Phpbb Mass Hack?

[url]phpBB mass-hack being prepared (FuntKlakow-bot)?- general countermeasures


[quote]During the last few days a bot using a name FuntKlakow, has been

registering to at least hundreds (maybe thousands) of phpBB forums.



[url]FuntKlakow - Google Suche ta=



Bot is also capable for posting to forums:

[url]http://forum.uebimiau.org/search.php?search_author=FuntKlako[/url] w

[url]http://www.alternativ.ro/forum/search.php?search_author=Funt[/url] Klakow



But most on most forums the bot keeps silent.



Ok, what is a danger?

Next time the phpBB announces a critical vulnerability, the bot would

have everything ready (just a post click away) from attacking

thousands of sites/forums.



Best defence against these kinds of bot-members, might be setting up

honeypot-forums, which the search engines can find but to which there

are no permanent links from the web. When new bot-members are

detected, such would be listed at each particular forum makers

homepage.



When a bot would then try to register to a forum, the forum program

would check the user/bot inputted user-name (or other characteristics)

and if those would match to those catched by a honeypot-forums,

registerin such user detais would be eliminated ( and possible IP

banned for some time)

[/quote]



more comments here

[url]http://www.digg.com/security/phpBB_mass_hack_being_prepared_[/url]