New "Pepotamo1985" hack???

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
vsego
Registered User
Posts: 27
Joined: Sat Mar 22, 2003 3:07 pm
Location: Zagreb, Croatia
Contact:

Post by vsego »

To all those cravaing for solution, read few posts before - three mods have come out of this Hell... :roll:

@The_Systech: AFAIK, referals are not always (correctly) sent by the browser, so legitimite users might experience problems as well. :(
If you don't have the time to do something right, where are you going to find the time to fix it?
Stephen King
PaulHB
Registered User
Posts: 31
Joined: Mon Jan 17, 2005 2:20 am

Post by PaulHB »

Einstein wrote:
PaulHB wrote: As previously mentioned in this thread it's not that difficult to teach a bot to respond to a verification e-mail. Of course it does mean a valid (if not stolen) e-mail address is needed, so banning that will work until a new address is put in.

I experienced that today ... a bot did register but didn't send any messages. It's time for visual confirmation.


I must revise what I said - the one forum that got a post was set to allow guests to post. It was one of two that were miss-configured.

There was a registration that had not been activated yet.

That said, getting a bot reply to an e-mail could be done, and with a pool of throwaway e-mails it could be a real mess. So I'm going to leave visual confirmation on and skip that disaster when it comes.

<>< Paul
Kanuck
Former Team Member
Posts: 2791
Joined: Thu Jul 05, 2001 9:33 pm
Location: Toronto, Ontario

Post by Kanuck »

Since a lot of people seem to have missed it, this problem can be combatted easily by implementing visual confirmation for guest posters; any administrators arguing that their boards don't allow guest posting yet continue to be compromised, I'd really appreciate a link to those spam posts.

Download the Visual Confirmation for Guests MOD here, and let me know if it causes any issues. PMs are fine, it isn't as if I get many at all.
Kanuck
Former phpBB.com team member
Soul Tsukino
Registered User
Posts: 56
Joined: Fri Oct 24, 2003 4:29 pm

Post by Soul Tsukino »

I seem to have that as well. I noticed a new user registered to my board (Something that doesn't happen very often) looked up the email on google and found this thread and a bunch like them. All my subforums are registered members only so no posts, but thanks for making me aware before the problem presented itself
RebirthSephiroth
Registered User
Posts: 208
Joined: Sun Jul 27, 2003 3:39 am
Location: Saratoga Springs, New York
Contact:

Post by RebirthSephiroth »

Does anyone know if this bot/script can use the quick reply hack(s)? I've installed the visual confirmation, but guests can post without the confirm via quick reply.
-Zeno McDohl aka RebirthSephiroth
http://www.biyg.org/forums/
AmandaH
Registered User
Posts: 55
Joined: Sun May 16, 2004 12:24 am

Post by AmandaH »

Well, I have to say I'm relieved I'm not the only one having this problem. He registered 4-5 "anonymousXXXX" accounts in one visit, but they require activation, so I just deleted them. I banned "anonymous*" as a username, but the one guest board I have is specifically for people who are having problems with the registration process or logging in, so I can't really close it to guests.

Re: reporting him...To my ISP? Or his? Or to whom would I report that? Will it make any difference anyway?
Last edited by AmandaH on Wed Feb 23, 2005 3:13 pm, edited 1 time in total.
User avatar
Latinus
Registered User
Posts: 166
Joined: Mon Jul 08, 2002 7:25 pm
Location: Fr

Post by Latinus »

Before I've completely disabled guest-posting on my board, Pepotamo1985 has posted several "young lesbian" messages.
After I've disabled guest-posting, we do not receive such messages anymore.

So, for user-friendly reasons, we would like to enable guest-posting on some categories.
Is there any easy way to block this "guy" even if guest-posting is allowed ?

regards,
Lat
vsego
Registered User
Posts: 27
Joined: Sat Mar 22, 2003 3:07 pm
Location: Zagreb, Croatia
Contact:

Post by vsego »

RebirthSephiroth wrote: Does anyone know if this bot/script can use the quick reply hack(s)? I've installed the visual confirmation, but guests can post without the confirm via quick reply.


QR is just a fancy way to quickly reply. :? It's a matter of interface, but the actual posting is done by the sam posting.php. 8) Hence, if you have VC for guest posts, your quick replys shouldn't work. :(

If you were talking about VC for new accounts, then you are at risk on all subforums allowing guests. :(

@Latinus: Please, read this thread, or at least last Kanuck's post. :roll:
If you don't have the time to do something right, where are you going to find the time to fix it?
Stephen King
User avatar
Latinus
Registered User
Posts: 166
Joined: Mon Jul 08, 2002 7:25 pm
Location: Fr

Post by Latinus »

vsego wrote: @Latinus: Please, read this thread, or at least last Kanuck's post. :roll:

sorry :oops:
User avatar
Latinus
Registered User
Posts: 166
Joined: Mon Jul 08, 2002 7:25 pm
Location: Fr

Post by Latinus »

Kanuck wrote: Download the Visual Confirmation for Guests MOD here, and let me know if it causes any issues. PMs are fine, it isn't as if I get many at all.



I'll add it this evening (GMT+1) , and I'll give you a feedback if there's any issue.

Lat
Spreegem
Registered User
Posts: 16
Joined: Thu Feb 12, 2004 1:23 pm
Location: In front of my computer
Contact:

Post by Spreegem »

I also got that a couple times, I removed all my guest forums. I haven't had any trouble since.
RebirthSephiroth
Registered User
Posts: 208
Joined: Sun Jul 27, 2003 3:39 am
Location: Saratoga Springs, New York
Contact:

Post by RebirthSephiroth »

vsego wrote:
RebirthSephiroth wrote:Does anyone know if this bot/script can use the quick reply hack(s)? I've installed the visual confirmation, but guests can post without the confirm via quick reply.


QR is just a fancy way to quickly reply. :? It's a matter of interface, but the actual posting is done by the sam posting.php. 8) Hence, if you have VC for guest posts, your quick replys shouldn't work. :(

If you were talking about VC for new accounts, then you are at risk on all subforums allowing guests. :(

@Latinus: Please, read this thread, or at least last Kanuck's post. :roll:


*nod* Just found that out. Quick reply will direct to the posting page saying the VC is wrong. So it's all fine. Guests just can't use QR. I feel that this is better than simply disabling guest posting.
-Zeno McDohl aka RebirthSephiroth
http://www.biyg.org/forums/
Kanuck
Former Team Member
Posts: 2791
Joined: Thu Jul 05, 2001 9:33 pm
Location: Toronto, Ontario

Post by Kanuck »

Is there a single Quick Reply MOD that everybody uses, or a whole whack of them? Either way, it's just a matter of inserting code into the Quick Reply template that's similar to the code that lies on your posting template.
Kanuck
Former phpBB.com team member
vsego
Registered User
Posts: 27
Joined: Sat Mar 22, 2003 3:07 pm
Location: Zagreb, Croatia
Contact:

Post by vsego »

RebirthSephiroth wrote: Guests just can't use QR. I feel that this is better than simply disabling guest posting.


:idea: You could add VC to QR as well. 8) Or hide "Submit" (leaving only "Preview") button from guests. :D

Don't ask me how - I don't use QR, as I believe it increases chit-chat which instead of discussions. :|
If you don't have the time to do something right, where are you going to find the time to fix it?
Stephen King
TomP
Registered User
Posts: 5
Joined: Wed Feb 23, 2005 3:12 pm

User Table Deleted by Hacker

Post by TomP »

I posted this in another forum and was directed here. Sounds like I am the victim of the same bot/person as all of you. However, after locking down my forums and disabling the account that it/he tried to register, my user table got deleted. Has anyone else been hit with this?

Below is my post in the other thread:
I have been fighting a spammer on my forum, and now it appears that he has deleted my phpbb_users table. Below is what I get when I go to my forum. Anyone now how to fix this and how to prevent this from happening again? AND yes, my host is the same as everyone else that is having problems.

Quote:
phpBB : Critical Error

Could not obtain lastvisit data from user table

DEBUG MODE

SQL Error : 1146 Table 'xxxxxxx_xmb1.phpbb_users' doesn't exist

SELECT * FROM phpbb_users WHERE user_id = -1

Line : 62
File : /home/xxxxxx/public_html/forum/includes/sessions.php


I replaced some of the information with x.

Thanks in advance for your help.
Locked

Return to “2.0.x Discussion”