Search found 172 matches

by Taipo
Wed Oct 11, 2006 12:17 am
Forum: 2.0.x Support Forum
Topic: Split from spam topic [*Read The First Post*]
Replies: 777
Views: 14045

Yes probably, but what does that change? Well that means that there are behaviours that these spam scripts/bots/applications do when connecting to a webserver in order to send spam, that a browser does not do. example: a web browser will return a valid cookie and drop an expired one. So if your sec...
by Taipo
Tue Oct 10, 2006 12:00 am
Forum: 2.0.x Support Forum
Topic: Split from spam topic [*Read The First Post*]
Replies: 777
Views: 14045

There is most certainly a lot of concern amongst phpBB administrators, enough for modders to make at least 21 hacks to prevent default flooding. But as you know, it doesn't take much effort for a spammer with knowledge of http headers to packet capture a header and rebuild it in their spammer applic...
by Taipo
Mon Oct 09, 2006 11:52 pm
Forum: 2.0.x Support Forum
Topic: Split from spam topic [*Read The First Post*]
Replies: 777
Views: 14045

Would it be true to say though Marshalrusty that many of the spammer applications, applications used by spammers to post or request data from the webserver are in fact not web browsers, but independant applications, sometimes referred to as 'bots'. In my estimation it would also be true to say that ...
by Taipo
Mon Oct 09, 2006 11:50 pm
Forum: 2.0.x Support Forum
Topic: Forum is locked
Replies: 15
Views: 294

Try editting the database via phpmyadmin
by Taipo
Mon Sep 11, 2006 12:09 am
Forum: 2.0.x Support Forum
Topic: patch for 2.0.19 vulnerabilities
Replies: 25
Views: 1672

a drawback of this system is that legitimate bots like web crawlers won't be able anymore to index protected pages. This can be a severe penalty for your site if protected page are content ones ... a lighter penalty otherwise, since many times phpbb search function results are indexed by search eng...
by Taipo
Fri Mar 24, 2006 1:36 pm
Forum: 2.0.x Support Forum
Topic: hkow to prevent spammers from registering
Replies: 10
Views: 755

Try upgrading to 2.0.19 for starters.


Are you running the latest version of phpBB photoworks?
by Taipo
Fri Mar 24, 2006 1:32 pm
Forum: [2.0.x] MOD Writers Discussion
Topic: A source of forum spam
Replies: 3
Views: 532

Tools designed to auto GET request like search requests, lost password requests, even just the plain old fashioned page request in order to use up cpu time and available sessions. The reality is that it will not go away no matter whether you categorize this as a security thing or not. Example below ...
by Taipo
Fri Mar 17, 2006 9:53 am
Forum: [2.0.x] MOD Writers Discussion
Topic: A source of forum spam
Replies: 3
Views: 532

A source of forum spam

Forum Poster
[SPAM]

For all you mod writers out there concerned about security, you can start having a think about a mod for phpBB that will block this.
by Taipo
Wed Mar 08, 2006 3:27 am
Forum: [2.0.x] MOD Requests
Topic: MOD to record 'HTTP X FORWARDED FOR' information
Replies: 1
Views: 183

The only problem with recording HTTP_FORWARDED_FOR IPs is that proxys do not add that line automatically will pass through any data stipulated as the HTTP_X_FORWARDED_FOR IP Example: x-forwarded-for: Hi Bob The other thing is if there's any web-based display of that information, then it is possible ...
by Taipo
Wed Mar 08, 2006 2:30 am
Forum: 2.0.x Support Forum
Topic: patch for 2.0.19 vulnerabilities
Replies: 25
Views: 1672

That is the reality of being on the net, there are people out there that will go to whatever extent to wreck your stuff, but who cares what their reasons are if there are any at all, if blocking their attempts is a simple include file then take a moment to learn how to do it. Why wait to find your f...
by Taipo
Wed Mar 08, 2006 2:22 am
Forum: 2.0.x Support Forum
Topic: Hacked after 2.0.19 update :(
Replies: 31
Views: 1825

Drift_Girl the only exploit i know of in the latest version is cross site scripting one, go into your admin configuration section and disable HTML if it has been enabled. It is possible that the attacker has posted some malicious code into a post and is stealing your admin password everything you lo...
by Taipo
Wed Mar 08, 2006 2:13 am
Forum: 2.0.x Support Forum
Topic: Hacked after 2.0.19 update :(
Replies: 31
Views: 1825

Exploits have been found in every version of every opensource scripts that ever became popular. Its only a matter of time before one is discovered in phpBB 2.0.19 .20 .21 .999999.

At least by now you should be hoping that the 'walk in and take over everything' type holes would be patched by now.
by Taipo
Wed Mar 08, 2006 1:46 am
Forum: 2.0.x Support Forum
Topic: patch for 2.0.19 vulnerabilities
Replies: 25
Views: 1672

However a DoS is something that can be conducted against anything, to call it a severe security issue is pure exageration on the part of those reporting it on various sites As you well know, DoS attacks of the request flood nature are targeted at the website not just verbatim at the IP address. So ...
by Taipo
Tue Mar 07, 2006 3:18 pm
Forum: 2.0.x Support Forum
Topic: patch for 2.0.19 vulnerabilities
Replies: 25
Views: 1672

I saw phpBB 2.0.19 search.php and profile.php DOS Vulnerability with a high severity but I'm not sure I'm allowed to post the link here. This is the patch I'm waiting for, specifically. The reality is there probably won't be any patches to these issues by phpBB. phpBB have been paying lip service t...
by Taipo
Wed Feb 08, 2006 5:26 pm
Forum: 2.0.x Support Forum
Topic: Spammers or Robots????
Replies: 12
Views: 603

Spammers most likely vannquish. The spamming software they are using probably uses a name database and appends a random number on the end to make sure that as it selects a name from its list, that name then becomes a unique name with the chances being slim that there is a Sally293847 (name plus rand...

Go to advanced search