Do spambots specifically target phpBB?

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
Locked
User avatar
undoIT
Registered User
Posts: 21
Joined: Mon Nov 06, 2006 11:04 pm

Do spambots specifically target phpBB?

Post by undoIT » Fri Feb 02, 2007 5:41 pm

I can't believe that I am getting signups from spambots. How did they find my site? I have a demo site for phpBB styles that is completely separate from the main site. There are also some other content management systems but none of those have been getting new user registrations.

I have the activation set to Administrator in the configuration area, but I want to completely prevent new user registrations, since the site is for style demos only. Is there any way I can turn off user registration or make it private, while still keeping the site visible for guests? I've checked through all the settings and can't seem to find where I can change this.

User avatar
Blaine
Registered User
Posts: 83
Joined: Mon Jan 15, 2007 3:07 pm
Location: Atlanta, GA

Post by Blaine » Fri Feb 02, 2007 6:00 pm

Yes. Spambots target phpBB and other board software.

See
http://www.phpbb.com/phpBB/viewtopic.ph ... 08#2768508

User avatar
undoIT
Registered User
Posts: 21
Joined: Mon Nov 06, 2006 11:04 pm

Post by undoIT » Fri Feb 02, 2007 6:13 pm

that's a good read, and infuriating! makes me want to become a white hat hacker and take these suckers down. do they really think they gain business by splurging their crap?

User avatar
Blaine
Registered User
Posts: 83
Joined: Mon Jan 15, 2007 3:07 pm
Location: Atlanta, GA

Re: Do spambots specifically target phpBB?

Post by Blaine » Fri Feb 02, 2007 6:43 pm

undoIT wrote: How did they find my site?

Some people have suggested spammers can find boards by doing a Google search of "Powered by phpBB". Databases with listings of phpboards are distributed.

Edit: For $495 you get a bundle that includes
Software package includes a databases with links to more than 102,000 forums.

Software is able to work with lots of different types of forums and guestbooks: phpBB and PHP-Nuke with any modifications, yaBB, VBulletin, Invision Power Board, IconBoard, UltimateBB, exBB, phorum.org, wiki, different types of bulletin boards and even custom-written code.
Last edited by Blaine on Fri Feb 02, 2007 10:38 pm, edited 1 time in total.

User avatar
Jim_UK
Former Team Member
Posts: 18478
Joined: Tue Oct 12, 2004 5:36 pm
Location: Darwen N.West UK

Post by Jim_UK » Fri Feb 02, 2007 7:11 pm

I believe the question was do spambots specifically target phpBB and I believe the answer to that to be no. I think they will follow all links to every BB they can find to try and gain access to post their rubbish.
I recall a while back someone coming on and saying that he had a spambot by such and such a name register and that it was attacking phpBB2 boards.
I Googled tha spambots name and sure enough it had registered on 1000's of phpBB2 boards but it had also registered on VBulletin, SMF and others.

All this concern about spambots when one simple mod will stop them.

Jim
The truth is out there.
Unfortunately they will not let you anywhere near it!

User avatar
Dog Cow
Registered User
Posts: 2495
Joined: Fri Jan 28, 2005 12:14 am
Contact:

Post by Dog Cow » Fri Feb 02, 2007 9:58 pm

undoIT wrote: that's a good read, and infuriating! makes me want to become a white hat hacker and take these suckers down. do they really think they gain business by splurging their crap?


They're fueled by ignorance.

Hard to believe, but there are actually people who do click the links, read the messages, etc. and have no problem with it.
Moof!
Mac GUI Vault: Retro Apple II & Macintosh computing archive.
Inside Allerton bookMac GUIMac 512K Blog

shlomp
Registered User
Posts: 8
Joined: Thu Sep 22, 2005 2:20 pm

Post by shlomp » Fri Feb 02, 2007 10:53 pm

Do they specifically target phpbb? Apologies if anyone's posted this already.
http://www.botmaster.net/movies/XFull.htm

User avatar
ChrisRLG
Former Team Member
Posts: 3420
Joined: Wed Nov 24, 2004 3:18 pm
Location: Essex, UK
Contact:

Post by ChrisRLG » Fri Feb 02, 2007 11:00 pm

Notice that this 'program' does not specifically target ONLY phpBB2 - it targets all the known larger forum software - ALL are vulnerable to it.

If fact with the way that simple mods can change phpBB2 - it is LESS susceptible to this type of attack.

Just add a simple unique mod and you fall off their radar.
phpBB: The All Important Rules - Bertie Bear 3.0 - No support via PM system - use the forums please.
phpBB v2: Retirement (1/1/2009) : phpBB v3: Read Me Topic - Custom BBCodes - Support Template
Matthew 7:7"Ask and it will be given to you; seek and you will find; knock and a door will be opened to you."
My Links: MS MVP (Consumer Security) - Malware Removal:University - Own Forum: Custom BBCode testing

User avatar
undoIT
Registered User
Posts: 21
Joined: Mon Nov 06, 2006 11:04 pm

Post by undoIT » Sat Feb 03, 2007 6:50 am

Is there a way to shutdown user registration from the admin control panel that I somehow missed? If not, is there an easy way to prevent new registrations with minimal modification of core files?

User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun » Sat Feb 03, 2007 1:42 pm

Yes, there are a number of ways to do it. My personal favorite (mainly because it does perform only minimal changes to the core files + it does what you are asking and a lot more + I wrote it ;-)) would be the Page Permissions MOD. With it you can shut down registration with a custom message, protect your memberlist or user profiles from guests, and so on.

Page Permissions
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image

Locked

Return to “2.0.x Discussion”