Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
izone
Involved
Involved


Joined: Sep 07, 2004
Posts: 354
Location: Sweden

PostPosted: Mon Dec 11, 2006 1:06 pm Reply with quote

Hi,

In few of our friends sites a user by name 4xman has registered as new user and not only once but 135 times or more!!! same username and same email (4xman@yahoo.com).

Nuke Sentinel is running and activation code is on. Using CNBYA 4.4.0

How can we stop him?

Best regards.
 
View user's profile Send private message
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Mon Dec 11, 2006 1:50 pm Reply with quote

Sentinel could probably block him using the String Blocker. I have no idea what features are in CNBYA to do that

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
izone
PostPosted: Mon Dec 11, 2006 2:36 pm Reply with quote

evaders99, thanks.

String Blocker is On but String List is empty!

To block him what shall I put in the list?
 
evaders99
PostPosted: Mon Dec 11, 2006 4:49 pm Reply with quote

well you could put his username, email, or both
 
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Mon Dec 11, 2006 5:19 pm Reply with quote

Were none of these users confirmed? It's surprising that 4.4.0 does not check the pending users for duplicates.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Mon Dec 11, 2006 7:14 pm Reply with quote

your correct kguske, pending users with same name and email cant be used twice...
 
View user's profile Send private message
kguske
PostPosted: Mon Dec 11, 2006 7:59 pm Reply with quote

That's the question - how did this bypass that validation?
 
hitwalker
PostPosted: Tue Dec 12, 2006 1:06 am Reply with quote

well i just installed it to be sure and its impossible..
or he's not looking right,or mistaken...etc..
as soon as i try to duplicate anything it stops me.
and is a bit weird huh..,whats the use (even if it is possible) to bypass any cause you still have to be approved.
 
izone
PostPosted: Tue Dec 12, 2006 3:29 am Reply with quote

evaders99, Thank you.

kguske, hitwalker, Yes and no Neutral

When you want to add two or more users with either same username or email or both you get error message that it is not possilble, thats what I told to these guys when they asked for help! But yesterday I run a search in phpmyadmin after this username and email and it was 135 of them in user table. I don't know how he doese it or if there is a bug in cnbya.

I think there's some other guys that hasn't deleted him from the db yet, if you want to look at the db just let me know. You have just to pay $9,99 to see must amazing thing in nuke's user table Mr. Green

Unfortunatly and because of many confirmations emails goes to bulk, admins has turned off approval in cnbya.
 
hitwalker
PostPosted: Tue Dec 12, 2006 4:32 am Reply with quote

Quote:
You have just to pay $9,99


huh?..explain..
 
izone
PostPosted: Tue Dec 12, 2006 4:40 am Reply with quote

just kidding hitwalker,

if I bill you 9,99 for only seeing a db then I think evaders99, must bill me 99,99 for giving me that help above Cheers ROTFL

I'm going to put his name and email on the string list in Sentinel and see if he can make another mass registration. I'm still waiting for cnbya 5 but I think I'm not only one that has to wait looooong time for it.

cheers
 
hitwalker
PostPosted: Tue Dec 12, 2006 4:45 am Reply with quote

well im not convinced this has happend with cnbya,absolutely not..
there's also no attacks ,hacks known that this is possible..

as for the new cnbya version.....
you could have downloaded it as the link was in the cnbya forum....
Wink
 
kguske
PostPosted: Tue Dec 12, 2006 5:20 am Reply with quote

My concern is that maybe he is using some sort of automated script that bypasses the check for duplicates. Have you looked at your access log? That might provide some insight.
 
izone
PostPosted: Tue Dec 12, 2006 6:19 am Reply with quote

kguske, You are right, he has used automated script because he couldn't register 100's of users in few sites at the same time.

No I haven't yet. What shall I search for in the access log?

Quote:

as for the new cnbya version.....
you could have downloaded it as the link was in the cnbya forum....


was in the cnbya? it isn't now?
 
hitwalker
PostPosted: Tue Dec 12, 2006 6:24 am Reply with quote

well my advice is simple....never set things to automated or auto-approve,best thing is to activate every account only when approved.

as for the link,if its gone then its gone... Laughing
but im sure it will popup again,maybe even on my site just ti increase the tatal betatesters.... Wink
 
evaders99
PostPosted: Tue Dec 12, 2006 8:18 am Reply with quote

Do you have access logs to determine what was send to the server? That could help figure out what happened
 
kguske
PostPosted: Tue Dec 12, 2006 12:11 pm Reply with quote

In the access log, search for the user name.
 
guidyy
Worker
Worker


Joined: Nov 22, 2004
Posts: 208
Location: Italy

PostPosted: Tue Dec 12, 2006 1:34 pm Reply with quote

Just wondering: What's the purpose of registering same nick 135 times?
 
View user's profile Send private message Visit poster's website MSN Messenger
kguske
PostPosted: Tue Dec 12, 2006 2:11 pm Reply with quote

Good question - it wouldn't get into the real users table anyway.
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Tue Dec 12, 2006 4:57 pm Reply with quote

He/She was probably just attempting to auto register an account, hence the 100+ attempts.
 
View user's profile Send private message Send e-mail
kguske
PostPosted: Tue Dec 12, 2006 10:52 pm Reply with quote

Could be, but why not test on your own site? Yes, I know - we've been down that road before...
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©