New "Pepotamo1985" hack???

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
Skyy04
Registered User
Posts: 164
Joined: Tue Jul 06, 2004 9:46 pm
Location: Canada
Contact:

Post by Skyy04 »

that feature is in phpbb3...

and there is instructions about upgrading in the install manual its really easy if u have an unmodified phpbb. If your phpbb is modified its still fairly simple!
kryznic
Registered User
Posts: 98
Joined: Tue Apr 27, 2004 4:19 am
Location: Northwest NJ, Belvidere
Contact:

Post by kryznic »

Skyy04 wrote: that feature is in phpbb3...

and there is instructions about upgrading in the install manual its really easy if u have an unmodified phpbb. If your phpbb is modified its still fairly simple!


phpbb3???? Now I'm really confused. :?
User avatar
PernWebGoddess
Registered User
Posts: 40
Joined: Tue Nov 19, 2002 12:33 am

Post by PernWebGoddess »

We have been getting absolutely bombarded in the last day or so. Multiple, wildly different IP addresses, so banning them does no good. I had open posting because our server has major login issues, but I'm having to lock it down for now.

We're not talking one or two posts here...two or three, in each forum, and we have more than a dozen.

I just tried the wildcard username ban, so hopefully that'll help.
vsego
Registered User
Posts: 27
Joined: Sat Mar 22, 2003 3:07 pm
Location: Zagreb, Croatia
Contact:

Post by vsego »

The option is standard as of phpBB 2.0.11; before that version, it was part of contrib/ directory. 8)

Btw, it might be that you have it, but your custom style is not showing it. :? Switch to subSilver and go to AP > General Admin > Configuration. 8)
PamRamRadio wrote: I have a couple of posters who have senior moments and keep forgetting their passwords.


:idea: If this is the only reason to allow guests, you might consider adding a single user with publicly available password. 8) But, what's with "Forgot your password?" feature? :|
If you don't have the time to do something right, where are you going to find the time to fix it?
Stephen King
vsego
Registered User
Posts: 27
Joined: Sat Mar 22, 2003 3:07 pm
Location: Zagreb, Croatia
Contact:

Post by vsego »

I'm under attack right now and username bann seems to do the trick... for now. :?

Multiple IPs, but started up at the same time... :evil:
If you don't have the time to do something right, where are you going to find the time to fix it?
Stephen King
User avatar
PernWebGoddess
Registered User
Posts: 40
Joined: Tue Nov 19, 2002 12:33 am

Post by PernWebGoddess »

I'm actually having problems with that option. I have it, I can turn it on, but when I try to rgister a new account, I get an error message saying the visual confirmation code is incorrect, but it never even shows one.

I have a support post in the support forum, if anyone can help.
kryznic
Registered User
Posts: 98
Joined: Tue Apr 27, 2004 4:19 am
Location: Northwest NJ, Belvidere
Contact:

Post by kryznic »

I am again under attack. I did the username wildcard ban, and banned the IP's it used the first time. Now it came back and I had to ban 5 different ip's. It was logging in, logged in, viewing forum, and posting all at the same time under GUEST. I am pretty sure I have guest disabled though. :( This sucks. Trace routes show it coming off the Verio Network? Could they be hosting such an asshat? I should call them tomorrow. :evil:
kryznic
Registered User
Posts: 98
Joined: Tue Apr 27, 2004 4:19 am
Location: Northwest NJ, Belvidere
Contact:

Post by kryznic »

I ran a WHOIS on the domain that is pimping out this garbage on our forums:

Domain Name: HOMEVIDEOX.COM

Administrative Contact:
Ceballos, Fernando asistencia@esatt.com
C/ Pages del Corro, 188, 1-A
Sevilla, Sevilla 41010
ES
34 954991332
Fax:34 954278564


Technical Contact:
Ceballos, Fernando asistencia@esatt.com
C/ Pages del Corro, 188, 1-A
Sevilla, Sevilla 41010
ES
34 954991332
Fax:34 954278564


Record last updated 07-17-2002 09:20:43 AM
Record expires on 04-21-2005
Record created on 04-21-2001

Domain servers in listed order:
CITADEL.ESATT.COM 83.175.213.194
STROGOFF.ESATT.COM 62.175.163.2
Kanuck
Former Team Member
Posts: 2791
Joined: Thu Jul 05, 2001 9:33 pm
Location: Toronto, Ontario

Post by Kanuck »

When he/she spammed one of my forums, I contacted Comcast with the IP address. However, I'm beginning to wonder if this is perhaps a virus doing this? Because of the different IP addresses and such, there really doesn't seem to be a pattern to it.
Kanuck
Former phpBB.com team member
Darth Wong
Registered User
Posts: 2398
Joined: Wed Jul 03, 2002 5:20 am
Location: Toronto, Canada
Contact:

Post by Darth Wong »

It appears to me that somebody created a spambot script and it got distributed to numerous people who want to promote these websites, since I'm getting it from IP addresses all over the world. I got it from an IP address in China, followed by another one from an IP address in the USA.
Not a three-foot tall green gnome in real-life: My home page.
My wretched hive of scum and villainy: http://bbs.stardestroyer.net/
Naiptol
Registered User
Posts: 3
Joined: Wed Feb 16, 2005 8:47 am

Post by Naiptol »

On saturday got that post from address
213.194.149.48
Yesterday got more posts, each of them was from different IP:
213.194.149.48
202.124.224.15
24.73.149.165
203.97.97.130
212.69.247.218
196.203.64.2
61.131.53.109
161.53.86.10
80.164.18.231
207.234.129.95

CodeCrush ip log does not show proxy information for them, except one -
202.124.224.15 uses proxy 202.124.224.20
Kanuck
Former Team Member
Posts: 2791
Joined: Thu Jul 05, 2001 9:33 pm
Location: Toronto, Ontario

Post by Kanuck »

This is really beginning to look like a trojan. Those are coming from such a wild variety of places, it's hard to believe it's a concerted effort by some little porn site.

213.194.149.48 - Spain
202.124.224.15 - Palau
24.73.149.165 - United States
203.97.97.130 - New Zealand
212.69.247.218 - United Kingdom
80.164.18.231 - Denmark

And one reported from China, and a handful of others from the United States as well.
Kanuck
Former phpBB.com team member
spheeris
Registered User
Posts: 13
Joined: Tue Dec 23, 2003 4:37 pm
Location: Paris

Post by spheeris »

We've been attacked several times too.
As they say in the movies, we should ask "who is benefiting from the crime ?" ;)
I suspect the link includes a tracking code to reward the spammer cause it looks like : www.[thesite].com/?skin=22&lang=uk&id=37696
Is it the same id for you too ?
That might be a start... ;)
tobiaseigen
Registered User
Posts: 37
Joined: Sun Apr 14, 2002 2:51 pm
Location: Takoma Park, MD USA
Contact:

Post by tobiaseigen »

Hi -

we're getting lesbians playing together on our forum today too, in all of our open forums. To respond to spheeris - the link has the same id=37696 at the end.

How do you see what IP address a poster is using? There must be something obvious that I'm missing, but I can't see it anywhere.

I've disallowed the username.

Cheers,

Tobias
Kabissa - Space for change in Africa
http://www.kabissa.org
inlineshots
Registered User
Posts: 1
Joined: Sat Feb 12, 2005 1:41 pm

Post by inlineshots »

tnahm wrote: Where do you enable the visual confirmation for new accounts? I did not see it in the admin interface. I am using 2.0.11 be the way...



i found it at one point ..

i think its in general configuration
Locked

Return to “2.0.x Discussion”