| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b7bc1b1f041226035723dd3b58@mail.gmail.com> From: uberguidoz at gmail.com (GuidoZ) Subject: Suspect phpBB users > We have since upgraded, but among our new users over the last few days > have been a Weber361, a Weber395, and a nderevyanko. > Googling the last user name, I've found 4,900 references?most with > guestbooks or forums?to which nderevyanko has signed up. He has been > preceded by a few Webers, and some Irenas, often citing that > killhim.boom.ru is their home page. I also noticed that the "nderevyanko" user has put up a number of posts to sites with the same text: http://nderevyanko.narod.ru/ greets you. Came into my website! My site is better then this one! I'll give you free money! *OR* http://softexpert.atspace.com tell you about Egypt pyramids! My ICQ : 294168488 Contact me asap! I'll give you a free gift! A good example: - http://proxy2.de/guestbook/ Another chunk of similar posts look like this: (From http://www.hermit.com/guestbook/guestbook.html ) http://softexpert.atspace.com tell you about Egypt pyramids! My ICQ : 294168488 Contact me asap! I'll give you a free gift! http://softexpert.atspace.com tell you about Egypt pyramids! My ICQ : 294168488 Contact me asap! I'll give you a free gift! nDerevyanko <nDerevyanko2000@...oo.com> NY, NY USA - Friday, December 24, 2004 at 09:31:44 (EST) http://nderevyanko.narod.ru/ greets you. Came into my website! My site is better then this one! I'll give you free money! http://nderevyanko.narod.ru/ greets you. Came into my website! My site is better then this one! I'll give you free money! nderevyanko <nderevyanko@...l.ru> NY, NY USA - Friday, December 24, 2004 at 08:51:27 (EST) http://nderevyanko.narod.ru/ greets you. Came into my website! My site is better then this one! I'll give you free money! http://nderevyanko.narod.ru/ greets you. Came into my website! My site is better then this one! I'll give you free money! nderevyanko <nderevyanko@...l.ru> NY, NY USA - Friday, December 24, 2004 at 08:51:17 (EST) http://nderevyanko.narod.ru/ greets you. Came into my website! My site is better then this one! I'll give you free money! http://nderevyanko.narod.ru/ greets you. Came into my website! My site is better then this one! I'll give you free money! nderevyanko <nderevyanko@...l.ru> NY, NY USA - Friday, December 24, 2004 at 08:51:16 (EST) There is obviously something not right about this user. It could be a spam bot hoping to create Google spam to the website. It could be related to the exploits. I haven't visited the listed website(s) yet to see what they hold. Maybe tomorrow. =) -- Peace. ~G On Sat, 25 Dec 2004 18:54:17 -0500, Jack Yan <jack.yan@...net.com> wrote: > Dear Full-Disclosure members: > > I am not a computer expert, just a regular Joe who hopes this information > may be useful to you. > We are running phpBB and last week, a DoS attack was launched against us. > We have since upgraded, but among our new users over the last few days > have been a Weber361, a Weber395, and a nderevyanko. > Googling the last user name, I've found 4,900 references?most with > guestbooks or forums?to which nderevyanko has signed up. He has been > preceded by a few Webers, and some Irenas, often citing that > killhim.boom.ru is their home page. > I have heard that there is a phpBB worm doing the rounds over the > holidays, and wonder if this is related in some way. > My hosting company recommended this list and I hope members, being far > better versed on these matters than me, can get word out. > Other than the frequency with which the Webers and nderevyanko have > signed up to thousands of sites over the last few days, I've no proof that > they are malicious?but since the DoS attack I am on alert. > I hope this information is useful and that this has been a post that's > considered on-topic. > > Yours sincerely, > > Jack Yan, LL B, BCA (Hons.), MCA <http://jackyan.com> > CEO, Jack Yan & Associates <http://jya.net/> > CEO, Lucire LLC <http://www.lucire.net> > > Lucire, the global fashion magazine: <http://www.lucire.com> > Visit Beyond Branding, <http://www.beyond-branding.com>?in its second printing > > ---------- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists