Whois FuntKlakow

Want to chit chat about anything, do it here ... posting here won't increase your post count (or shouldn't!). Please do not post any "phpBB" specific topics here unless they do not fit into the category above. Do not post bug reports, feature or support requests!
Forum rules
Please do not post any "phpBB" specific topics here unless they do not fit into the category above.

Do not post bug reports, feature or support requests! No really... Do not post bug reports, feature or support requests! Doing so will make Bertie a very sad bear indeed. :(
Post Reply
User avatar
PCTalk
Registered User
Posts: 24
Joined: Thu Mar 02, 2006 5:06 pm
Location: MD, USA

Re: Whois FuntKlakow

Post by PCTalk »

The only problem with banning emails is that emails are so easy to come by. :?

It's a start but where does it end? I would love to see stronger international laws and strict enforcement for things like this.
If it isn't fun, why do it?
User avatar
Truestar
Registered User
Posts: 28
Joined: Sun Oct 30, 2005 6:54 pm
Location: New York, United States
Contact:

Re: Whois FuntKlakow

Post by Truestar »

I'm not to late for posting this am I?

http://www.digg.com/security/phpBB_mass ... g_prepared_" target="_blank

I'm kind of worried now. I hope phpBB 3.0 doesn't take too long, and the security gets a good boost. :?
[GSF] General of Army Truestar
Galactic Special Forces Gaming Clan
quick5pnt0
Registered User
Posts: 17
Joined: Wed Mar 22, 2006 1:18 am
Contact:

Re: Whois FuntKlakow

Post by quick5pnt0 »

Truestar wrote: I'm not to late for posting this am I?

http://www.digg.com/security/phpBB_mass ... g_prepared_" target="_blank

I'm kind of worried now. I hope phpBB 3.0 doesn't take too long, and the security gets a good boost. :?
That's where i originally found it. I'm far from an expert on what 3.0 will have, but i doubt it will stop most spamming. The reason is that spamming is something that can be done by any member, so the only way to truely stop spamming is by not allowing links to be posted on your forum. The problem with that is it also stops your forum members from posting links and for the most part i've found that there are alot of members who like to have their url in their signature.

A step in the right direction though would be to have the member list only visible by other members, and only allow the user to add their website into the profile after they've activated their accounts. That would reduce/stop most profile spamming.
User avatar
Truestar
Registered User
Posts: 28
Joined: Sun Oct 30, 2005 6:54 pm
Location: New York, United States
Contact:

Re: Whois FuntKlakow

Post by Truestar »

I like the profile idea. Maybe create a hack like the others that only allows htem to add their website after so many posts? This way, you can monitor their posts and see if they plan on sticking around for positive contributions, or not.

I don't like the memberlist idea though. It may have some preventative actions with spamming, but I find it annoying when I can't see a memberlist as a guest. I don't know why really. :|

I have account e-mail activation on, and visual confirmation. You would think that's enough, but I guess it isn't. But how much more can you add to the registration page without making registration annoying?

If people weren't such suckers, and didn't have to ruin other peoples stuff for fun. :(
[GSF] General of Army Truestar
Galactic Special Forces Gaming Clan
who_cares
Registered User
Posts: 218
Joined: Mon Feb 07, 2005 1:20 pm
Contact:

Re: Whois FuntKlakow

Post by who_cares »

I'm pretty sure that user is a bot

Look here (not my site, I found it with google):
http://www.polyrythmic.org/forum/viewtopic.php?t=11" target="_blank

the reply makes no sense and is advertising in its sig
User avatar
Truestar
Registered User
Posts: 28
Joined: Sun Oct 30, 2005 6:54 pm
Location: New York, United States
Contact:

Re: Whois FuntKlakow

Post by Truestar »

I think it's safe to say he's a bot. Another thing I found out is that his signature is man made, he's not using the signature feature, at least not on my site.

Yeah...
[GSF] General of Army Truestar
Galactic Special Forces Gaming Clan
MacForum
Registered User
Posts: 72
Joined: Mon Mar 20, 2006 1:53 pm

Re: Whois FuntKlakow

Post by MacForum »

Uh oh.

FuntKlakow struck the Pweb Networks server last night with a DDoS and SQL
corruption attack, destroying several MySQL databases and terminating access for at
least 6 hours.

While we have not confirmed it is the original FuntKlakow, it has been 100%
confirmed that he gained access via the hole in the phpBB 2 forums left by the
original FuntKlakow script.

It was like a Hurricane, it destroyed everything in its path. Pweb Networks members
are picking up the pieces tonight. Some places were beyond repair, like the
MacForum Gallery (Coppermine).

I recommend you exercise caution and keep your security up-to-date.

Olympus is not affected by this security issue as a CVS installation we had running
was untouched due to code changes in the Olympus system from phpBB 2.

Updates as they arrive.
Like Macs or just want to see Olympus Live? ;)
www.macgig.com
User avatar
Truestar
Registered User
Posts: 28
Joined: Sun Oct 30, 2005 6:54 pm
Location: New York, United States
Contact:

Re: Whois FuntKlakow

Post by Truestar »

Well, thankfully I've deleted this bot. I hope everything goes well for you other admins out there. :|
[GSF] General of Army Truestar
Galactic Special Forces Gaming Clan
jrdgames
Registered User
Posts: 19
Joined: Wed Mar 01, 2006 7:53 pm

Re: Whois FuntKlakow

Post by jrdgames »

MacForum wrote: Uh oh.FuntKlakow struck the Pweb Networks server last night with a DDoS and SQL corruption attack, destroying several MySQL databases and terminating access for at least 6 hours.While we have not confirmed it is the original FuntKlakow, it has been 100% confirmed that he gained access via the hole in the phpBB 2 forums left by the original FuntKlakow script.It was like a Hurricane, it destroyed everything in its path. Pweb Networks members are picking up the pieces tonight. Some places were beyond repair, like the MacForum Gallery (Coppermine).I recommend you exercise caution and keep your security up-to-date.Olympus is not affected by this security issue as a CVS installation we had runningwas untouched due to code changes in the Olympus system from phpBB 2.Updates as they arrive.
This is going way beyond the spambot, now whether this is the bot's author or someone else using the bots name is yet to be discovered but whoever it is is making a big mess.
Sorry you got hacked mac forum but hopefully you made a backup when this problem arose so you dont lose to much of your forums.
MacForum
Registered User
Posts: 72
Joined: Mon Mar 20, 2006 1:53 pm

Re: Whois FuntKlakow

Post by MacForum »

We didn't have a recent backup, but we repaired the database and all is well now. The
Gallery, based on Coppermine Photo Gallery, wasn't as lucky. It was not repairable.
Like Macs or just want to see Olympus Live? ;)
www.macgig.com
Post Reply