As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread:

just a quick warning phpBB Hack

ArtoriaArtoria Registered User regular
I'm sure alpha is already on top of this but i figured I'd post it herein case this news went un-noticed.
phpBB mass-hack warning

p2p news / p2pnet: Bots are registering user accounts on phpBB forums, "raising concerns that the bot's authors are laying the groundwork for mass exploitation down the road," warns Netcraft.

One such showed up on Digg, yesterday. "During the last few days a bot using a name FuntKlakow, has been registering to maybe thousands of phpBB forums," says the post. "During the last few days a bot using a name FuntKlakow, has been registering to maybe thousands of phpBB forums."

FuntKlakow's post signatures have included links to proxy surfing and traffic generator services, "raising the prospect that its goal may be spam rather than exploits,"says Netcraft.

"Bot is also capable for posting to forums, says Juuso Hukkanen on newsreader. "But most on most forums the bot keeps silent.

"Ok, what is a danger? Next time the phpBB announces a critical vulnerability, the bot would have everything ready (just a post click away) from attacking thousands of sites/forums.

"Best defence against these kinds of bot-members, might be setting up honeypot-forums, which the search engines can find but to which there are no permanent links from the web. When new bot-members are detected, such would be listed at each particular forum makers homepage.

"When a bot would then try to register to a forum, the forum program would check the user/bot inputted user-name (or other characteristics) and if those would match to those catched by a honeypot-forums, registering such user detais would be eliminated ( and possible IP banned for some time)."

Nor is this the first time phpBB has been in the news with security problems.

phpBB has been banned by some web hosts but, "That hasn't prevented a 79 percent increase in active sites using phpBB between June and December of 2005, according to data from our Web Server Survey and related datasets," adds Netcraft.

I'm pretty sure we are ok over here since Alpla is running a heavily modified version of this right?

Artoria on


  • wasted lifewasted life Registered User regular
    edited March 2006
    I was bored so I looked through the memberlist. So far, no one has joined with that username. It can probably use other usernames though, so I guess it was moot. Man, that was a lot of users though.

    wasted life on
    Now Playing: Picross (DS), Phantom Hourglass (DS), GOD HAND (PS2), No More Heroes (Wii)
    My Backlog
    Super Saver Comics!
  • RocketScienceRocketScience Registered User regular
    edited March 2006
    If you go to your PM inbox and start a new message you can search for usernames.

    RocketScience on
  • FyreWulffFyreWulff YouRegistered User, ClubPA regular
    edited March 2006
    this is why I don't wonder how phpBB has yet to implement a fucking captcha generator into the registeration page.

    i've used e107, which rivals phpBB in common-sense programming mistakes and design flaws, and even they have a captcha generator for registration and login.

    FyreWulff on
Sign In or Register to comment.