FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » FUDforum 3.0+ » Mass cracking of FUDForum sites
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Mass cracking of FUDForum sites [message #27994] Tue, 04 October 2005 15:55 Go to previous message
heron is currently offline  heron   United States
Messages: 10
Registered: May 2005
Karma:
Junior Member
Hi,

I'm watching my log for referrer URL quite closely. Recently I noticed a strange looking Google query with the exclusion keyword ihackstuff.

"http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by+FUDForum+2.6%22+-site%3Afudforum.org+-johnny.ihackstuff&btnG=Search"


I traced this back to a Google hack database listing the following entry

http://johnny.ihackstuff.com/index.php?module=prodreviews&func=showcont ent&id=1410

This produces a list of sites still running FUDForum 2.6.

I looked for further traces from the same IP and saw an attempt to exploit the avatar upload bug. The guy had created an account named 'bonjour' with a yahoo email address. The attack came from a Taiwanese IP (211.76.97.246).

I then checked other sites on that list and sure enough they all had an account 'bonjour' created some time in September. If you are still running 2.6 and have avatar uploads enabled, it's time to check your box.

Heron
[Message index]
 
Read Message
Read Message
Previous Topic: FUDForum stopped working
Next Topic: Problem
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 30 06:22:05 GMT 2024

Total time taken to generate the page: 0.04292 seconds