General Community > Chit Chat

Broken BOT code

(1/3) > >>

nightbre:
Ive tracked back an ip address and discovered what appears to be a bot with all its folders using ect to register on forums and possibly injections as theres likes of paypal details accessable for donations and payments to it.There is a massive list of emails also in this. It appears that the folders have no index.php making them visible and id assume a novice is attempting to use this.
 

If any of the admin want the ip to check it over in the interest of security and possibly directly see how it functions for security hole reduction then I will provide the IP via a PM. I dont want to post it here for all to see in case anyone does something unintentional to themselves.

nightbre:
Suprised not a single person associated with SMF has asked a single question about this.

Arantor:
There's not really a lot that can actually be done, unless the code itself is visible. There is absolutely no way I'm clicking on links on a foreign website that could potentially be running hostile code against a third party, no matter who the third party might be.

YogiBear:
I'll cheerfully run the IP itself through various checkers to see it there's any further knowledge on this but otherwise Arantor's warning is only too true.

nightbre:
A lot of its info is visible and its all accessed through its IP not an actual site.  Looks like his xamp servers messed up and left directorys open he shouldnt have. Even the email lists are valuable imo.

I understand if it was a fully fledged site meant to be scamming/hoaxing people but it seems he uses curl to get initial info then doing whatever he is trying to do once access to a sites been made. Just his xamp servers messed up and lets directorys be accessed.

The IP has been very active over the last few days according to spam site listings.

Navigation

[0] Message Index

[#] Next page