# phpBB forums vulnerable to attack



## rohan (Aug 7, 2006)

Recently a bot using the name FuntKlakow, has been registering to at least hundreds (maybe thousands) of phpBB forums. It is susspected that the bot will take advantage of an exploit in phpBB froums, that might not be known yet. In other words the next time phpBB announces a critical vulnerability, the bot would have everything ready (just a post away) from attacking thousands of sites/forums.

*The Defence*

Best defence against these kinds of bot-members, might be setting up honeypot-forums, which the search engines can find but to which there are no permanent links from the web. When new bot-members are detected, such would be listed at each particular forum makers homepage.
When a bot would then try to register to a forum, the forum program would check the user/bot inputted user-name (or other characteristics) and if those would match to those catched by a honeypot-forums, registerin such user detais would be eliminated ( and possible IP banned for some time)

Source


----------



## iMav (Aug 7, 2006)

thanks for the info....


----------



## Pathik (Aug 7, 2006)

yeah man... thx


----------



## damnthenet (Aug 7, 2006)

Good info


----------



## iMav (Aug 7, 2006)

phpBB Support Team said:
			
		

> that bot is very very old news Smile it is not hacking, it is nothing mre than a spam bot. First you need to make sure your boards are up to date, then stop guest posting and set account activation to at least "user". You will need to turn on Visual confirmation. If after doing this you find that some spambots are still getting through there are other changes you can make to stop them, alot of these methods are talked about in this topic
> 
> *www.phpbb.com/phpBB/viewtopic.php?p=1404100


chill guys .... it seems that phpbb has it covered!!! ....phpbb rules


----------



## knight17 (Aug 8, 2006)

Avoid its registration using "images" while signig up..
I think you got the idea


----------



## rohan (Aug 8, 2006)

@knight17: hmm.. what's that called..... it's on my tounge.... ohh... yes... Image verification. That'll help.


----------



## nik_for_you (Aug 8, 2006)

nice info.. but i dont think this bot is dangerous !! what next after registering to forum ?


----------



## blackpearl (Aug 8, 2006)

phpbb has got tons of vulnerablities.


----------



## iMav (Aug 8, 2006)

blackpearl said:
			
		

> phpbb has got tons of vulnerablities.


 .... which can b avoided if proper care is taken


----------



## Venom (Aug 8, 2006)

nik_for_you said:
			
		

> nice info.. but i dont think this bot is dangerous !! what next after registering to forum ?


What if it registers all possible nicks on your forum eh?


----------



## nik_for_you (Aug 11, 2006)

thats right buddy.. I cnt give this nick to sillt bot


----------

