K-Tec

Ìîñêâà

More
19 years 10 months ago #8447 by ctr
Ìîñêâà was created by ctr
Just wondering where Ìîñêâà is as we seem to have a lot of new members from there?

www.irishastronomy.org/boards/memberlist.php and sort descending

Each of us is here on earth for a reason, and each of us has a special mission to carry out - Maria Shriver

Please Log in or Create an account to join the conversation.

  • Visitor
  • Visitor
19 years 10 months ago #8448 by
Replied by on topic Re: Ìîñêâà
hi Conor,

this looks like a PHP attack (the funny text characters you quoted translate as "Irena"). It dates back to just before December 25th -- there's a couple of registered users then that are spam scripts as well. The giveaway too is the ".ru" suffix to the domain name.

Al/Bart, because you have webmaster rights you might have to zap the users with ".ru" in the domain name. There's a few with no web site quoted so I recommended the following names to be deleted;

nickd
bigsinky
qotsa
blyadischa795
LorieKennedy83 (it's the web site I'm not sure about whether it's genuine)
minelab
yosi
jane
and
ilja
361361
color_laser_engraver (again, a seemingly dodgy web site)
GF3
xoxahmedsxox
toilaai_quang
Jenya_S1980

. . . and all the other cyrillic character names at the end of the directory (Olan is a genuine member of a the group). Could you check the user e-mail behind-the-scenes for some of the names on Dec 24th also?

more on this at lists.virus.org/full-disclosure-0501/msg00031.html

all the best,

John

Please Log in or Create an account to join the conversation.

More
19 years 10 months ago #8450 by johnflannery
Replied by johnflannery on topic Re: Ìîñêâà
just a quick note to ensure the post reads my own log-in rather than "Anonymous" -- just in case anyone thinks I'm a hacker!

also, don't click on any of the web sites highlighted against the user ids listed in the post above! There's a real risk of your computer being infected by a virus or mass-mailing worm if you do so.

John Flannery,
Jefferson I.T. Dept.

Please Log in or Create an account to join the conversation.

More
19 years 10 months ago #8453 by shanemcd
Replied by shanemcd on topic Re: Ìîñêâà
The entries are indeed spammers, mainly promoting Russian websites.

If you want to prevent the websites being shown, it is possible to modify the php code for these boards so that only people who have more than a certain number of posts will have their website address made visible on memberlist and view profile.

In the phpBB code you can also test the website address for certain words before the person registers, and if it matches, you can set the website address to nothing. I have this working on 3 different websites and although these spammers can register, none of their advertising / website links show up.

The funny characters may have been text from the russian charset shown in the western charset equivalent.

Please Log in or Create an account to join the conversation.

More
19 years 10 months ago #8460 by voyager
Replied by voyager on topic Re: Ìîñêâà
bugger, I'm gonna have to find and install the Visual confirmation mod to lock these buggers out!

My Home Page - www.bartbusschots.ie

Please Log in or Create an account to join the conversation.

More
19 years 10 months ago #8465 by shanemcd
Replied by shanemcd on topic Re: Ìîñêâà
If you're looking for a quick way to removed these spammers from the system, If you have access to your SQL Server you could run a command like ...

[code:1]DELETE FROM `phpbb_users` WHERE `user_website` like '%.ru%';[/code:1]

Just put what every criteria about the website between the % symbols.

Saves you having to manually go through the Admin Panel and delete each user.

Use carefully though !

Please Log in or Create an account to join the conversation.

Moderators: darragh
Time to create page: 0.116 seconds
Powered by Kunena Forum