Page 4 of 9

Posted: Thu Feb 17, 2005 3:15 pm
by kryznic
Upgrade to 2.0.11 has worked good. I disabled the boards for about 24 hours while I was trying to fix everything. I dunno if that helped in the bot not being able to gain access and it just gave up or if the upgrade alone made all the difference. Either way looks good.

Posted: Thu Feb 17, 2005 5:06 pm
by bill21128
my forums have been hit for 5 days in a row, each time I had to go in and change the permissions of the forums to stop guest from posting. I thought I had all of them changed and then I find out that this idiot finds one that I missed, but I can also tell you that I have phpbb2 plus 1.5 2.0.11 and I was still getting hit. but since I went into every single topic and changed the permissions I have not had another problem.

Posted: Thu Feb 17, 2005 8:04 pm
by zlisiecki
hi, here I list some first posts from pepo with their IP-s.
1. does anybody know any earlier posts this kind ?
thie interesing thing is that firsts posts had only the contents of "sjfak fjsdk"
2. could anybody help to identify the program, which is spreading such posts ? this could help to prepare the proper mod.
3. does anybody know if and how we could inform the producers of virus scan programs ?
4. i advise you to inform as many search engines as possible

and here is my privat problem : i must alow posting without registration

10.02.2005 12:33 pm 213.194.149.48 sjfak fjsdk
10.02.2005 12:34 pm 213.194.149.48 sjfak fjsdk
10.02.2005 12:39 pm 213.194.149.48
10.02.2005 12:47 pm 213.194.149.48 sjfak fjsdk
10.02.2005 12:47 pm 213.194.149.48 sjfak fjsdk
10.02.2005 02.47 pm 213.194.149.48 sjfak fjsdk
10.02.2005 12:47 pm 213.194.149.48 sjfak fjsdk
12.02.2005 01:26 am 213.194.149.48 sjfak fjsdk
17.02.2005 13:52 am 140.115.184.200
12.02.2005 01:26 am 213.194.149.48
12.02.2005 01:29 am 213.194.149.48
12.02.2005 01:38 am 213.194.149.48
17.02.2005 10:50 am 213.194.149.48
16.02.2005 07:01 pm 207.114.181.2
16.02.2005 07:43 pm 62.180.243.114
16.02.2005 08:35 pm 217.149.184.7
16.02.2005 12:04 pm 202.56.231.117
16.02.2005 12:15 pm 61.19.158.50
16.02.2005 12:23 pm 140.115.184.200
16.02.2005 12:23 pm 168.143.113.114
12.02.2005 10:50 am 213.194.149.48
17.02.2005 12:24 am 168.143.113.113
17.02.2005 12:26 am 195.205.230.170
17.02.2005 06:31 am 194.242.232.31
17.02.2005 6:35 am 203.112.194.85

Re: Pepetamo

Posted: Fri Feb 18, 2005 12:45 am
by Trix Anderson
idav wrote: Just started to see this pop up on our forum too.

When I search for Pepetamo in Admin there is no user. I did receive an New Account email for activation that shows;

User name: anonymous7800
There is an email address with the user: pepepotamo1986@tierramedia.org
There is also a web site; http://www.anonymous1980.com/

I'm still surprised that a) guest posting is turned off, b), the hack tried to set up an account that was never approved, yet it was able to post the porn reference without activation and a different username than the one submitted.

Puzzled...


Hi all.. new here.. I registered just cause I'm a frequent forums user and our admin keeps posting links to here. Anyway. I'm just wondering how many got pepepotamo1985 instead of 1986, or got the anonyous whatever... just curious. The fact that this thing flooded our boards has really got me pissed. Although, I did notice on the first day that there was only one post, then they became more frequent. Perhaps it was testing the system?

Posted: Fri Feb 18, 2005 2:53 am
by vsego
otseng wrote: OK, I created a quick little hack to try to stop bot anonymous postings. More info here.


I've made visual confirmation, with much help from your own code. 8) Thank you! :D

Posted: Fri Feb 18, 2005 5:12 am
by Kanuck
I'm about halfway finished a MOD to implement visual confirmation identical to that already found in user registration, if anyone's interested. It's on the way.

Posted: Fri Feb 18, 2005 5:47 am
by Kanuck
Edit: Visual Confirmation for Guests
It works. No new tables, no GD or ImageMagick, no fuss.

gpvc.php on line 40

Posted: Fri Feb 18, 2005 2:20 pm
by Clive
I am receiving the following error after adding the code and running gpvc.php?gpvc=1 in the browser.


Fatal error: Call to undefined function: imagecreate() in c:\program files\apache group\apache\htdocs\forum\gpvc.php on line 40

arialbd.ttf <---- does that file sit on the root of the /forum?

Thanks

Posted: Fri Feb 18, 2005 3:11 pm
by t0m|ta
I'm having a similar problem for a week now, only I have not open guest posting and the do not post, the just ran around 300-500 users at a time. My hosting has closed down my site without prior notice :-(

I'll be changing servers but ¿do I have to put the site to registered members only?

i've posted this here, the problem being similar, I hope is correct.

Re: gpvc.php on line 40

Posted: Fri Feb 18, 2005 3:47 pm
by vsego
Clive wrote: I am receiving the following error after adding the code and running gpvc.php?gpvc=1 in the browser.
Fatal error: Call to undefined function: imagecreate() in c:\program files\apache group\apache\htdocs\forum\gpvc.php on line 40


That means you do not have GD extension installed. :(

I like my solution, but frankly, Kanuck's is better because it does not rely on GD and FreeType like my own code. :)
Clive wrote: arialbd.ttf <---- does that file sit on the root of the /forum?


Yes, but you can change it if you want. 8) Just change the path to it in gpvc.php. :)

Re: PamRamRadio

Posted: Fri Feb 18, 2005 5:26 pm
by PamRamRadio
Clive wrote: PamRamRadio upgrading to 2.0.11. is too easy... get the changed files only and expand in a folder then find the 2.0.6_to_2.0.11 and expand it ... then copy the files that are there to the proper folders ,,, take the install and run it after you have over written the files provided in the 2.0.6_to_2.0.11


I like to look five times before leaping. Thanks for putting the upgrade into plain language for me. That helped me very much.

Axe-o-lant

Posted: Fri Feb 18, 2005 9:39 pm
by Clive
I was not able to get Kanucks code working and the code that needed the GD was not on my localhost so I took the chance and uploaded the files to the Telus server where I have all the features that they offer and presto it works, I should have known better I don’t get many problems on that server it is very large and always upgrading.

So I figured I should stop by and say thanks so thanks for the effort folks it pays off fast on this site. Too bad windows wasn’t open source then it would work…

An Idea

Posted: Fri Feb 18, 2005 9:47 pm
by Clive
I should have placed this in the above message but it is an idea:

I run a literary site and some of the people are visually impaired and I was wondering if a button on the post as guest mod could have an impaired button that would expand the code so it is easier to see just a thought never a demand… lol… or a recording that when clicked would say please enter the number five – five – seven – five – nine - …
Just my mind set loose…

Thanks

Posted: Fri Feb 18, 2005 10:10 pm
by vsego
Or you can comment out calls (two of them) of gpvc_drawPixels(...) in gpvc_generatePNG(...). 8) This is added to confuse OCRs, but I don't think some spammer will bother with OCR soon, especially because we have three different solutions out there and most people using my or Kanuck's code will keep the blur... ;)

And even if spammer successfully used OCR with my code, it would prevent him/her from spoofing IP, hence making it easy to get him/her. :D

Hope this helped :)

Posted: Sat Feb 19, 2005 2:52 am
by Jackanape
So, this isn't a worm, right? Just some clever spammer? Because I may just leave the registered name in my database...the bot can't click the link in the authorization email, so it doesn't seem to have affected me yet...

Just tell me it ain't a worm.

And mean it.