Results 1 to 9 of 9
  1. #1
    Join Date
    Sep 2002
    Location
    Cambridge, UK
    Posts
    469

    Smile The Russians are after me!!

    A little bit earlier I was looking through the userlist on my phpBB forums.
    The main reason was that there was a user called "!!cacer!!" and it just didn't sound like the kind of username somebody would choose.
    On further inspection I found a whole list of suspicious usernames:

    - abal -
    - abser -
    - alarol -
    !!!aaa!!!
    - abased -
    - aamdas -
    !!!acb!!!
    !!cacer!!

    Now on my forums I have turned on the e-mail varification.
    So if somebody signs up to my forums they receive an e-mail with a link which they need to click on.
    This activates their account - if they don't get the e-mail their account remains disabled, you get the idea.
    Every single one of the above accounts had an e-mail address:

    @xoxma.net

    They must have been valid e-mail addresses or else they would never have received their "please click on this link to activate you account" messages.
    Of the 8 accounts, 7 of themw ere listed as "active".

    None of them had made any posts in any of my forums.
    Finally each of them had listed "my website" in their profiles as "porn sounding" - 6 of them failed to resolve.

    If their intention was spamming, well they didn't really try and why my forums? It is not as if they are high traffic etc.
    Or was it an exploit they were trying to use?
    I'm using phpBB 2.0.8c which is the latest build, however the bottom of the forums always just display 2.0.8

    I've deleted all of the offending accounts and added the domain @xoxma.net to my banned list so they won't be able to sign up for any new accounts.
    Has anybody seen anything similar?

  2. #2
    Join Date
    Jan 2003
    Location
    Lake Arrowhead, CA
    Posts
    789
    I have several customers who've seen the same thing on vBulletin forums. One of them had nearly 1,000 signups like this, so it's very likely they were done automatically. The names all followed the same pattern you show and all had Russian porn sites in the sigs and/or profile. In the cases I saw, they did not all use the same email provider, so banning the email domain was only partially effective.

    Two points of prevention:

    1) Setup forum rules requiring a minimum number of posts before new members can post links (as it is here on WHT), send email to or PM other users.

    2) If you check the IPs, you may find they all came from open proxies. Adding a RBL lookup to the registration can block most of these spam signups. Check out this post for more info.
    http://www.srohosting.com
    Stability, redundancy and peace of mind

  3. #3
    Actually, this is a common and well known issue. It's not hacking, but just spamming. The spammers target forums to sign up and leave their URL in their members profile, increasing the number of links to their site on the net, and search engine positioning as a result.

    If your forum software supports image verification, turning that on should stop the automated spammers cold. If you want to go a step further, remove the "www" button link from the members page in PhpBB, which removes the reason the spammers would want to target your site.

  4. #4
    Join Date
    Sep 2002
    Location
    Cambridge, UK
    Posts
    469
    Ah! That makes sense.
    I couldn't actually see what they were hoping to get from signing up with all those accounts.
    They weren't spamming my forums, they weren't sending PM's.
    They were simply creating accounts with URL's in their profiles.

    Thanks for the replies - it would seem it was simply people using an opportunity rather than me being picked on and specifically targetted.

  5. #5
    I had a Russian sign up, hack my PHP Nuke site, gain admin access, then insert a pop-up ad into the mySQL database that would load every time the footer loaded. That was, of course, every time a page loaded. Took forever for me to find the code, but I finally eliminated it.

    Be careful with PHP - the Russians are coming.

  6. #6
    Join Date
    Jan 2002
    Location
    Ohio
    Posts
    3,139
    I used to encounter this problem a lot on my site.

    Being PHPNuke/phpbb and all, I had a bunch of garbage accounts on my site. I decided to turn on the "email activation" feature as well as disable changing email addresses till I can get my email re-activation scheme working. I also got a lot of bogus accounts from people who register with valid emails, then immediately change emails after activating.

    Now, users cannot change their email through their profile, and nobody can see their profile till it is activated.

    This method isnt perfect, but it cuts down on the spammers who want a quick hit via a forum profile. Not like anyone gets any decent traffic from a forum profile anyway...

    meanpc, you did update your nuke didnt you?
    Glioblastoma Multiforme (GBM) Brain Cancer Awareness. May is Brain Cancer awareness month. Gray Matters!
    Incurable, 6-18 months prognosis, survivors longer than 3 years less than 1% chance.
    Don't like what I say? Ignore me.

  7. #7
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    4,695
    As somebody said it's just spamming, a way of increasing backlinks to a site. You can either stop the search engines from viewing your memberlist and profiles with robots.txt or, if your board allows disable the showing of users url in the memberlist (they will still be in profiles though)

    I would just edit out the urls and put an active mailto: link to his email address(es) in the profiles, let him get some spam of his own

  8. #8
    Join Date
    Sep 2002
    Location
    Cambridge, UK
    Posts
    469
    Originally posted by Loon

    I would just edit out the urls and put an active mailto: link to his email address(es) in the profiles, let him get some spam of his own
    LOL - hadn't thought of that.

  9. #9
    Join Date
    May 2004
    Location
    India
    Posts
    91
    Good idea really, but better to be protected ... a single sulotion for that, update ur PHP BB always. A lots of exploit available for phpBB nowadays. Follow http://www.securityfocus.com/bid
    Helpdesk : Sir, you need to add 10GB space to your HD , Customer : Could you please tell where I can download that?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •