*** PHPBB board owners : HACKER ALERT *** - GoFuckYourself.com

facialfreak · 04-01-2005, 02:10 AM

If you run a PHPBB forum, be on the watch for a user called "avanluxxia" or "avanluxia"

known emails so far :

[email protected]
[email protected]
[email protected]

---------------------------------------

Name Server: NS1.USINGMAC.ORG
ICANN Registrar: GO DADDY SOFTWARE, INC.
Created: 2005-03-28
Expires: 2006-03-28
Status: ACTIVE
Please note: the registrant of the domain name is specified
in the "registrant" field. In most cases, Go Daddy Software, Inc.
is not the registrant of domain names listed in this database.

Registrant:
Chardy Wang
15 Upper Boon Keng Rd
#12-10-1063
Singapore 380015
Singapore

Registered through: GoDaddy.com
Domain Name: ALIENFAKE.COM
Created on: 28-Mar-05
Expires on: 28-Mar-06
Last Updated on: 29-Mar-05

Administrative Contact:
Wang, Chardy [email protected]
15 Upper Boon Keng Rd
#12-10-1063
Singapore 380015
Singapore
6598320135 Fax --
Technical Contact:
Wang, Chardy [email protected]
15 Upper Boon Keng Rd
#12-10-1063
Singapore 380015
Singapore
6598320135 Fax --

Domain servers in listed order:
NS1.USINGMAC.ORG
NS2.USINGMAC.ORG

Domain name: FLASHCUBICLE.COM

Administrative Contact:
Wang, Chardy [email protected]
Nanyang Crescent
#12-1063
nanyang
Singapore, SG 580015
SG
+65.98320135
Technical Contact:
Wang, Chardy [email protected]
Nanyang Crescent
#12-1063
Nanyang
Singapore, SG 580015
SG
+65.98320135

Registrar of Record: TUCOWS, INC.
Record last updated on 07-Dec-2004.
Record expires on 27-Nov-2005.
Record created on 27-Nov-2004.

Domain servers in listed order:
NS1.USINGMAC.ORG
NS2.USINGMAC.ORG

-----------------------------------------------------

If you go to ALIENFAKE.COM you will see mister Wang has been playing with some kind of a hacking script that targets PHPBB boards. He signed up several times for my board today, but luckily I have been revamping and improving my board, and happened to catch him!

Alienfake.com was registered 3 days ago, so it was not an existing board that got hacked, but rather a TESTING GROUND for whatever malicious scripts MR CHURDY WANG has been developing.

I have disabled user activations now, so anybody attempting to join my forum will have to be approved by me first. I am sorry for this inconvenience, but it is a neccesary action. I have also banned all webmail accounts, and blacklisted his IP.

If you run a PHPBB , take a second to secure it the best you can from this guy!

facialfreak · 04-01-2005, 02:16 AM

HOLY SHIT !!!

It appears CHARDY WANG aka AVANLUXIA has registered at more than 500 PHPBB boards !!! Looks like he planned/plans on taking them ALL down !!!!

http://www.google.com/search?q=avanluxia

facialfreak · 04-01-2005, 02:27 AM

All registrations appear to be within the past couple days too!

something really big is going on here

Maybe I need to phone the authorities in Singapore and have them visit this guy?!?

I hope police in Singapore speak english

Alot of people's hard work and efforts are at stake here!

Love Brokers · 04-01-2005, 02:35 AM

Quote:

Originally Posted by facialfreak

All registrations appear to be within the past couple days too!

something really big is going on here

Maybe I need to phone the authorities in Singapore and have them visit this guy?!?

I hope police in Singapore speak english

Alot of people's hard work and efforts are at stake here!

You bet your ass they speakin zee Englich in Singapoor.

jonpotz · 04-01-2005, 02:35 AM

are you guys using phpBB 2.0.11?

i didn't see anything abnormal, but i changed my registration admin to be safe.

what tha deal?

facialfreak · 04-01-2005, 02:39 AM

Upon more digging, I found his hacker name is YUDHAX, and his tag line is MAKE LOVE NOT W@R ... he has already hacked/defaced several boards

http://www.google.com/search?q=YudhaX

another known email address is [email protected]

xclusive · 04-01-2005, 02:43 AM

oh this could be big

SmokeyTheBear · 04-01-2005, 02:57 AM

This is an old exploit on unpatched board i can tell you the exact line to patch if your not upgraded.

SmokeyTheBear · 04-01-2005, 02:59 AM

phpBB Group announces the release of phpBB 2.0.13, the "Beware of the furries" edition. This release addresses two recent security exploits, one of them critical. They were reported a few days after .12 was released and no one is more annoyed than us, having to release a new version in such a short period of time.
Fortunately both fixes are easy and in each case just one line needs to be edited.

The first issue is critical (session handling allowing everyone gaining administrator rights) and we urge you to fix it on your forums as soon as possible:

Open includes/sessions.php

Find:
Code:
if( $sessiondata['autologinid'] hahahaha $auto_login_key )

Replace with:
Code:
if( $sessiondata['autologinid'] hahahaha= $auto_login_key )

A second minor issue reported to bugtraq several days ago was the path disclosure bug in viewtopic.php which got fixed by applying the following steps:

Open viewtopic.php

Find:
Code:
$message = str_replace('\"', '"', substr(preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "preg_replace('#\b(" . $highlight_match . ")\b#i', '\\\\1', '\\0')", '>' . $message . '<'), 1, -1));

Replace with:
Code:
$message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . $highlight_match . ")\b#i', '\\\\1', '\\0')", '>' . $message . '<'), 1, -1));

facialfreak · 04-01-2005, 03:00 AM

I am not sure if I am or not STB, as my PHPBB is supplied by my host.

could you please post it here, or email me ff AT gamarays DOT com

Thank you

facialfreak · 04-01-2005, 03:01 AM

ok ... Sigapore police number right from their website is 6 353 0000

is 6 the country code?
Does somebody know the proper dialing instructions for singapore?

facialfreak · 04-01-2005, 03:02 AM

thanks STB!

SmokeyTheBear · 04-01-2005, 03:02 AM

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563

SmokeyTheBear · 04-01-2005, 03:03 AM

Quote:

Originally Posted by facialfreak

ok ... Sigapore police number right from their website is 6 353 0000

is 6 the country code?
Does somebody know the proper dialing instructions for singapore?

it would usually be something like 011-6-353-0000

try this
http://www.ustreas.gov/usss/net_intrusion_forms.shtml

SMG · 04-01-2005, 03:04 AM

churdy wang ... sounds kinda like what "dirty wang" would be like if it was said by someone with shit in his mouth

theFeTiShLaDy · 04-01-2005, 03:15 AM

posting this here facialfreak alerts all the board owners.

so to all board owners better to do some actions now before it's too late.

facialfreak · 04-01-2005, 03:18 AM

Quote:

Originally Posted by theFeTiShLaDy

posting this here facialfreak alerts all the board owners.

so to all board owners better to do some actions now before it's too late.

I agree!

But with this much damning info on him, I think the local Singapore constabulary should pay Mr Dirty Wang a visit ...

04-01-2005, 02:16 AM	#2
facialfreak Confirmed User Join Date: Feb 2005 Location: Montreal Posts: 3,018	HOLY SHIT !!! It appears CHARDY WANG aka AVANLUXIA has registered at more than 500 PHPBB boards !!! Looks like he planned/plans on taking them ALL down !!!! http://www.google.com/search?q=avanluxia __________________ Managed Shared Hosting starting at $4.99/mo Managed VPS starting at $29.99/mo

04-01-2005, 02:27 AM	#3
facialfreak Confirmed User Join Date: Feb 2005 Location: Montreal Posts: 3,018	All registrations appear to be within the past couple days too! something really big is going on here Maybe I need to phone the authorities in Singapore and have them visit this guy?!? I hope police in Singapore speak english Alot of people's hard work and efforts are at stake here! __________________ Managed Shared Hosting starting at $4.99/mo Managed VPS starting at $29.99/mo

04-01-2005, 02:39 AM	#6
facialfreak Confirmed User Join Date: Feb 2005 Location: Montreal Posts: 3,018	Upon more digging, I found his hacker name is YUDHAX, and his tag line is MAKE LOVE NOT W@R ... he has already hacked/defaced several boards http://www.google.com/search?q=YudhaX another known email address is [email protected] __________________ Managed Shared Hosting starting at $4.99/mo Managed VPS starting at $29.99/mo

04-01-2005, 02:43 AM	#7
xclusive Too lazy to set a custom title Join Date: Apr 2004 Location: Buffalo, NY Posts: 35,218	oh this could be big __________________ I support MediumPimpin.com / Shemp's Outlawtgp.com /

04-01-2005, 02:57 AM	#8
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	This is an old exploit on unpatched board i can tell you the exact line to patch if your not upgraded. __________________ hatisblack at yahoo.com

04-01-2005, 02:10 AM	#1
facialfreak Confirmed User Join Date: Feb 2005 Location: Montreal Posts: 3,018	* PHPBB board owners : HACKER ALERT * If you run a PHPBB forum, be on the watch for a user called "avanluxxia" or "avanluxia" known emails so far : [email protected] [email protected] [email protected] --------------------------------------- Name Server: NS1.USINGMAC.ORG ICANN Registrar: GO DADDY SOFTWARE, INC. Created: 2005-03-28 Expires: 2006-03-28 Status: ACTIVE Please note: the registrant of the domain name is specified in the "registrant" field. In most cases, Go Daddy Software, Inc. is not the registrant of domain names listed in this database. Registrant: Chardy Wang 15 Upper Boon Keng Rd #12-10-1063 Singapore 380015 Singapore Registered through: GoDaddy.com Domain Name: ALIENFAKE.COM Created on: 28-Mar-05 Expires on: 28-Mar-06 Last Updated on: 29-Mar-05 Administrative Contact: Wang, Chardy [email protected] 15 Upper Boon Keng Rd #12-10-1063 Singapore 380015 Singapore 6598320135 Fax -- Technical Contact: Wang, Chardy [email protected] 15 Upper Boon Keng Rd #12-10-1063 Singapore 380015 Singapore 6598320135 Fax -- Domain servers in listed order: NS1.USINGMAC.ORG NS2.USINGMAC.ORG Domain name: FLASHCUBICLE.COM Administrative Contact: Wang, Chardy [email protected] Nanyang Crescent #12-1063 nanyang Singapore, SG 580015 SG +65.98320135 Technical Contact: Wang, Chardy [email protected] Nanyang Crescent #12-1063 Nanyang Singapore, SG 580015 SG +65.98320135 Registrar of Record: TUCOWS, INC. Record last updated on 07-Dec-2004. Record expires on 27-Nov-2005. Record created on 27-Nov-2004. Domain servers in listed order: NS1.USINGMAC.ORG NS2.USINGMAC.ORG ----------------------------------------------------- If you go to ALIENFAKE.COM you will see mister Wang has been playing with some kind of a hacking script that targets PHPBB boards. He signed up several times for my board today, but luckily I have been revamping and improving my board, and happened to catch him! Alienfake.com was registered 3 days ago, so it was not an existing board that got hacked, but rather a TESTING GROUND for whatever malicious scripts MR CHURDY WANG has been developing. I have disabled user activations now, so anybody attempting to join my forum will have to be approved by me first. I am sorry for this inconvenience, but it is a neccesary action. I have also banned all webmail accounts, and blacklisted his IP. If you run a PHPBB , take a second to secure it the best you can from this guy! __________________ Managed Shared Hosting starting at $4.99/mo Managed VPS starting at $29.99/mo Last edited by facialfreak; 04-01-2005 at 02:12 AM..

04-01-2005, 02:35 AM	#5
jonpotz Confirmed User Join Date: Aug 2004 Posts: 960	are you guys using phpBB 2.0.11? i didn't see anything abnormal, but i changed my registration admin to be safe. what tha deal?

04-01-2005, 02:59 AM	#9
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	phpBB Group announces the release of phpBB 2.0.13, the "Beware of the furries" edition. This release addresses two recent security exploits, one of them critical. They were reported a few days after .12 was released and no one is more annoyed than us, having to release a new version in such a short period of time. Fortunately both fixes are easy and in each case just one line needs to be edited. The first issue is critical (session handling allowing everyone gaining administrator rights) and we urge you to fix it on your forums as soon as possible: Open includes/sessions.php Find: Code: if( $sessiondata['autologinid'] hahahaha $auto_login_key ) Replace with: Code: if( $sessiondata['autologinid'] hahahaha= $auto_login_key ) A second minor issue reported to bugtraq several days ago was the path disclosure bug in viewtopic.php which got fixed by applying the following steps: Open viewtopic.php Find: Code: $message = str_replace('\"', '"', substr(preg_replace('#(\>(((?>([^><]+\|(?R))))\<))#se', "preg_replace('#\b(" . $highlight_match . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1)); Replace with: Code: $message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+\|(?R))))\<))#se', "@preg_replace('#\b(" . $highlight_match . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1)); __________________ hatisblack at yahoo.com

04-01-2005, 03:00 AM	#10
facialfreak Confirmed User Join Date: Feb 2005 Location: Montreal Posts: 3,018	I am not sure if I am or not STB, as my PHPBB is supplied by my host. could you please post it here, or email me ff AT gamarays DOT com Thank you __________________ Managed Shared Hosting starting at $4.99/mo Managed VPS starting at $29.99/mo

04-01-2005, 03:01 AM	#11
facialfreak Confirmed User Join Date: Feb 2005 Location: Montreal Posts: 3,018	ok ... Sigapore police number right from their website is 6 353 0000 is 6 the country code? Does somebody know the proper dialing instructions for singapore? __________________ Managed Shared Hosting starting at $4.99/mo Managed VPS starting at $29.99/mo

04-01-2005, 03:02 AM	#12
facialfreak Confirmed User Join Date: Feb 2005 Location: Montreal Posts: 3,018	thanks STB! __________________ Managed Shared Hosting starting at $4.99/mo Managed VPS starting at $29.99/mo

04-01-2005, 03:04 AM	#15
SMG Confirmed User Join Date: Aug 2003 Posts: 1,798	churdy wang ... sounds kinda like what "dirty wang" would be like if it was said by someone with shit in his mouth __________________ TGP Webmasters: sign up for the top 100 tgp list! Submit galleries If you add me to icq (title) make sure to mention GFY or I'll think you're a bot and deny you.

04-01-2005, 03:15 AM	#16
theFeTiShLaDy Confirmed User Join Date: Jun 2004 Posts: 2,615	posting this here facialfreak alerts all the board owners. so to all board owners better to do some actions now before it's too late. __________________ I'm a freelance babe!