Oolite Bulletins

DaddyHoggy wrote:

Solas wrote:

I was using Google to search aegidian.org as results point to page,
and came accross a jsp that looked out of place, Google lists 240+
http//www.google.com/search?num=40&hl=en&q=js ... lr=lang_en

another thing ..
http//www.phpbb.com/index.php itself is down. ( vulnerability in an outdated PHPList )
http//community.mybboard.net/thread-44513.html advises on this.

hope this helps

Solas

Well, that was interesting.

It appears that part of a distributed warez network had been hidden in our images/avatars/ directory. Until I have a good explanation for how that happened, uploading of avatars is disabled again. As far as I’m aware we don’t use PHPList for anything Oolite-related, but Giles may have it installed for some other part of aegidian.org, possibly something that’s no longer used. I’ve e-mailed him about it.

Out of interest, the following out-of-place files were in images/avatars/ (modification dates in parens):

• index.htm (modified from original blank page; 2005-10-05 00:00)
• time.php (2005-10-05 00:00)
• date.php (2005-10-05 00:00)
• 13923715934416f3d4e57ff.php (2005-10-05 00:00)
• .htaccess (2005-10-05 00:00)
• ferrometer91/ (2008-11-01 08:21)
• ferrometer91/.htaccess (2008-11-01 08:21)
• ferrometer91/guest.php (2008-12-16 12:14)
• ferrometer91/messages.php (2008-12-16 12:13)

I’m assuming ferrometer91 and 13923715934416f3d4e57ff.php are random names; the latter looks like one of the random names of avatar images (for instance, 1584281108474245c375d5f.png). The .htaccess files set date.php and messages.php as the error pages for their respective directories, and these files created a virtual hierarchy of pages (the .jsp extension is a red herring). All the code was scrambled php and JavaScript; nothing complex, but I haven’t bothered decoding it.

I know a couple of our users manage phpBBs of their own; I suggest taking a look in your avatars directory. There should be no .htaccess file, no php files, no subdirectories other than gallery, and index.htm should be a blank page containing no JavaScript. (Note: these details may not be correct for phpBB 3.)

help.

this man attacked my computer




look what it did!

Spam! Spam! Spam! Spam!

SPAM!

https://bb.oolite.space/viewtopic.php?p=70187#70187

<ka-chik> BOOOOOOOOOOOOOOOOOOOOOOMMM!!!!

Captain Hesperus

Captain Hesperus wrote:

https://bb.oolite.space/viewtopic.php?p=70187#70187

<ka-chik> BOOOOOOOOOOOOOOOOOOOOOOMMM!!!!

You wouldn't want to start another civil war inside the clock-tower now, would you?

I'm a cat, thus easily bored....

Captain Hesperus

*

This one looks dodgy to me ... website links to a "money-making robot".

*

And another – website linking to online loans ...

*

This one is definitely spamming and has posted the same message all over the Internet. I just deleted it from Outworld, so would one of our esteemed Spam Assassins do the honors and terminate the bot?

*

And another one for the chop ...

*

And yet another ...

*

Blechh ... and still another

Is anybody actually killing these off? All the ones identified so far are still present and correct

[unpacks Silent Death and watches the door as new members shuffles in]

DaddyHoggy wrote:

Is anybody actually killing these off? All the ones identified so far are still present and correct

I was under the impression that members tagged as Spam Assassins had the power to do this. Unfortunately moderators cannot interfere with user status, otherwise these spam instances would have been already sanitized. If the SAs cannot do anything, then I guess it's up to one of the forum admins.