Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bot Herders Ready Attack Against Message Forums


  • Please log in to reply
5 replies to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:11 PM

Posted 21 March 2006 - 11:23 AM

The SANS Institute's Internet Storm Center (ISC) noted that a bot going by the name "FuntKlakow" has registered on thousands of phpBB forums. Speculating, ISC analyst Marcus Sachs noted that the bot's owner(s) may be preparing to exploit a zero-day vulnerability against the popular php bulletin board software.

securitypipeline.com
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#2 rms4evr

rms4evr

  • Members
  • 812 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:East Coast
  • Local time:09:11 PM

Posted 21 March 2006 - 11:55 AM

Um...does this mean we're hosed? I hope not :thumbsup: !!

#3 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:08:11 PM

Posted 21 March 2006 - 01:51 PM

No rms4evr

Bleeping Computer is I believe Invision Power Board.
And PHP is an entirely different board software.
Though it still not good news at all, for those that use PHP.
Posted Image

#4 rms4evr

rms4evr

  • Members
  • 812 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:East Coast
  • Local time:09:11 PM

Posted 21 March 2006 - 11:52 PM

Good :thumbsup: ...but your right...most forums I've seen out there use PHP...and they could be in big trouble.

#5 cowsgonemadd3

cowsgonemadd3

    Feed me some spyware!


  • Banned
  • 4,557 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 22 March 2006 - 12:13 AM

Yes it is invision power board so that is good news!

"Invision Power Board v2.1.4 2006 IPS, Inc."

#6 Security Geek

Security Geek

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 22 March 2006 - 01:19 AM

We're recommending if forum admins see this user registered that they leave the account but disable it or change the password. That will keep this bot from simply reregistering the user if the account is deleted. Apparently you need to be running the phpBB forum software, not just a forum application that uses the PHP language. The exploit will need an attack vector and its probably doing that through an unpublished hole in the phpBB code (though no one is sure yet).




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users