forums, which the search engines can find but to which there
are no permanent links from the web. When new bot-members are
detected, such would be listed at each particular forum makers
homepage.
When a bot would then try to register to a forum, the forum program
would check the user/bot inputted user-name (or other characteristics)
and if those would match to those catched by a honeypot-forums,
registerin such user detais would be eliminated ( and possible IP
banned for some time)
Juuso Hukkanen
(to reply by e-mail set addresses month and year to correct)
ps. damn did send an early draft of this post :)
Re: phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures
am 07.03.2006 15:38:38 von unknown
Post removed (X-No-Archive: yes)
Re: phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures
am 07.03.2006 17:07:12 von comphelp
Juuso Hukkanen writes:
> Best defence against these kinds of bot-members, might be setting up
> honeypot-forums, which the search engines can find but to which there
> are no permanent links from the web. When new bot-members are
> detected, such would be listed at each particular forum makers
> homepage.
I really like the tactic, but I'm confused on how a search engine
might find the honeypot without any permanent link from the web?
Can you give an example? Say, just naming it /forum or something
off the root of a domain?
Thanks for the heads up!
--
Todd H.
http://www.toddh.net/
Re: phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures
am 07.03.2006 17:10:12 von Vampi Fangs
On Tue, 07 Mar 2006 14:53:37 +0200, Juuso Hukkanen
wrote:
>During the last few days a bot using a name FuntKlakow, has been
>registering to at least hundreds (maybe thousands) of phpBB forums.
>
>http://www.google.com/search?hl=com&q=FuntKlakow&btnG=Hae&m eta=
>
>Bot is also capable for posting to forums:
>http://forum.uebimiau.org/search.php?search_author=FuntKlak ow
>http://www.alternativ.ro/forum/search.php?search_author=Fun tKlakow
>
>But most on most forums the bot keeps silent.
>
>Ok, what is a danger?
>Next time the phpBB announces a critical vulnerability, the bot would
>have everything ready (just a post click away) from attacking
>thousands of sites/forums.
nicely malicious ...
the proactive banning of the nefarious FuntKlakow nym seems prudent :)
--
V--V
"It's liberty for all, democracy's our style,
unless you are against us,
then it's prison without trial."
Rolling Stones "Sweet Neo Con"
Re: phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures
am 08.03.2006 10:12:58 von lahippel.at.ieee.org
Leythos wrote:
> In article , juuso_12_2003
> @tele3d.net says...
>> During the last few days a bot using a name FuntKlakow, has been
>> registering to at least hundreds (maybe thousands) of phpBB forums.
>
> What version of PHPBB are you running?
>
> There are known issues with early versions and even known patches for
> later versions.
And then there are those libraries that aren't maintained any more.
http://secunia.com/advisories/19028/
-- Lassi
Re: phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures
am 08.03.2006 12:59:53 von unknown
Post removed (X-No-Archive: yes)