- Posts: 575
- Thank you received: 2
ÌîñêâÃ
- ctr
- Topic Author
- Offline
- Red Giant
Less
More
19 years 10 months ago #8447
by ctr
Ìîñêâà was created by ctr
Just wondering where Ìîñêâà is as we seem to have a lot of new members from there?
www.irishastronomy.org/boards/memberlist.php and sort descending
www.irishastronomy.org/boards/memberlist.php and sort descending
Each of us is here on earth for a reason, and each of us has a special mission to carry out - Maria Shriver
Please Log in or Create an account to join the conversation.
- Visitor
19 years 10 months ago #8448
by
Replied by on topic Re: ÌîñêâÃ
hi Conor,
this looks like a PHP attack (the funny text characters you quoted translate as "Irena"). It dates back to just before December 25th -- there's a couple of registered users then that are spam scripts as well. The giveaway too is the ".ru" suffix to the domain name.
Al/Bart, because you have webmaster rights you might have to zap the users with ".ru" in the domain name. There's a few with no web site quoted so I recommended the following names to be deleted;
nickd
bigsinky
qotsa
blyadischa795
LorieKennedy83 (it's the web site I'm not sure about whether it's genuine)
minelab
yosi
jane
and
ilja
361361
color_laser_engraver (again, a seemingly dodgy web site)
GF3
xoxahmedsxox
toilaai_quang
Jenya_S1980
. . . and all the other cyrillic character names at the end of the directory (Olan is a genuine member of a the group). Could you check the user e-mail behind-the-scenes for some of the names on Dec 24th also?
more on this at lists.virus.org/full-disclosure-0501/msg00031.html
all the best,
John
this looks like a PHP attack (the funny text characters you quoted translate as "Irena"). It dates back to just before December 25th -- there's a couple of registered users then that are spam scripts as well. The giveaway too is the ".ru" suffix to the domain name.
Al/Bart, because you have webmaster rights you might have to zap the users with ".ru" in the domain name. There's a few with no web site quoted so I recommended the following names to be deleted;
nickd
bigsinky
qotsa
blyadischa795
LorieKennedy83 (it's the web site I'm not sure about whether it's genuine)
minelab
yosi
jane
and
ilja
361361
color_laser_engraver (again, a seemingly dodgy web site)
GF3
xoxahmedsxox
toilaai_quang
Jenya_S1980
. . . and all the other cyrillic character names at the end of the directory (Olan is a genuine member of a the group). Could you check the user e-mail behind-the-scenes for some of the names on Dec 24th also?
more on this at lists.virus.org/full-disclosure-0501/msg00031.html
all the best,
John
Please Log in or Create an account to join the conversation.
- johnflannery
- Offline
- Super Giant
Less
More
- Posts: 1191
- Thank you received: 253
19 years 10 months ago #8450
by johnflannery
Replied by johnflannery on topic Re: ÌîñêâÃ
just a quick note to ensure the post reads my own log-in rather than "Anonymous" -- just in case anyone thinks I'm a hacker!
also, don't click on any of the web sites highlighted against the user ids listed in the post above! There's a real risk of your computer being infected by a virus or mass-mailing worm if you do so.
John Flannery,
Jefferson I.T. Dept.
also, don't click on any of the web sites highlighted against the user ids listed in the post above! There's a real risk of your computer being infected by a virus or mass-mailing worm if you do so.
John Flannery,
Jefferson I.T. Dept.
Please Log in or Create an account to join the conversation.
- shanemcd
- Offline
- Proto Star
Less
More
- Posts: 43
- Thank you received: 0
19 years 10 months ago #8453
by shanemcd
Replied by shanemcd on topic Re: ÌîñêâÃ
The entries are indeed spammers, mainly promoting Russian websites.
If you want to prevent the websites being shown, it is possible to modify the php code for these boards so that only people who have more than a certain number of posts will have their website address made visible on memberlist and view profile.
In the phpBB code you can also test the website address for certain words before the person registers, and if it matches, you can set the website address to nothing. I have this working on 3 different websites and although these spammers can register, none of their advertising / website links show up.
The funny characters may have been text from the russian charset shown in the western charset equivalent.
If you want to prevent the websites being shown, it is possible to modify the php code for these boards so that only people who have more than a certain number of posts will have their website address made visible on memberlist and view profile.
In the phpBB code you can also test the website address for certain words before the person registers, and if it matches, you can set the website address to nothing. I have this working on 3 different websites and although these spammers can register, none of their advertising / website links show up.
The funny characters may have been text from the russian charset shown in the western charset equivalent.
Please Log in or Create an account to join the conversation.
- voyager
- Offline
- Super Giant
Less
More
- Posts: 3663
- Thank you received: 2
19 years 10 months ago #8460
by voyager
My Home Page - www.bartbusschots.ie
Replied by voyager on topic Re: ÌîñêâÃ
bugger, I'm gonna have to find and install the Visual confirmation mod to lock these buggers out!
My Home Page - www.bartbusschots.ie
Please Log in or Create an account to join the conversation.
- shanemcd
- Offline
- Proto Star
Less
More
- Posts: 43
- Thank you received: 0
19 years 10 months ago #8465
by shanemcd
Replied by shanemcd on topic Re: ÌîñêâÃ
If you're looking for a quick way to removed these spammers from the system, If you have access to your SQL Server you could run a command like ...
[code:1]DELETE FROM `phpbb_users` WHERE `user_website` like '%.ru%';[/code:1]
Just put what every criteria about the website between the % symbols.
Saves you having to manually go through the Admin Panel and delete each user.
Use carefully though !
[code:1]DELETE FROM `phpbb_users` WHERE `user_website` like '%.ru%';[/code:1]
Just put what every criteria about the website between the % symbols.
Saves you having to manually go through the Admin Panel and delete each user.
Use carefully though !
Please Log in or Create an account to join the conversation.
Moderators: darragh
Time to create page: 0.123 seconds