Page 1 of 9

New "Pepotamo1985" hack???

Posted: Tue Feb 15, 2005 1:12 pm
by borad
Just had some posts for a porn site by a "guest" named Pepotamo1985.

My site doesn't allow guests to post, and is up to date (2.0.11 and 4.3.10).

When I search for "Pepotamo1985" in Google I find thousands of sites with the same "See young lesbians play with each other" post in recent days.

Explanation, anyone?

Posted: Tue Feb 15, 2005 1:23 pm
by Paul Grayson
Are you sure that Guest posting is disabled - as a quick Google search for that user name reveals that every board he's posted to is open.

To disable Guest posting, the mimimum security for each forum has to be Registered.

Hot steamy lesbians

Posted: Tue Feb 15, 2005 3:08 pm
by faux
Guest posting is completely disabled on our board and Hot Steamy Lesbians get posted every few hours.

Any ideas on how to block Pep?

Posted: Tue Feb 15, 2005 4:06 pm
by tnahm
Pep has not posted on mine, but I have deleted two "anonymousXXX" (X=random 4 digit number) accounts created in the past two days.

Posted: Tue Feb 15, 2005 4:17 pm
by grandslam
i had the same problem :evil:

i denied usernames Pepotamo* . it will help against numer change but if he change the name, the problem already exists.
i wan't deactivate guast post, because usability.

has anyone a idea how we can resolve this with a permanent solution?

Posted: Tue Feb 15, 2005 7:43 pm
by Graham
a) TO prevent automated registrations enable the visual confirmation which is present in version 2.0.11

b) Make sure that all of your forums are set to not allow guest posting

c) If you have done both of the above, please provide us with some more information (eg the Suppport Request Template forum at the top of the support forum) to allow us to assist further

Posted: Tue Feb 15, 2005 9:01 pm
by borad
Er, my bad, one of my new forum areas was marked as guest only -- I guess that's the default. Maybe when a new area is created, it should by default be the same as the existing areas (assuming, of course, they are all the same), or equal to the "lowest" level of control on the board?

An option to change all permissions at once might be a good idea too.

(I got suckered as my top forum is titled "General", and I thought I was using the previous non-existent feature!)

Posted: Tue Feb 15, 2005 9:21 pm
by Pesticidal
I've been getting them, too. I have my board open to guests, and I don't really want to change it, so I'm stuck monitoring it more closely. I have found the guy uses multiple IP addresses, and I'm been putting them on the Banned IP list.

Oddly enough, he did leave register and left an e-mail address. Maybe we should put a bot on the e-mail and flood his account...

Posted: Wed Feb 16, 2005 1:24 am
by vsego
1. Notify Abuse services; I had this dweeb banned from one ISP and am waiting for the other. :D

2. As someone said: banning "Pepotamo*" is a good temporary solution :?

3. I'm considering some kind of (visual?) confirmation for guest post. :) Any known hacks out there?

4. Flooding e-mail account won't help. :evil: But, since this seems to be always for the same site, maybe that site sould be the target? :twisted: ;)

Posted: Wed Feb 16, 2005 1:41 am
by ChocoboBop
I have the same bot-script posting to my forum. Changes ip, posts anonymously, etc.

Shouldn't phpbb check to see if a registered user id is already taken when someone tries to post anonymously using that same id? I registered the "Pepotamo1985" id on my forum but the script continues to post using that id as anonymous.

*edit*
figured it out ;) I missed the '5' in his user id. My bad.

Pepetamo

Posted: Wed Feb 16, 2005 1:56 am
by idav
Just started to see this pop up on our forum too.

When I search for Pepetamo in Admin there is no user. I did receive an New Account email for activation that shows;

User name: anonymous7800
There is an email address with the user: pepepotamo1986@tierramedia.org
There is also a web site; http://www.anonymous1980.com/

I'm still surprised that a) guest posting is turned off, b), the hack tried to set up an account that was never approved, yet it was able to post the porn reference without activation and a different username than the one submitted.

Puzzled...

Posted: Wed Feb 16, 2005 2:27 am
by kryznic
My forum was hit as well. Only 2 posts though. Going to attempt a upgrade, I was running 2.0.8. Hope the new versions solves this issue. A google search shows a assload of forums hit. 8O


EDIT: Just upon checking my forum permissions, the only forum that had the intruder posts in them was the only forum that a permission of PUBLIC. The rest were all set to REGISTERED or PRIVATE. Hopefully that sheds some light.

Posted: Wed Feb 16, 2005 2:42 am
by PamRamRadio
This bot hit me too. I am running 2.0.6 and I want to upgrade to help stop the porn from hitting my site. I've switched all of my forums to REG, but I have to leave the "Can't post?" forum to PUB. I have a couple of posters who have senior moments and keep forgetting their passwords. :)

I've combed all over these boards looking for a manual on how to upgrade. It's something I have never done before and I need hand holding. Can someone direct me to the right place?

Posted: Wed Feb 16, 2005 2:47 am
by tnahm
Where do you enable the visual confirmation for new accounts? I did not see it in the admin interface. I am using 2.0.11 be the way...

Posted: Wed Feb 16, 2005 3:06 am
by PamRamRadio
I don't see that option on my admin panel. It must be a feature on a higher release then the one I'm running.