Page 30 of 330
On the miniscule possibility nobody has noticed...
Posted: Fri Mar 02, 2007 9:13 am
by imipak
...the boards are being spam-flooded with a link that tries to install a Windows executable. Which is odd, as I'd expect 99% of everyone here to use Macs or Linux.
In either case, I hereby petition the GalCops to classify the originating offender as a Fugitive, but would still like to know if the trojan is being used to add more spam to the boards through compromised accounts (browser defect) or if it's a server glitch that is being exploited.
(This is important. If it's the former, then as soon as those individuals clean their systems and change their passwords, things'll be fine. If it's a system problem, and that's why we're seeing so many different "users" posting, then everyone should treat their password as compromised and change it as soon as the problem is fixed.)
Posted: Fri Mar 02, 2007 9:21 am
by Uncle Reno
Posted: Fri Mar 02, 2007 9:21 am
by Magus Zeal
Unfortunatly, Killer Wolf, the only one who has the power to install that sort of stuff is not available right now. He'd have to be contacted personally then step in to do this.
I plan on taking the spammer's tools away. These spammers are from zombies, and all I have to do is send some sanctions to the ISPs of the zombies and there goes their service. Then I can (try) to complain to the hosting company of the "websites" and see if I can get them shut down -- but they're located in the Ukraine, which might mean my complaints would get laughed at.
Posted: Fri Mar 02, 2007 9:25 am
by Uncle Reno
Posted: Fri Mar 02, 2007 9:30 am
by Uncle Reno
Posted: Fri Mar 02, 2007 9:43 am
by Uncle Reno
Posted: Fri Mar 02, 2007 10:09 am
by Killer Wolf
Magus Zeal wrote:Unfortunatly, Killer Wolf, the only one who has the power to install that sort of stuff is not available right now. He'd have to be contacted personally then step in to do this.
I plan on taking the spammer's tools away. These spammers are from zombies, and all I have to do is send some sanctions to the ISPs of the zombies and there goes their service. Then I can (try) to complain to the hosting company of the "websites" and see if I can get them shut down -- but they're located in the Ukraine, which might mean my complaints would get laughed at.
ah, ok. i thought mebbes a few of the admin types who delete the posts would be able to alter settings etc.
the board on my side (by boardstogo) introduced the security word thing for posts, where you have to type in a random code generated by the board, had a search on php but i couldn't see any MODs like this, sadly :-(
anyways, cheers in advance for anything you manage to do to cut down this rubbish :-)
Posted: Fri Mar 02, 2007 10:45 am
by TGHC
What are the spammers trying to achieve, is it to get your personal details or something?
Posted: Fri Mar 02, 2007 1:44 pm
by Uncle Reno
Posted: Fri Mar 02, 2007 1:58 pm
by Killer Wolf
christ wept, they're working overtime today >:-( every time i come back there's like a dozen more posts.
scum.
Posted: Fri Mar 02, 2007 2:52 pm
by Captain Hesperus
https://bb.oolite.space/profile.php? ... ile&u=1613
For what it's worth. He'll probably be back two minutes after he's deleted.
:sigh:
<P.S.> here's his crap.
https://bb.oolite.space/viewtopic.ph ... ght=#31710
Captain Hesperus
"Despondancy is a crack sniper with a loaded rifle and ammo to spare in a high tower that, unbeknownst to him, has had all the uppermost windows bricked up to prevent pigeons getting in."
Posted: Fri Mar 02, 2007 3:34 pm
by JensAyton
Killer Wolf wrote:had a bit more trawl of php, maybe a mod/admin could scope these out??
TIPS
Set activation to 'user' or 'admin'
Already got that.
Killer Wolf wrote:Enable visual confirmation
Already got that.
Already got that.
Looking into those.
Re: On the miniscule possibility nobody has noticed...
Posted: Fri Mar 02, 2007 3:48 pm
by JensAyton
imipak wrote:...the boards are being spam-flooded with a link that tries to install a Windows executable. Which is odd, as I'd expect 99% of everyone here to use Macs or Linux.
In either case, I hereby petition the GalCops to classify the originating offender as a Fugitive, but would still like to know if the trojan is being used to add more spam to the boards through compromised accounts (browser defect) or if it's a server glitch that is being exploited.
Neither. The bots are registering new accounts and using those. The only defences stock phpBB has are e-mail confirmation (not a problem with so many free e-mail hosts) and a weak
CAPTCHA.
As for the Windows executable, there’s no oddness. The botnets don’t care what the board is about, they just look for phpBBs.
Posted: Fri Mar 02, 2007 5:16 pm
by Captain Hesperus
Posted: Fri Mar 02, 2007 5:31 pm
by reills