phpBB forums vulnerable to attack

rohan · 07-08-2006, 06:53 PM

Recently a bot using the name FuntKlakow, has been registering to at least hundreds (maybe thousands) of phpBB forums. It is susspected that the bot will take advantage of an exploit in phpBB froums, that might not be known yet. In other words the next time phpBB announces a critical vulnerability, the bot would have everything ready (just a post away) from attacking thousands of sites/forums.

The Defence

Best defence against these kinds of bot-members, might be setting up honeypot-forums, which the search engines can find but to which there are no permanent links from the web. When new bot-members are detected, such would be listed at each particular forum makers homepage.
When a bot would then try to register to a forum, the forum program would check the user/bot inputted user-name (or other characteristics) and if those would match to those catched by a honeypot-forums, registerin such user detais would be eliminated ( and possible IP banned for some time)

Source

iMav · 07-08-2006, 07:31 PM

thanks for the info....

Pathik · 07-08-2006, 08:36 PM

yeah man... thx

damnthenet · 07-08-2006, 09:39 PM

Good info

iMav · 07-08-2006, 10:10 PM

Quote:

Originally Posted by phpBB Support Team

that bot is very very old news Smile it is not hacking, it is nothing mre than a spam bot. First you need to make sure your boards are up to date, then stop guest posting and set account activation to at least "user". You will need to turn on Visual confirmation. If after doing this you find that some spambots are still getting through there are other changes you can make to stop them, alot of these methods are talked about in this topic

http://www.phpbb.com/phpBB/viewtopic.php?p=1404100

chill guys .... it seems that phpbb has it covered!!! ....phpbb rules

knight17 · 08-08-2006, 05:54 AM

Avoid its registration using "images" while signig up..
I think you got the idea

rohan · 08-08-2006, 10:05 AM

@knight17: hmm.. what's that called..... it's on my tounge.... ohh... yes... Image verification. That'll help.

nik_for_you · 08-08-2006, 06:55 PM

nice info.. but i dont think this bot is dangerous !! what next after registering to forum ?

blackpearl · 08-08-2006, 08:30 PM

phpbb has got tons of vulnerablities.

iMav · 08-08-2006, 09:45 PM

Quote:

Originally Posted by blackpearl

phpbb has got tons of vulnerablities.

.... which can b avoided if proper care is taken

Venom · 08-08-2006, 09:52 PM

Quote:

Originally Posted by nik_for_you

nice info.. but i dont think this bot is dangerous !! what next after registering to forum ?

What if it registers all possible nicks on your forum eh?

nik_for_you · 11-08-2006, 02:11 PM

thats right buddy.. I cnt give this nick to sillt bot

07-08-2006, 06:53 PM	#1 (permalink)
rohan In The Zone Join Date: Mar 2004 Location: Bangalore Posts: 297	phpBB forums vulnerable to attack Recently a bot using the name FuntKlakow, has been registering to at least hundreds (maybe thousands) of phpBB forums. It is susspected that the bot will take advantage of an exploit in phpBB froums, that might not be known yet. In other words the next time phpBB announces a critical vulnerability, the bot would have everything ready (just a post away) from attacking thousands of sites/forums. The Defence Best defence against these kinds of bot-members, might be setting up honeypot-forums, which the search engines can find but to which there are no permanent links from the web. When new bot-members are detected, such would be listed at each particular forum makers homepage. When a bot would then try to register to a forum, the forum program would check the user/bot inputted user-name (or other characteristics) and if those would match to those catched by a honeypot-forums, registerin such user detais would be eliminated ( and possible IP banned for some time) Source __________________ If there wasn't greed, we still would have been single-celled organisms.

07-08-2006, 07:31 PM	#2 (permalink)
iMav The Devil's Advocate Join Date: Mar 2006 Location: Masti Ki Paathshaala Posts: 7,015	Re: phpBB forums vulnerable to attack thanks for the info.... __________________ "The problem that shows up with the three red lights on the console is a complex interaction with some very complex parts.” - Robbie Bach http://beingmanan.com twitter: manan \| Last.FM: manan

07-08-2006, 08:36 PM	#3 (permalink)
Pathik Google Bot Join Date: Aug 2005 Posts: 9,751	Re: phpBB forums vulnerable to attack yeah man... thx

07-08-2006, 09:39 PM	#4 (permalink)
damnthenet In The Zone Join Date: Apr 2005 Location: Chennai Posts: 221	Re: phpBB forums vulnerable to attack Good info __________________ Sony Xperia Neo V - Review and Discussion Thread: http://www.thinkdigit.com/forum/mobi...ml#post1520514

08-08-2006, 05:54 AM	#6 (permalink)
knight17 In The Zone Join Date: Oct 2005 Location: Kerala Posts: 312	Re: phpBB forums vulnerable to attack Avoid its registration using "images" while signig up.. I think you got the idea __________________ "It's not a silly question if you can't answer it." Sophie's World [ http://en.wikipedia.org/wiki/Sophie's_World ]

Popular Categories

Popular Articles

Content Categories

Sister Sites

Follow Us

Facebook Channels

Digit Magazine

	Advertisements. Register and be a member of the community to get rid of them.
Advertisement

08-08-2006, 10:05 AM	#7 (permalink)
rohan In The Zone Join Date: Mar 2004 Location: Bangalore Posts: 297	Re: phpBB forums vulnerable to attack @knight17: hmm.. what's that called..... it's on my tounge.... ohh... yes... Image verification. That'll help. __________________ If there wasn't greed, we still would have been single-celled organisms.

08-08-2006, 06:55 PM	#8 (permalink)
nik_for_you In The Zone Join Date: Apr 2004 Location: Paris Posts: 313	Re: phpBB forums vulnerable to attack nice info.. but i dont think this bot is dangerous !! what next after registering to forum ? __________________ I AM REBEL

08-08-2006, 08:30 PM	#9 (permalink)
blackpearl The Devil Join Date: Feb 2006 Location: 0x02AE88C6FF Posts: 966	Re: phpBB forums vulnerable to attack phpbb has got tons of vulnerablities.

11-08-2006, 02:11 PM	#12 (permalink)
nik_for_you In The Zone Join Date: Apr 2004 Location: Paris Posts: 313	Re: phpBB forums vulnerable to attack thats right buddy.. I cnt give this nick to sillt bot __________________ I AM REBEL

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode