The Board Has Been Hacked!!

News related to the site
User avatar
Lloyd Mangram
King of Ludlow
Posts: 1151
Joined: Thu Jun 19, 2003 10:22 pm
Location: Ludlow
Contact:

Post by Lloyd Mangram »

iain wrote:...when I could have been doing something actually productive for the sites...
Well, it's sort of productive in some kind of way...trying to be *very* positive here. 8)

Your maintenance is very much appreciated though!

Still have a small hole in my heart because of the 1700 missing posts. :?
Everytime I browse the forum I think of the missing topics, or I'm searching for something and it's gonzo. Grrr.
Shame really, especially the last year we had some very interesting things going on. Topic about Penn, topic about CU etc. etc. :evil:

Oh well.

Rob
Once again I emerge from beneath a massive pile of paper which makes my desk groan to bring you the world’s most amazing posts.
User avatar
Mayhem
Editor
Posts: 394
Joined: Thu Jun 19, 2003 11:19 am
Location: London
Contact:

Post by Mayhem »

The whole thing with lots of "guests" is the script's way of sniffing out boards that haven't got the patches installed and can be hacked. As you are up to date, then hopefully nothing currently out there is able to harm it. Until the next patch is released and then more exploits scripts are written :roll:
Another visitor... stay awhile... stay forever!
jcompton
Techno Teaboy
Posts: 21
Joined: Mon Mar 07, 2005 12:01 am
Contact:

Post by jcompton »

It's possible it's a massive search engine crawl. On a forum I run, we had a similar traffic spike about a month ago when Gigablast decided it would be a really good idea to capture the entire 50K+ article board in the span of about 48-72 hours. Since MSN relaunched and so forth I've noticed the other engines being more aggressive about staying up to date, including sending out many crawler threads at once.

Do some detailed WHOIS lookups on the guest IPs, particularly if they're in the 60-70.x.x.x block, where a lot of search engines seem to live.
Waiting patiently (vainly) for the Def Guide to CU Amiga...
User avatar
Iain
Admin
Posts: 2222
Joined: Tue Jun 17, 2003 6:42 pm
Location: Cavan, Ireland
Contact:

Post by Iain »

It definitely wasn't searchengines (although as you have said, they do come in groups, msnbot nearly crawles the site as much as google these days)

The requests were for all different topics but with the same query string e.g. viewtopic.php?t=3245&highlight=%2527...etc. etc. the %2527 is the give away because that's an exploit trick.

The IP's were also from all over the world and thirdly the id was just "mozilla 4" instead of the usual googlebot or fuller version of most browsers.

So in summary, def not search bots! :-)
jcompton
Techno Teaboy
Posts: 21
Joined: Mon Mar 07, 2005 12:01 am
Contact:

Post by jcompton »

Fair enough, you're right, that doesn't sound the least bit legit. I just didn't want anybody getting anxious unnecessarily. :)
Waiting patiently (vainly) for the Def Guide to CU Amiga...
Post Reply