PHPbb "possible looming threat"

lech

No you have not yet been hacked and phpbb is still ok. However, apparently forum watching is a new sport in looking for possible looming threats. And this seems to be a favorite for bot authors looking for a quick exploit. A friend of mine snagged this off of digg and I awoke to this story originally bearing its head a few days ago before digg just caught onto it. There's even been some Vanilla/SMF name dropping as well. The original: http://www.issociate.de/board/post/312809/phpBB_mass-hack_being_prepared_ Digg story: http://digg.com/security/phpBB_mass_hack_being_prepared_ For the most part, the concern appears warranted mainly because some random person(s) have registered the same name across several (several hundred maybe) forums using the same name posting mindless nonsense and advertising. I can see this scenario panning out in the vanilla community if we don't keep our guard up, but overall, it seems like a decent enough read with potential ways to spot bots before they do any major harm and how to manage large forums vigilantly. :)

Bergamot

Seems like a really dumb way to set up an attack; more likely it's just an advertisement plant.

lech

Well, it still seems like a possible attack vector, however I doubt much would come of it so yeah, the most I see from this is just spam. If an attacker did want to exploit some major hole in the applications security, they might be wisest to register under a different name for every other forum if they want to remain "cloaked". However, reading through the article, I did like the thought of a honeypot forum to catch bots in the act and have a means of preventing hacks such as this.

Bergamot

Yeah, but you don't need a honeypot when the bot is stupid enough to use the same name everywhere.

lech

Well, in this particular case, no. But the next time, any community targeted for an attack like this probably won't be as fortunate.