subject : Abuse 212.186.84.12
Dear Chello,
I’m emailing you to inform you that one of your broadband users is doing strange things on the internet.
The user, who calls himself FuntKlakow registered on thousands of phpbb forums, without actively participating. Just do a search on google with his username and you will find 233.000 hits : http://www.google.nl/search?q=FuntKlakow" target="_blank . I think this user is using an automated script which is used to register himself to phpbb forums. This is very annoying for administrators of those boards and I’m emailing on behalf of all those administrators. The ip address was found in log files of the phpbb forums and was queried through ripe.net (whois database) : http://www.ripe.net/whois?searchtext=212.186.84.12" target="_blank . Noted in this result was this email address. I hope you understand our concerns.
Thanks in advance, evertvr
Whois FuntKlakow
Forum rules
Please do not post any "phpBB" specific topics here unless they do not fit into the category above.
Do not post bug reports, feature or support requests! No really... Do not post bug reports, feature or support requests! Doing so will make Bertie a very sad bear indeed. :(
Please do not post any "phpBB" specific topics here unless they do not fit into the category above.
Do not post bug reports, feature or support requests! No really... Do not post bug reports, feature or support requests! Doing so will make Bertie a very sad bear indeed. :(
Re: Whois FuntKlakow
Hello, I'm admin of powerflux.be/forum . We also saw this user registering on our forums. With the information provided on this board, I've sent the following email to help@chello.at :
-
cyberCrank
- Registered User
- Posts: 560
- Joined: Wed Jan 28, 2004 3:38 am
- Location: Ethereal Bliss
Re: Whois FuntKlakow
OK guys, please note which version of phpBB you are running and seeing this script attack. Just wondering if it is the currently supported version 2.0.19??
Or are you "testing" and seeing it on a development 2.1 CVS version (future phpBB 3.0 Olympus) ??
I presume you are referring to the 2.0.19 version, but just checking...
Or are you "testing" and seeing it on a development 2.1 CVS version (future phpBB 3.0 Olympus) ??
I presume you are referring to the 2.0.19 version, but just checking...
Re: Whois FuntKlakow
This guy or it signed up at my site and a few other forums I know of.
I'm running 2.0.19.
I'm running 2.0.19.
Re: Whois FuntKlakow
I am the admin of the game-spectrum.com forums. This FuntKlakow registered with my forums a few days ago. I deleted his account. Hope it was the right thing to do. 
I am running phpBB 2.0.19 as well.
I am running phpBB 2.0.19 as well.
Re: Whois FuntKlakow
Thank you very much for this thread. I googled FuntKlakow and got it. I banned him and let my forum know not to open emails from him. Thank you very much. 
Re: Whois FuntKlakow
The very nature of forums to invite persons to join without having to jump through hoops to see what we have to offer might be a weakness this person/script is trying to use for whatever purpose. I run an old version of easybb for the family and try to keep track of the kids on it so this login caught my eye fairly quickly. The people with big forums that invite many to join might be at risk for the no-good out on the internet. Just giving a heads up. Might be some kid learning scripts but going about it the wrong way.
Re: Whois FuntKlakow
Well I'll definitely keep my eyes open for anything suspicious.
Re: Whois FuntKlakow
just saw this on the frontpage of digg.com (big news website , if someone doesn't know) : http://digg.com/security/phpBB_mass_hack_being_prepared_" target="_blank
link to the original post : http://www.issociate.de/board/post/3128 ... g_prepared_" target="_blankDuring the last few days a bot using a name FuntKlakow, has been registering to maybe thousands of phpBB forums. Some speculate that the bot's owners are preparing to exploit an unreported vulnerability.
Re: Whois FuntKlakow
Below is a random sample from a search on msn.com looking at memberlist and posts by funtklakow
~~~
http://www.mossbackfever.com" target="_blank Forum Index
Author Message
Topic: swarovsk spooting scope 65mm or 80mm?
FuntKlakow
Replies: 2
Views: 76
PostForum: What's new? Posted: Sat Mar 18, 2006 10:09 pm Subject: swarovsk spooting scope 65mm or 80mm?
Wow, that is cool!
_______________
[url=http://www.mybigproxy.com/]Surf the Net anonymously, bypass school/work Web filters!
Topic: 202 gross Monster Muley-General Tag
FuntKlakow
Replies: 9
Views: 1549
PostForum: Archery Hunting Posted: Sat Mar 18, 2006 10:08 pm Subject: 202 gross Monster Muley-General Tag
I agree with you completely.
_______________
[url=http://www.mybigproxy.com/]Surf the Net anonymously, bypass school/work Web filters!
Topic: Northern Utah General
FuntKlakow
Replies: 2
Views: 288
PostForum: Deer Hunting Posted: Sat Mar 18, 2006 10:08 pm Subject: Northern Utah General
Wow, that is cool!
_______________
[url=http://www.mybigproxy.com/]Surf the Net anonymously, bypass school/work Web filters!
Topic: Please Vote
FuntKlakow
Replies: 7
Views: 860
PostForum: Announcements Posted: Sat Mar 18, 2006 10:08 pm Subject: Please Vote
Oh, how nice.
_______________
[url=http://www.mybigproxy.com/]Surf the Net anonymously, bypass school/work Web filters!
Topic: Please Vote
FuntKlakow
Replies: 7
Views: 860
PostForum: Announcements Posted: Sun Mar 05, 2006 2:12 am Subject: Please Vote
Wow, I didn't think of that.
_______________
more visitors to y our web site
Page 1 of 1
~~~
The thing I noticed is he/it is coming back to forums he/it registered on. But the generic posts mean nothing.
~~~
http://www.mossbackfever.com" target="_blank Forum Index
Author Message
Topic: swarovsk spooting scope 65mm or 80mm?
FuntKlakow
Replies: 2
Views: 76
PostForum: What's new? Posted: Sat Mar 18, 2006 10:09 pm Subject: swarovsk spooting scope 65mm or 80mm?
Wow, that is cool!
_______________
[url=http://www.mybigproxy.com/]Surf the Net anonymously, bypass school/work Web filters!
Topic: 202 gross Monster Muley-General Tag
FuntKlakow
Replies: 9
Views: 1549
PostForum: Archery Hunting Posted: Sat Mar 18, 2006 10:08 pm Subject: 202 gross Monster Muley-General Tag
I agree with you completely.
_______________
[url=http://www.mybigproxy.com/]Surf the Net anonymously, bypass school/work Web filters!
Topic: Northern Utah General
FuntKlakow
Replies: 2
Views: 288
PostForum: Deer Hunting Posted: Sat Mar 18, 2006 10:08 pm Subject: Northern Utah General
Wow, that is cool!
_______________
[url=http://www.mybigproxy.com/]Surf the Net anonymously, bypass school/work Web filters!
Topic: Please Vote
FuntKlakow
Replies: 7
Views: 860
PostForum: Announcements Posted: Sat Mar 18, 2006 10:08 pm Subject: Please Vote
Oh, how nice.
_______________
[url=http://www.mybigproxy.com/]Surf the Net anonymously, bypass school/work Web filters!
Topic: Please Vote
FuntKlakow
Replies: 7
Views: 860
PostForum: Announcements Posted: Sun Mar 05, 2006 2:12 am Subject: Please Vote
Wow, I didn't think of that.
_______________
more visitors to y our web site
Page 1 of 1
~~~
The thing I noticed is he/it is coming back to forums he/it registered on. But the generic posts mean nothing.
Last edited by tejas on Sun Mar 19, 2006 7:43 pm, edited 1 time in total.
Re: Whois FuntKlakow
Heya ppl
I would like to know if anyone has the hashed version of this guys password?
I want to know if they are all the same on the phpBB forums. So if the web admins look at their mysql database and paste the hashcode for this guys password in here that would be great. Or you can email it to me at jmc265@hotmail.co.uk
Thanks for helping
Jether
I would like to know if anyone has the hashed version of this guys password?
I want to know if they are all the same on the phpBB forums. So if the web admins look at their mysql database and paste the hashcode for this guys password in here that would be great. Or you can email it to me at jmc265@hotmail.co.uk
Thanks for helping
Jether