Ìîñêâà

Just wondering where Ìîñêâà is as we seem to have a lot of new members from there?

www.irishastronomy.org/boards/memberlist.php and sort descending

hi Conor,

this looks like a PHP attack (the funny text characters you quoted translate as "Irena"). It dates back to just before December 25th -- there's a couple of registered users then that are spam scripts as well. The giveaway too is the ".ru" suffix to the domain name.

Al/Bart, because you have webmaster rights you might have to zap the users with ".ru" in the domain name. There's a few with no web site quoted so I recommended the following names to be deleted;

nickd
bigsinky
qotsa
blyadischa795
LorieKennedy83 (it's the web site I'm not sure about whether it's genuine)
minelab
yosi
jane
and
ilja
361361
color_laser_engraver (again, a seemingly dodgy web site)
GF3
xoxahmedsxox
toilaai_quang
Jenya_S1980

. . . and all the other cyrillic character names at the end of the directory (Olan is a genuine member of a the group). Could you check the user e-mail behind-the-scenes for some of the names on Dec 24th also?

more on this at lists.virus.org/full-disclosure-0501/msg00031.html

all the best,

John

just a quick note to ensure the post reads my own log-in rather than "Anonymous" -- just in case anyone thinks I'm a hacker!

also, don't click on any of the web sites highlighted against the user ids listed in the post above! There's a real risk of your computer being infected by a virus or mass-mailing worm if you do so.

John Flannery,
Jefferson I.T. Dept.

The entries are indeed spammers, mainly promoting Russian websites.

If you want to prevent the websites being shown, it is possible to modify the php code for these boards so that only people who have more than a certain number of posts will have their website address made visible on memberlist and view profile.

In the phpBB code you can also test the website address for certain words before the person registers, and if it matches, you can set the website address to nothing. I have this working on 3 different websites and although these spammers can register, none of their advertising / website links show up.

The funny characters may have been text from the russian charset shown in the western charset equivalent.

bugger, I'm gonna have to find and install the Visual confirmation mod to lock these buggers out!

If you're looking for a quick way to removed these spammers from the system, If you have access to your SQL Server you could run a command like ...

[code:1]DELETE FROM `phpbb_users` WHERE `user_website` like '%.ru%';[/code:1]

Just put what every criteria about the website between the % symbols.

Saves you having to manually go through the Admin Panel and delete each user.

Use carefully though !