Phpbb Mass Hack?

[url]phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures

[quote]During the last few days a bot using a name FuntKlakow, has been

registering to at least hundreds (maybe thousands) of phpBB forums.

[url]FuntKlakow - Google Suche ta=

Bot is also capable for posting to forums:

[url][/url] w

[url][/url] Klakow

But most on most forums the bot keeps silent.

Ok, what is a danger?

Next time the phpBB announces a critical vulnerability, the bot would

have everything ready (just a post click away) from attacking

thousands of sites/forums.

Best defence against these kinds of bot-members, might be setting up

honeypot-forums, which the search engines can find but to which there

are no permanent links from the web. When new bot-members are

detected, such would be listed at each particular forum makers


When a bot would then try to register to a forum, the forum program

would check the user/bot inputted user-name (or other characteristics)

and if those would match to those catched by a honeypot-forums,

registerin such user detais would be eliminated ( and possible IP

banned for some time)


more comments here