Bot hacking targeting phpBB, xenforo and others

nl1sms · Post by **nl1sms** » Wed Jan 06, 2021 3:41 pm

I saw a topic on phpbb.nl and would like to post it here as it could effect phpBB ?

Is this a hoax or is it genuine? To me it looks like a hoax as bots have read only rights. Can someone tell more about it ?

Since 3 January 2021 there is a bot targeting some platforms:

Xenforo 1.5x
Xenforo 2.x
Wordpress
phpBB
IPS Community Suite

The bot enter in accounts and sometime change passwords.

IP- 178.137.16.56
Email - leonsio@gmail.com

Search for this IP in your forum to check if your forum has been targeted.

At this moment i dont know how the bot have the login data for the account users.

References over internet:
https://www.abuseipdb.com/check/178.137.16.56

Source: https://xenforo.com/community/threads/b ... rs.189792/

Post by **KaileyT** » Wed Jan 06, 2021 3:47 pm

Interesting that they don't mention what version of WP, phpBB or IPS is affected.

nl1sms wrote: ↑
Wed Jan 06, 2021 3:41 pm
To me it looks like a hoax as bots have read only rights

Wrong type of bot.

Forex Station · Post by **Forex Station** » Thu Jan 07, 2021 3:15 pm

nl1sms wrote: ↑
Wed Jan 06, 2021 3:41 pm
I saw a topic on phpbb.nl and would like to post it here as it could effect phpBB ?

Is this a hoax or is it genuine? To me it looks like a hoax as bots have read only rights. Can someone tell more about it ?

Thanks for the info mate.

AmigoJack · Post by **AmigoJack** » Sun Jan 10, 2021 12:37 pm

nl1sms wrote: ↑
Wed Jan 06, 2021 3:41 pm
IP- 178.137.16.56

Not that IP address, but instead

178.137.16.145
178.137.16.151
178.137.16.199
178.137.16.203

...over the years from 2011 to 2019. Not one single successful log in. Tried the following usernames:

FlusZessBycle
Imeldaadaro
Printableadaro
cictAffeddy
lefbeftuplE
xaniga

Nothing spectacular here.

advertisements