Home »
FUDforum Development »
FUDforum 3.0+ »
Mass cracking of FUDForum sites
Mass cracking of FUDForum sites [message #27994] |
Tue, 04 October 2005 15:55 |
heron
Messages: 10 Registered: May 2005
Karma:
|
Junior Member |
|
|
Hi,
I'm watching my log for referrer URL quite closely. Recently I noticed a strange looking Google query with the exclusion keyword ihackstuff.
"http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by+FUDForum+2.6%22+-site%3Afudforum.org+-johnny.ihackstuff&btnG=Search"
I traced this back to a Google hack database listing the following entry
http://johnny.ihackstuff.com/index.php?module=prodreviews&func=showcont ent&id=1410
This produces a list of sites still running FUDForum 2.6.
I looked for further traces from the same IP and saw an attempt to exploit the avatar upload bug. The guy had created an account named 'bonjour' with a yahoo email address. The attack came from a Taiwanese IP (211.76.97.246).
I then checked other sites on that list and sure enough they all had an account 'bonjour' created some time in September. If you are still running 2.6 and have avatar uploads enabled, it's time to check your box.
Heron
|
|
|
Goto Forum:
Current Time: Tue Nov 26 20:27:42 GMT 2024
Total time taken to generate the page: 0.04409 seconds