Forums wiped out!

[Josh]

Ya, this is a scary worm.. and people say that Google stopped it, but thats BS.. the source has been released, and it would take me all of 5 minutes to re-write it to use lycos, hotbot, yahoo, msn, etc.

Josh

[anthonycea]

If you are that smart, want to build some sites for me?

PM me partner

[Josh]

lol.. what do you mean by build? i.e. design and code?

Josh

[anthonycea]

Yeah man, I will PM you.

[anthonycea]

Seen this warning for forum operators that you all should be aware of.

http://www.vbulletin.com/forum/showthread.php?p=782206#post782206

[digitalpoint]

Even more annoying is someone put out a new worm this morning which uses Yahoo to find phpBB forums. Looked at the source, and it's searching for pages that contain "showthread.php" in the URL. Which also is the case for vBulletin. So I woke up this morning and the server was taking a beating from hundreds of requests per second trying to install a worm on the forum (all from different IP addresses). I ended up blocking it on my end, but I can imagine other vBulletin forums are taking a DoS beating right now.

[anthonycea]

You have to quit sleeping Shawn.

What do they gain by attacking forums Shawn, are they using them for URL links to leave porno links on server logs, because I have seen a lot of this of late using ringtone portals as a launch pad to do this.

[minstrel]

Shawn: Can you email/pm me to tell me how you blocked it? We're taking a beating too -- nothing is getting in but it amounts to a DDoS.

[digitalpoint]

Make a .htaccess file with the following in the root folder:

Code:

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT}  ^LWP* [OR]
RewriteCond %{HTTP_USER_AGENT}  ^lwp*
RewriteRule  .*      - [F]

That will of course require your server allows you to use mod_rewrite.

[minstrel]

Shawn, I just tried that on one of my phpBB forums and it gave me a 403 Forbidden access...

What's it supposed to do?

[kusadasi-guy]

Shawn can u please give us an example .htaccess ?

for example i want to block
512.559.57.98 ip address
510.470.45.x ip blocks
and 516.598.x.x ip blocks

whats my .htaccess lines?

[minstrel]

Kusadasi -- it would look like this:

deny from 512.559.57.98
deny from 510.470.45.
deny from 516.598.

[minstrel]

However, I can't figure out what Shawn's "fix" is doing and it results in a 403 forbidden to my own forum when I try it. Anyone here who can elucidate this for me?

[anthonycea]

Shawn's not home man

Minstrel, you will need a full time coder in the future on staff at all times the way things are going to stop these hackers

[minstrel]

re: Shawn's not home -- I realize that -- that's why I'm askign if anyone else is around who knows how to troubleshoot it.

I know how to do a few basic things in .htaccess but not sure about these rewrite rules...

[kusadasi-guy]

They are not hackers
they are all lamers

BTW, thank you minstrel

[anthonycea]

Well, whatever you call them they are using Google and Yahoo to fool some smart administrators and shutting down forums and websites.

So they are not as lame as you think.

You guys need to hit the phpBB forum owners forum in a hurry, I am sure they are asking the same questions over there.

[kc3]

Damn, I hate wanna be hackers. I used to be into that kind of thing (never was that great but some people thought I was) until I got caught, no charges were pressed but I got the crap scared out of me. I don't think they're doing anything so we'll respect a race, country, or any other sort of thing like that. I think they're out to have fun and they just had to have an excuse.

I also probably wouldn't take much to convince google or yahoo to not display a website. And they're probably nothing but a bunch of Script Kiddies looking up tutorials and tools on NewOrder, Astalavista, or some other Malware site.

[digitalpoint]

That's the only thing I put in my htaccess file, and it's not making it forbidden for anyone else. Did you check your error log on the server to see if it logged anything?

[anthonycea]

Here is a thread on the phpBB forum talking about something close, I am not a coder so it is French to me

http://www.phpbb.com/phpBB/viewtopic.php?t=249010

Good luck guys