[Full-Disclosure] Suspect phpBB users
jack.yan at jyanet.com
Sat Dec 25 23:54:17 GMT 2004
Dear Full-Disclosure members:
I am not a computer expert, just a regular Joe who hopes this information
may be useful to you.
We are running phpBB and last week, a DoS attack was launched against us.
We have since upgraded, but among our new users over the last few days
have been a Weber361, a Weber395, and a nderevyanko.
Googling the last user name, I've found 4,900 referencesmost with
guestbooks or forumsto which nderevyanko has signed up. He has been
preceded by a few Webers, and some Irenas, often citing that
killhim.boom.ru is their home page.
I have heard that there is a phpBB worm doing the rounds over the
holidays, and wonder if this is related in some way.
My hosting company recommended this list and I hope members, being far
better versed on these matters than me, can get word out.
Other than the frequency with which the Webers and nderevyanko have
signed up to thousands of sites over the last few days, I've no proof that
they are maliciousbut since the DoS attack I am on alert.
I hope this information is useful and that this has been a post that's
Jack Yan, LL B, BCA (Hons.), MCA <http://jackyan.com>
CEO, Jack Yan & Associates <http://jya.net/>
CEO, Lucire LLC <http://www.lucire.net>
Lucire, the global fashion magazine: <http://www.lucire.com>
Visit Beyond Branding, <http://www.beyond-branding.com>in its second printing
Full-Disclosure is hosted and sponsored by Secunia.