BleepingComputer.com: Bot Herders Ready Attack Against Message Forums

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Bot Herders Ready Attack Against Message Forums

#1 User is offline   quietman7 

  • Bleepin' Janitor
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Global Moderator
  • Posts: 25,111
  • Joined: 09-July 05
  • Location:Virginia, USA

Posted 21 March 2006 - 11:23 AM

Quote

The SANS Institute's Internet Storm Center (ISC) noted that a bot going by the name "FuntKlakow" has registered on thousands of phpBB forums. Speculating, ISC analyst Marcus Sachs noted that the bot's owner(s) may be preparing to exploit a zero-day vulnerability against the popular php bulletin board software.

securitypipeline.com
Microsoft MVP - Consumer Security 2007-2012 Posted Image
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#2 User is offline   rms4evr 

  • Distinguished Member
  • PipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 811
  • Joined: 11-October 05
  • Gender:Female
  • Location:East Coast

Posted 21 March 2006 - 11:55 AM

Um...does this mean we're hosed? I hope not :thumbsup: !!

#3 User is offline   Scarlett 

  • Bleeping Diva
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 7,479
  • Joined: 25-April 04
  • Gender:Female
  • Location:As always I'm beside myself ;)

Posted 21 March 2006 - 01:51 PM

No rms4evr

Bleeping Computer is I believe Invision Power Board.
And PHP is an entirely different board software.
Though it still not good news at all, for those that use PHP.
Posted Image

#4 User is offline   rms4evr 

  • Distinguished Member
  • PipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 811
  • Joined: 11-October 05
  • Gender:Female
  • Location:East Coast

Posted 21 March 2006 - 11:52 PM

Good :thumbsup: ...but your right...most forums I've seen out there use PHP...and they could be in big trouble.

#5 User is offline   cowsgonemadd3 

  • Feed me some spyware!
  • Find Topics
  • Group: Banned
  • Posts: 4,557
  • Joined: 18-July 04

Posted 22 March 2006 - 12:13 AM

Yes it is invision power board so that is good news!

"Invision Power Board v2.1.4 © 2006 IPS, Inc."

#6 User is offline   Security Geek 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 39
  • Joined: 10-March 06

Posted 22 March 2006 - 01:19 AM

We're recommending if forum admins see this user registered that they leave the account but disable it or change the password. That will keep this bot from simply reregistering the user if the account is deleted. Apparently you need to be running the phpBB forum software, not just a forum application that uses the PHP language. The exploit will need an attack vector and its probably doing that through an unpublished hole in the phpBB code (though no one is sure yet).
NIST.org- It's not enough to be secure, you have to prove you're secure.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users