New "Pepotamo1985" hack???

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
Locked
borad
Registered User
Posts: 2
Joined: Tue Apr 06, 2004 11:59 am

New "Pepotamo1985" hack???

Post by borad » Tue Feb 15, 2005 1:12 pm

Just had some posts for a porn site by a "guest" named Pepotamo1985.

My site doesn't allow guests to post, and is up to date (2.0.11 and 4.3.10).

When I search for "Pepotamo1985" in Google I find thousands of sites with the same "See young lesbians play with each other" post in recent days.

Explanation, anyone?

Paul Grayson
Registered User
Posts: 92
Joined: Fri Jul 18, 2003 9:40 am

Post by Paul Grayson » Tue Feb 15, 2005 1:23 pm

Are you sure that Guest posting is disabled - as a quick Google search for that user name reveals that every board he's posted to is open.

To disable Guest posting, the mimimum security for each forum has to be Registered.

faux
Registered User
Posts: 12
Joined: Fri Nov 26, 2004 7:01 pm

Hot steamy lesbians

Post by faux » Tue Feb 15, 2005 3:08 pm

Guest posting is completely disabled on our board and Hot Steamy Lesbians get posted every few hours.

Any ideas on how to block Pep?

tnahm
Registered User
Posts: 13
Joined: Wed Feb 02, 2005 7:18 pm

Post by tnahm » Tue Feb 15, 2005 4:06 pm

Pep has not posted on mine, but I have deleted two "anonymousXXX" (X=random 4 digit number) accounts created in the past two days.

grandslam
Registered User
Posts: 26
Joined: Fri Aug 31, 2001 1:46 pm
Location: Switzerland
Contact:

Post by grandslam » Tue Feb 15, 2005 4:17 pm

i had the same problem :evil:

i denied usernames Pepotamo* . it will help against numer change but if he change the name, the problem already exists.
i wan't deactivate guast post, because usability.

has anyone a idea how we can resolve this with a permanent solution?
grandslam
I could bomb you, I could shoot you, and I could fall on you...
Image
visit: CodeForum.ch

Graham
Former Team Member
Posts: 8462
Joined: Tue Mar 19, 2002 7:11 pm
Location: UK
Contact:

Post by Graham » Tue Feb 15, 2005 7:43 pm

a) TO prevent automated registrations enable the visual confirmation which is present in version 2.0.11

b) Make sure that all of your forums are set to not allow guest posting

c) If you have done both of the above, please provide us with some more information (eg the Suppport Request Template forum at the top of the support forum) to allow us to assist further
"So Long, and Thanks for All the Fish"

phpBB Useful Links: Knowledge Base | Userguide | Forum Search | MOD Database | Styles Database
My Links: Blog!

borad
Registered User
Posts: 2
Joined: Tue Apr 06, 2004 11:59 am

Post by borad » Tue Feb 15, 2005 9:01 pm

Er, my bad, one of my new forum areas was marked as guest only -- I guess that's the default. Maybe when a new area is created, it should by default be the same as the existing areas (assuming, of course, they are all the same), or equal to the "lowest" level of control on the board?

An option to change all permissions at once might be a good idea too.

(I got suckered as my top forum is titled "General", and I thought I was using the previous non-existent feature!)

Pesticidal
Registered User
Posts: 14
Joined: Wed Jul 28, 2004 4:01 pm

Post by Pesticidal » Tue Feb 15, 2005 9:21 pm

I've been getting them, too. I have my board open to guests, and I don't really want to change it, so I'm stuck monitoring it more closely. I have found the guy uses multiple IP addresses, and I'm been putting them on the Banned IP list.

Oddly enough, he did leave register and left an e-mail address. Maybe we should put a bot on the e-mail and flood his account...

vsego
Registered User
Posts: 27
Joined: Sat Mar 22, 2003 3:07 pm
Location: Zagreb, Croatia
Contact:

Post by vsego » Wed Feb 16, 2005 1:24 am

1. Notify Abuse services; I had this dweeb banned from one ISP and am waiting for the other. :D

2. As someone said: banning "Pepotamo*" is a good temporary solution :?

3. I'm considering some kind of (visual?) confirmation for guest post. :) Any known hacks out there?

4. Flooding e-mail account won't help. :evil: But, since this seems to be always for the same site, maybe that site sould be the target? :twisted: ;)
If you don't have the time to do something right, where are you going to find the time to fix it?
Stephen King

User avatar
ChocoboBop
Registered User
Posts: 144
Joined: Wed Sep 01, 2004 6:10 pm

Post by ChocoboBop » Wed Feb 16, 2005 1:41 am

I have the same bot-script posting to my forum. Changes ip, posts anonymously, etc.

Shouldn't phpbb check to see if a registered user id is already taken when someone tries to post anonymously using that same id? I registered the "Pepotamo1985" id on my forum but the script continues to post using that id as anonymous.

*edit*
figured it out ;) I missed the '5' in his user id. My bad.

idav
Registered User
Posts: 4
Joined: Thu Dec 09, 2004 1:38 pm
Location: Kingsport, Tennessee
Contact:

Pepetamo

Post by idav » Wed Feb 16, 2005 1:56 am

Just started to see this pop up on our forum too.

When I search for Pepetamo in Admin there is no user. I did receive an New Account email for activation that shows;

User name: anonymous7800
There is an email address with the user: pepepotamo1986@tierramedia.org
There is also a web site; http://www.anonymous1980.com/

I'm still surprised that a) guest posting is turned off, b), the hack tried to set up an account that was never approved, yet it was able to post the porn reference without activation and a different username than the one submitted.

Puzzled...

kryznic
Registered User
Posts: 98
Joined: Tue Apr 27, 2004 4:19 am
Location: Northwest NJ, Belvidere
Contact:

Post by kryznic » Wed Feb 16, 2005 2:27 am

My forum was hit as well. Only 2 posts though. Going to attempt a upgrade, I was running 2.0.8. Hope the new versions solves this issue. A google search shows a assload of forums hit. 8O


EDIT: Just upon checking my forum permissions, the only forum that had the intruder posts in them was the only forum that a permission of PUBLIC. The rest were all set to REGISTERED or PRIVATE. Hopefully that sheds some light.

PamRamRadio
Registered User
Posts: 104
Joined: Wed Feb 16, 2005 2:36 am
Location: The Pamderosa
Contact:

Post by PamRamRadio » Wed Feb 16, 2005 2:42 am

This bot hit me too. I am running 2.0.6 and I want to upgrade to help stop the porn from hitting my site. I've switched all of my forums to REG, but I have to leave the "Can't post?" forum to PUB. I have a couple of posters who have senior moments and keep forgetting their passwords. :)

I've combed all over these boards looking for a manual on how to upgrade. It's something I have never done before and I need hand holding. Can someone direct me to the right place?

tnahm
Registered User
Posts: 13
Joined: Wed Feb 02, 2005 7:18 pm

Post by tnahm » Wed Feb 16, 2005 2:47 am

Where do you enable the visual confirmation for new accounts? I did not see it in the admin interface. I am using 2.0.11 be the way...

PamRamRadio
Registered User
Posts: 104
Joined: Wed Feb 16, 2005 2:36 am
Location: The Pamderosa
Contact:

Post by PamRamRadio » Wed Feb 16, 2005 3:06 am

I don't see that option on my admin panel. It must be a feature on a higher release then the one I'm running.

Locked

Return to “2.0.x Discussion”