Weird Issue/Hack?

ehoffman73 · May 07, 2007, 06:47:55 PM

We have someone that keeps registering, we think, with a real name that contains a spam URL, so it shows up on the board index. But when I click the name, says profile does not exist. Can't find in the members list, active or waiting.

So, I look into the settings database, and sure enough, there it is in the Latest Member field.

How is he achieving this behavior? Sounds very suspect to me.

jerm · May 07, 2007, 10:39:04 PM

Could you give us a link to this please?

ehoffman73 · May 09, 2007, 04:47:17 PM

Shoot, I just nuked it his latest entry, but if you goto: http://www.purplepride.org/index.php?option=com_smf&Itemid=88888914

and look at latest member...about once a day the same thing shows up, and its always a high random number in the smf_settings table, and that link in the real name field....so look tomorrow or so and I bet it will be back. This entry is never in the members table or awaiting activation....

It just feels like a direct injection somehow right into this table via smf somehow....don't quite know if its that or not.

ehoffman73 · May 09, 2007, 09:39:06 PM

okay, its back again.  This is quite regular.  How is he injecting into the smf_Settings table???

http://www.purplepride.org/index.php?option=com_smf&Itemid=88888914    Look at the bottom under Latest Member

codenaught · July 14, 2007, 10:29:33 PM

ehoffman73, is this issue resolved or do you still require help with this?

ehoffman73 · July 15, 2007, 06:36:41 PM

haven't seen it lately, so leaving it alone.

News:

Weird Issue/Hack?

ehoffman73

jerm

ehoffman73

ehoffman73

codenaught

ehoffman73