Satanic bot, phpbb anti

[Maztech]

Thousands of PHPbb forums have noticed a certain some one registering. Someone? or something? Who is this new funtkalow that seems to be on every phpbb forum we can find. Well, rumours have it, he is a bot. And not a nice one....

people think that maybe this bot might be an exploit bot, ready to exploit phpbb forums. what do you guys think?

source:
http://securefx.org/index.php?option...id=34&Itemid=1

[.:front2back:.]

Howdy.

This bot has been doing the rounds for a few months now..
I've seen it happen to hundreds of phpBB forums so far. But funny enough it seems to be attacking the forums if they are running 2.0.18 and lower..

cheers
f2b

[Maztech]

over 33,400 forums now have this bot. Imagine the devistation if one high risk exploit was to be released. I for one am looking forward to the carnage

If this is the first bot, what about the others that will soon follow? random passwords, random nicks, even better posts to make it seem more human. I bet the PHPbb securit techs are working like crazy to find exploits.

[Synja]

Well... I wouldn't say there'd be a whole lot of devastation...

What meaningful forum runs PHPbb? No offense, but I doubt that flags would be at half mast for the loss of 33k 100 member forums....

And there are easy ways around the bot threat. THe moderation of all new members, same as is done here for example, or custom requirements for a first post, such as having to read the faq before being able to post, and maybe answering a random question about it.

[Maztech]

ok, i agree. most decent forums dont really run phpbb, but still, it could be a big blow for PHPbb to have a load of forums attacked in the space of a day. There not all 100 members either, i have seen some very large forums running phpbb.

[Synja]

I know that saying they're all 100 memeber forums is an exxageration, but at what point does "forum management" have an obligation to upgrade the forums for the user base?

I mean, Windows NT4 is a wonderful OS, but at what point do you have to break down and say "Hey, this is a production machine, it need2k/XP or one of the Server systems?"

[nihil]

Hmmmm,

If you have followed the links you will have noticed that it is capable of posting simplistic replies such as "I totally agree" and so on.

Well, I found a UK site with it on it and posted to the Mods/Admins that they had a Bot onboard.

I checked back a few hours later and found that all the Bot's replies had been deleted, but the account was still there. I am sure that no Mod?Admin has seen my post, it looks to be a "feature" of the Bot?

I can see from cache where the Bot has posted, but the actual posts are gone and its post cont is zero.

Interesting?

[Synja]

If you have followed the links you will have noticed that it is capable of posting simplistic replies such as "I totally agree" and so on.

That has to be a warning sign. If a new AO member did nothing but reply with simplistic canned crap, you'd keep an eye out, right? Or would... nevermind.

[nihil]

That has to be a warning sign. If a new AO member did nothing but reply with simplistic canned crap, you'd keep an eye out, right? Or would... nevermind.

Yes, this is a hardware site and is not that active dialogue wise.

I checked the members list and at least 75% are the produce of spambots so I don't think that it is very well moderated.

As you observed earlier, most of these sites are very small, and a lot of them are not very active or monitored that well.

It still leaves the question of what the ultimate objective of the Bot is? It seems to have a mechanism to obliterate its posts?

[Maztech]

this could just be a fake. I was looking into it deeper today and found some more articles, a friend also gave me couple of links. I posted a comment on the site with the urls.