phpBB mass-hack warning

p2p news / p2pnet: Bots are registering user accounts on phpBB forums, "raising concerns that the bot's authors are laying the groundwork for mass exploitation down the road," warns Netcraft.


One such showed up on Digg, yesterday. "During the last few days a bot using a name FuntKlakow, has been registering to maybe thousands of phpBB forums," says the post. "During the last few days a bot using a name FuntKlakow, has been registering to maybe thousands of phpBB forums."

FuntKlakow's post signatures have included links to proxy surfing and traffic generator services, "raising the prospect that its goal may be spam rather than exploits,"says Netcraft.


"Bot is also capable for posting to forums, says Juuso Hukkanen on newsreader. "But most on most forums the bot keeps silent.


"Ok, what is a danger? Next time the phpBB announces a critical vulnerability, the bot would have everything ready (just a post click away) from attacking thousands of sites/forums.


"Best defence against these kinds of bot-members, might be setting up honeypot-forums, which the search engines can find but to which there are no permanent links from the web. When new bot-members are detected, such would be listed at each particular forum makers homepage.


"When a bot would then try to register to a forum, the forum program would check the user/bot inputted user-name (or other characteristics) and if those would match to those catched by a honeypot-forums, registering such user detais would be eliminated ( and possible IP banned for some time)."

Nor is this the first time phpBB has been in the news with security problems.

phpBB has been banned by some web hosts but, "That hasn't prevented a 79 percent increase in active sites using phpBB between June and December of 2005, according to data from our Web Server Survey and related datasets," adds Netcraft.