New "Pepotamo1985" hack???

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
User avatar
ufopsi
Registered User
Posts: 314
Joined: Fri Nov 12, 2004 1:18 pm
Location: Switzerland
Contact:

Post by ufopsi » Wed Feb 23, 2005 10:33 pm

I have been hit by Pepotamo 1985 too. The freak has posted one spam on almost all my forums. I deleted them all, disabled guest posting and made sure confirmation code was on (it was). I've added his nick among the disallowed names too. I'm already using 2.0.11.

Einstein
Registered User
Posts: 247
Joined: Sat Oct 18, 2003 9:48 pm
Location: Finland
Contact:

Re: User Table Deleted by Hacker

Post by Einstein » Wed Feb 23, 2005 10:35 pm

TomP wrote: Sounds like I am the victim of the same bot/person as all of you.

I don't think so ... there's no indication yet that this bot can hack a board. I think you are using an old phpBB version (2.0.10 or earlier) and have been hit by the highlight exploit. You need to upgrade your board to 2.0.12.

TomP
Registered User
Posts: 5
Joined: Wed Feb 23, 2005 3:12 pm

Post by TomP » Wed Feb 23, 2005 11:53 pm

I can't seem to be able to restore my database. Does anyone know the structure of the users table and I can recreate it myself. I don't care about saving existing userids, but I would like to get my forum back up.

Thanks in advance.

BlueRook
Registered User
Posts: 2892
Joined: Wed Mar 10, 2004 2:38 am

Post by BlueRook » Thu Feb 24, 2005 3:07 am

TomP wrote: I can't seem to be able to restore my database. Does anyone know the structure of the users table and I can recreate it myself. I don't care about saving existing userids, but I would like to get my forum back up.

Thanks in advance.


Your best bet would be a recent backup -- or at least a backup that has all your users in it. Barring that you could look in the download under install/schemas and find the DB version you are using. In that is all the SQL needed to set up each table. Just look for the 'CREATE TABLE phpbb_users' area.

vani
Registered User
Posts: 1
Joined: Thu Feb 24, 2005 3:18 am
Location: Finland

Post by vani » Thu Feb 24, 2005 3:33 am

hey.

so, there are others with the same problem. nice to know :) i'm really too tired, can't read all the posts from here but was there an easy way to get rid of Pepotamo1985?

BlueRook
Registered User
Posts: 2892
Joined: Wed Mar 10, 2004 2:38 am

Post by BlueRook » Thu Feb 24, 2005 4:51 am

vani wrote: but was there an easy way to get rid of Pepotamo1985?


The easiest way is to disable guest posting in any of your forums. Barring that there are a couple of Visual Confirmation MOD for posting.

Dstorm11
Registered User
Posts: 20
Joined: Wed Jan 23, 2002 4:28 am
Location: USA
Contact:

Post by Dstorm11 » Thu Feb 24, 2005 2:28 pm

I just installed the Visual Confirmation MOD, it's a small annoyance to guest users (but hey all you have to do is register and login), but hopefully no more Pept...

Einstein
Registered User
Posts: 247
Joined: Sat Oct 18, 2003 9:48 pm
Location: Finland
Contact:

Post by Einstein » Thu Feb 24, 2005 3:47 pm

I'm still trying to find a solution without Visual Confirmation or guest posting disabled.

Have someone analysed the logs enough to know how this bot works? Is the fields on post page populated?

How about adding a secret hidden field on the post page that are checked. Will it still manage to handle it?

How about changing the submit value to something else?

I was also thinking of renaming posting.php ... that will do the trick.

Dstorm11
Registered User
Posts: 20
Joined: Wed Jan 23, 2002 4:28 am
Location: USA
Contact:

Post by Dstorm11 » Thu Feb 24, 2005 4:39 pm

I was a little leery of the Visual confirmation mod, but for my application it will actually serve two purposes:

1. Prevent random SPAMing by bots, etc.
2. Promote people to register and log in, which will help develop the forum community.

It's a win-win for me.

melusine
Registered User
Posts: 1
Joined: Thu Feb 24, 2005 5:21 pm

Post by melusine » Thu Feb 24, 2005 5:31 pm

hello
i 'm french,and sorry for my englisg very bad.
We have the same problem this morning with petamo!!! at "incrediworld.com"

this "petamo" go everywere in the world!!!

we look IP,and it's come from Asia...

and it's not the first time!!!

:evil: :evil: :evil:

User avatar
Latinus
Registered User
Posts: 162
Joined: Mon Jul 08, 2002 7:25 pm
Location: Fr
Contact:

Post by Latinus » Thu Feb 24, 2005 11:28 pm

melusine wrote: hello
i 'm french,and sorry for my englisg very bad.
We have the same problem this morning with petamo!!! at "incrediworld.com"

this "petamo" go everywere in the world!!!

we look IP,and it's come from Asia...

and it's not the first time!!!

:evil: :evil: :evil:


Salut Melusine,
Si tu ne veux pas désactiver l'accès en écriture aux invités, il te faut apporter une petite modification à ton forum :
http://www.phpbb.com/phpBB/viewtopic.php?t=264344
Ce "MOD" ajoute une confirmation visuelle pour tout invité qui désire poster un message (tu peux aller voir su mon forum à quoi cela ressemble).

ho, juste au cas où : passe aussi à la version 2.0.12 si ça n'est pas déjà fait !

TheMarco
Registered User
Posts: 5
Joined: Thu Feb 24, 2005 11:21 pm

Post by TheMarco » Thu Feb 24, 2005 11:34 pm

This kills Pepotamo1985's postings dead without annoying forum users with anything like visual confirms or whatsoever.

http://www.phpbb.com/phpBB/viewtopic.php?t=266636

User avatar
Latinus
Registered User
Posts: 162
Joined: Mon Jul 08, 2002 7:25 pm
Location: Fr
Contact:

Post by Latinus » Thu Feb 24, 2005 11:44 pm

TheMarco wrote: This kills Pepotamo1985's postings dead without annoying forum users with anything like visual confirms or whatsoever.

http://www.phpbb.com/phpBB/viewtopic.php?t=266636


Yes, but it needs to be maintained... and what about many different languages used on phpBB ; is your blacklist ready for it ?
Personally, I prefer to ask a visual confirmation to guests on my board and argue about the benefits of registration.

TheMarco
Registered User
Posts: 5
Joined: Thu Feb 24, 2005 11:21 pm

Post by TheMarco » Thu Feb 24, 2005 11:47 pm

It hardly needs maintenance. It fetches a fresh updated copy of the MT Blacklist masterfile automatically every day. If something passes through you simply occasionally add an expression to the personal blacklist. That's all there's to it.

Also: it doesn't really need language support since forum users don't see ANYTHING of it. Spammers are simply redirected to a page you can configure yourself.

TheMarco
Registered User
Posts: 5
Joined: Thu Feb 24, 2005 11:21 pm

Post by TheMarco » Thu Feb 24, 2005 11:50 pm

To conclude: if you don't like it it's no problem. :) I merely posted here about it's existence because I figured it could be useful to other people than just the admins of the Pivot support forum.

Locked

Return to “2.0.x Discussion”