phpBB forums vulnerable to attack

Discussion in 'Technology News' started by rohan, Aug 7, 2006.

Thread Status:
Not open for further replies.
  1. rohan

    rohan New Member

    Joined:
    Mar 8, 2004
    Messages:
    299
    Likes Received:
    6
    Trophy Points:
    0
    Location:
    Bangalore
    Recently a bot using the name FuntKlakow, has been registering to at least hundreds (maybe thousands) of phpBB forums. It is susspected that the bot will take advantage of an exploit in phpBB froums, that might not be known yet. In other words the next time phpBB announces a critical vulnerability, the bot would have everything ready (just a post away) from attacking thousands of sites/forums.

    The Defence

    Best defence against these kinds of bot-members, might be setting up honeypot-forums, which the search engines can find but to which there are no permanent links from the web. When new bot-members are detected, such would be listed at each particular forum makers homepage.
    When a bot would then try to register to a forum, the forum program would check the user/bot inputted user-name (or other characteristics) and if those would match to those catched by a honeypot-forums, registerin such user detais would be eliminated ( and possible IP banned for some time)

    Source
     
  2. iMav

    iMav The Devil's Advocate

    Joined:
    Mar 28, 2006
    Messages:
    7,004
    Likes Received:
    11
    Trophy Points:
    0
    Location:
    Masti Ki Paathshaala
    thanks for the info....
     
  3. Pathik

    Pathik Google Bot

    Joined:
    Aug 28, 2005
    Messages:
    9,747
    Likes Received:
    20
    Trophy Points:
    0
    yeah man... thx
     
  4. damnthenet

    damnthenet New Member

    Joined:
    Apr 20, 2005
    Messages:
    225
    Likes Received:
    4
    Trophy Points:
    0
    Location:
    Chennai
    Good info
     
  5. iMav

    iMav The Devil's Advocate

    Joined:
    Mar 28, 2006
    Messages:
    7,004
    Likes Received:
    11
    Trophy Points:
    0
    Location:
    Masti Ki Paathshaala
    chill guys .... it seems that phpbb has it covered!!! ....phpbb rules
     
  6. knight17

    knight17 New Member

    Joined:
    Oct 16, 2005
    Messages:
    314
    Likes Received:
    2
    Trophy Points:
    0
    Location:
    Kerala
    Avoid its registration using "images" while signig up..
    I think you got the idea:p
     
  7. OP
    OP
    rohan

    rohan New Member

    Joined:
    Mar 8, 2004
    Messages:
    299
    Likes Received:
    6
    Trophy Points:
    0
    Location:
    Bangalore
    @knight17: hmm.. what's that called..... it's on my tounge.... ohh... yes... Image verification. That'll help.
     
  8. nik_for_you

    nik_for_you New Member

    Joined:
    Apr 21, 2004
    Messages:
    313
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Paris
    nice info.. but i dont think this bot is dangerous !! what next after registering to forum ?
     
  9. blackpearl

    blackpearl The Devil

    Joined:
    Feb 15, 2006
    Messages:
    1,082
    Likes Received:
    35
    Trophy Points:
    48
    Location:
    0x02AE88C6FF
    phpbb has got tons of vulnerablities.
     
  10. iMav

    iMav The Devil's Advocate

    Joined:
    Mar 28, 2006
    Messages:
    7,004
    Likes Received:
    11
    Trophy Points:
    0
    Location:
    Masti Ki Paathshaala
    .... which can b avoided if proper care is taken
     
  11. Venom

    Venom New Member

    Joined:
    Jun 13, 2006
    Messages:
    240
    Likes Received:
    2
    Trophy Points:
    0
    What if it registers all possible nicks on your forum eh?
     
  12. nik_for_you

    nik_for_you New Member

    Joined:
    Apr 21, 2004
    Messages:
    313
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Paris
    thats right buddy.. I cnt give this nick to sillt bot
     
Thread Status:
Not open for further replies.

Share This Page