| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: barrie at reboot-robot.net (Barrie Dempster) Subject: Suspect phpBB users On Sat, 2004-12-25 at 18:54 -0500, Jack Yan wrote: > Dear Full-Disclosure members: > > I am not a computer expert, just a regular Joe who hopes this information > may be useful to you. > We are running phpBB and last week, a DoS attack was launched against us. > We have since upgraded, but among our new users over the last few days > have been a Weber361, a Weber395, and a nderevyanko. > Googling the last user name, I've found 4,900 references?most with > guestbooks or forums?to which nderevyanko has signed up. He has been > preceded by a few Webers, and some Irenas, often citing that > killhim.boom.ru is their home page. I found 10 such users on my forum at the site in my signature. Attached is a CSV file containing the export from phpbb, they all seem to have the same password. none of them have posted anything. Doesn't look like this is a DoS attack or anything like that I believe it's most likely an attempt at google spamming with the URL they set as their homepage. I'd recommend disabling them and modifying the homepage to your own URL. I wouldn't delete them as if they have a script this would be a sign that the site isn't previously tagged and would then allow them to regenerate. The accounts on my site where created on the 22/23 of December incase that becomes relevant (the site being down leads me to believe this is the end of it) With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ] -------------- next part -------------- A non-text attachment was scrubbed... Name: phpbb_users.csv Type: text/x-comma-separated-values Size: 3333 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050103/47eb73e2/phpbb_users.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050103/47eb73e2/attachment.bin
Powered by blists - more mailing lists