UBB.threads PHP Forum Software Community Forums General Off Topic Report of Suspected Hacking

I'm a retired guy who uses my old company's BB to keep in touch. I think they use your software. The url that appears when I'm logged in is:

http://forums.*****.com/news/ubbthreads.php

It appears someone is loading up the members list with a bot. I don't know if it is an innocent experiment by one of the members, or a malicious Denial of Service attack by an outsider. I've told the IT guys about it at my old company, and they are working it from their end.

Are you aware of anyone hacking member lists at other sites using your software? Do you offer services to detect and shut down the hacker?

If you send me an email address where I can send you the evidence I'll do so. I'd rather not put it on a public forum.

mag

Well I didn't go as far as completely registering but it looks like your company has by-passed the UBB registration. Without any CAPTCHA it's possible someone has written a script to bulk register. Why they would do this on a site that isn't public facing is beyond me, but it always amazes me that people spam my board when we clearly no follow our links.

Use captcha, and email validation/verification when register.

There's 150000 people registered now, with perhaps 50 more new registrations every day, weekends included. A more plausible number of real registrants would be 1000 people. This make the list so long it takes excessive time to search it, 20 pages at a time. Once the bogus registrar is turned off,

Is it possible to add a column to the users list that stores last time the poster logged in?

Is there a low labor way to erase a class of registrants? The data available now includes number of posts and date registered. Getting rid of all registrants who've been in the system for more that two years, for example, and have never posted, would be a good start. There'd be some innocent victims, but apologies could be sent out.

Just determine the IP address, this can't be that sophisticated, and then delete all the records with that IP.

But really you need to address the source of your problem which clearly seems to be that your company has bypassed the registration in an insecure way and the attacker is doing an injection attack.

There is also my Stop Forum Spam modification over @ UBBDev that helps thwart malicious registrations.

Gizmo, the problem is they have bypassed the registration system with their own that allows form injection. It's not spam they are dealing with.

Listen, I'm know I'm going to come off as a total ass over this, but your former company choose to modify their board in such a way that compromised it. This is their problem and has absolutely nothing to do with UBB. Only they can address this by securing their code, denying the IP addresses in .htaccess, and removing the malicious registrations. Obviously some script kiddy is trying to prove a point. I wish you guys luck getting it worked out.

Noted. Thanks.

Good call, but they could make some implementation of this system for their registration system too ...

Gizmo, I'll be honest I have not checked out your system but I'm sure it's great and might address the result of the problem. I'm just saying they need to address the cause.