Web Wiz Forums - hacking of my version 6 forum

Print Page | Close Window

hacking of my version 6 forum

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=11577
Printed Date: 08 April 2026 at 11:20pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: hacking of my version 6 forum

Posted By: Agni
Subject: hacking of my version 6 forum
Date Posted: 19 August 2004 at 4:45pm

I am still using wwg forum version 6.34.

It saddens me to report the following:

Someone has written a script or macro that will keep signing up new random members to my forum at a rate of about 400 per min. I was notified by a keen-eyed member of my forum who phoned me. At this stage 12,000 members have been added this afternoon - thus flooding my SQL server and database. I have since diabled the signup option on my forum - before any more damage is done. Incidentally, my reluctance to upgrade my forum to the latest is that I have made many modifications. One of such is to record the IP of new members. Thus I can report that the person was using:
IP: 195.175.37.54

Hopefully it is static - so is there a way I can ban this ip from my site - to stop this?

Firstly, can I stop a person with this Ip - or sub group from acessing my site?

Secondly, any suggestion as to how to stop this flooding of new signups? I note that the latest version of Bruce's forum uses the coded entry - to prevent auto signups.

Thirdly, is there any legal action I can take against this person. If the IP is static, then should I contact their ISP to complain?

Any help/advice would be very welcome.

Thanks

Nathan

-------------
www.agni.gr
Travel To Greece Guide

Replies:

Posted By: michael
Date Posted: 19 August 2004 at 10:29pm

You can ban an ip address in your global.asa file so it is site wide, simply but it into the Session_Onstart, you sure can take legal actions, just report it to the ISP, if it is a serious one they can do it for you. Nevertheless, I dearly recommend you upgrade as soon as possible.

-------------
http://baumannphoto.com" rel="nofollow - Blog | http://mpgtracker.com" rel="nofollow - MPG Tracker

Posted By: dpyers
Date Posted: 20 August 2004 at 12:56am

According to http://www.dnsstuff.com - www.dnsstuff.com ...

Country: TURKEY (high)

ARIN says that this IP belongs to RIPE; I'm looking it up there.

<>
status = "Looking up at RIPE...";



Using cached answer (or, you can  http://www.dnsstuff.com/tools/whois.ch?ip=195.175.37.54&server=whois.ripe.net&cache=off - get fresh results ).
Displaying E-mail address (use sparingly -- this will make it more likely that you will trigger our rate limiting system).

% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html

inetnum:      195.175.32.0 - 195.175.47.255
netname:      TT-RAS-TESTNET
descr:        Turk Telekom RAS Test Network
descr:        Acibadem Firm1
country:      TR
admin-c:      TTBA1-RIPE
tech-c:       TTBA1-RIPE
status:       ASSIGNED PA
mnt-by:       AS9121-MNT
changed:      ipg@telekom.gov.tr 20010326
source:       RIPE

route:        195.175.0.0/17
descr:        TTnetTurkTelekom
origin:       AS9121
mnt-by:       AS9121-MNT
mnt-routes:   AS9121-MNT
changed:      ipg@telekom.gov.tr 20010529
changed:      ipg@telekom.gov.tr 20020328
changed:      ipg@telekom.gov.tr 20020612
source:       RIPE

role:         TT Administrative Contact Role
address:      Turk Telekom
address:      Bilisim Aglari Dairesi
address:      Aydinlikevler
address:      06103 ANKARA
phone:        +90 312 313 1950
fax-no:       +90 312 313 1949
e-mail:       ipg@telekom.gov.tr
admin-c:      BADB3-RIPE
tech-c:       ZA66-RIPE
tech-c:       ZA196-RIPE
tech-c:       LA109-RIPE
tech-c:       AC11071-RIPE
tech-c:       NO638-RIPE
nic-hdl:      TTBA1-RIPE
notify:       ipg@telekom.gov.tr
mnt-by:       AS9121-MNT
changed:      ipg@telekom.gov.tr 20000608
changed:      ipg@telekom.gov.tr 20001020
changed:      ipg@telekom.gov.tr 20010615
changed:      ipg@telekom.gov.tr 20020228
source:       RIPE

Also found the IP on blacklists at
http://dnsbl.toolbot.com/?address=195.175.37.54 - http://dnsbl.toolbot.com/?address=195.175.37.54
and
http://rbls.org/?q=195.175.37.54 - http://rbls.org/?q=195.175.37.54

-------------

Lead me not into temptation... I know the short cut, follow me.

Posted By: WebWiz-Bruce
Date Posted: 20 August 2004 at 6:13am

If you do upgrade to the latest version it is much more secure with IP banning, and also it has security images on the sign-up page to prevent someone from flooding a forum with new sign-ups.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting