Announcement

Collapse
No announcement yet.

"vBulletin Spider & Poster"???

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • "vBulletin Spider & Poster"???

    Hi, we just have someone who registered from an email address which resolved to a site called vBulletin Spider & Poster. The registered name seemed to be created automatically. I must admit that I don't know what a "vBulletin Spider & Poster" is, but I know 30 000 PHPbb-bulletin was attempted attached a few days ago.

    I might be completely wrong here (please delete this post if I am), but 'vBulletin Spider & poster" doesn't sound good to me.

    Here are the URLs involved in this (maybe it's not even a good idea to attempt to log in to these sites if someone is wanting to create trouble?):



    bakedpotato2005.biz
    cooklawfirm.com
    63.226.96.241

    (Maybe I'm just getting a little paranoid, as we just lost a lot of data after a spam/hacker attack on our server)
    The Vegan Forum

  • #2
    That does look suspicious. Do you have image verification enabled for registration?
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    Comment


    • #3
      No (but I have disabled registrations for now, after this happened). I will enable image verification for the future.
      The Vegan Forum

      Comment


      • #4
        There are some crackers on the internet that want to make havoc by exploiting big sites using XSS - there are also a few that target vB sites. So it is important to keep your forum software up to date, make regular backups (at least once per week) and if you can add .htaccess password protection to your admincp/ & modcp/ directories (you can also rename those 2 dirs to avoid auto script attempts). Turn on image verification, email validation and use a hard to guess, long, password. (To make brute force attempts harder)

        Comment


        • #5
          What is .htaccess password protection and how is it added?
          The Vegan Forum

          Comment


          • #6
            You could add an extra security layer to your board by adding .htaccess password directory protection to your admin and mod control panel that holds a different user/pass combination then the one you use on the board.

            This is a feature from the web server (unix/linux systems only), and works aside of vBulletin. Here is a indepth guide on how to use and setup .htaccess password protected directories on your server:

            http://www.javascriptkit.com/howto/htaccess.shtml

            You could setup one user/pass combination or give each administrator and/or moderator their own additional login.








            Control Panels like Cpanel and Plesk and Ensim and various others provide a feature called 'web protect' or 'directory protection' where you can enter the dir name and it will add it for you.

            Comment


            • #7
              I've got another at 200.73.174.183 and the email at riverstyx.net

              May want to at least ban them.

              Anything else we can do? This makes me quite nervous after the recent PHP exploits.

              The site I looked at listed it as Vbulletin Spider and Poster
              Last edited by LunaTech; Sun 9th Jan '05, 7:07pm.

              Comment


              • #8
                From it's name and what it's done at my site so far (created usernames and made two test posts), my current best guess is that it is a SPAM tool.

                So then it would spider the internet for vBulletin forums and threads or forums that matched it's keywords, automatically signup for an account, and then create threads or replies at the target site.

                It seems to be far from finished, but steps should be taken to prevent it. Blogs now a days get hammered with SPAM. It could be quite a problem if the same thing happened to vBulletin.

                The 3.0.5 upgrade also had a measure to prevent offsite POST's didn't it? That may be what is needed. Any other ideas?

                Comment


                • #9
                  We got the same spider register over 10 accounts, I banned the 200.73.174.183 IP address from within CPANEL
                  hope it works
                  www.docsboard.com

                  Comment


                  • #10
                    Watch out for this *******. I suggest banning 200.73.714.183 for now. He has hit my MB 5 times in the last few weeks, with identical profiles as described here and elsewhere.

                    I am at a loss as to what the point is other than to create a nuisance.

                    Comment


                    • #11
                      Originally posted by musicat
                      Watch out for this *******. I suggest banning 200.73.714.183 for now. He has hit my MB 5 times in the last few weeks, with identical profiles as described here and elsewhere.

                      I am at a loss as to what the point is other than to create a nuisance.
                      200.73.714.183

                      That's an invalid IP ... 255.255.255.255 is the max.

                      Comment


                      • #12
                        typo, he means 174

                        Comment

                        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                        Working...
                        X