FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » FUDforum 3.0+ » Mass cracking of FUDForum sites
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
Mass cracking of FUDForum sites [message #27994] Tue, 04 October 2005 11:55 Go to next message
heron is currently offline  heron   United States
Messages: 10
Registered: May 2005
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
Hi,

I'm watching my log for referrer URL quite closely. Recently I noticed a strange looking Google query with the exclusion keyword ihackstuff.

"http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by+FUDForum+2.6%22+-site%3Afudforum.org+-johnny.ihackstuff&btnG=Search"


I traced this back to a Google hack database listing the following entry

http://johnny.ihackstuff.com/index.php?module=prodreviews&func=showcont ent&id=1410

This produces a list of sites still running FUDForum 2.6.

I looked for further traces from the same IP and saw an attempt to exploit the avatar upload bug. The guy had created an account named 'bonjour' with a yahoo email address. The attack came from a Taiwanese IP (211.76.97.246).

I then checked other sites on that list and sure enough they all had an account 'bonjour' created some time in September. If you are still running 2.6 and have avatar uploads enabled, it's time to check your box.

Heron
Re: Mass cracking of FUDForum sites [message #27995 is a reply to message #27994] Tue, 04 October 2005 12:06 Go to previous message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
Good catch, yet another reason to upgrade your forums to 2.7.X series if you have not done so already.

Another security tip is to go through your avatars directory and see if you have any files with a non image extension.


FUDforum Core Developer
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: FUDForum stopped working
Next Topic: Problem
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Oct 20 10:28:43 EDT 2017

Total time taken to generate the page: 0.00654 seconds