"Jim Watt" <jimwatt@aol.no_way> wrote in message
news:10fck1hnehqkn500c7ngs9rkv6ro0m2p8c@4ax.com...

<much snippage>

> It seems that spamming message boards based on Matt Wrights wwwboard
> script is widespread and consumes a lot of bandwidth.

> So has anyone got any practical suggestions, or shall we continue
> to debate M$ perfidy, securely wiping hard drives, and spyware
> woes whilst some scumbag gets away with it ??

I'll ask the obvious (don't run a board, myself).. anything significant in
the HTTP that you can trap, and are the proxies actually useful to users?

Might explain why most forums I use now mandate registration...

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

"Jim Watt" <jimwatt@aol.no_way> wrote in message
news:mvadk1tjn99ccvl7lk0no6s9kfnu9d0581@4ax.com...
> On Fri, 07 Oct 2005 14:44:58 GMT, "Hairy One Kenobi"
> <abuse@[127.0.0.1]> wrote:
>
> >"Jim Watt" <jimwatt@aol.no_way> wrote in message
> >news:10fck1hnehqkn500c7ngs9rkv6ro0m2p8c@4ax.com.. .
> >
> ><much snippage>
> >
> >> It seems that spamming message boards based on Matt Wrights wwwboard
> >> script is widespread and consumes a lot of bandwidth.
> >
> >> So has anyone got any practical suggestions, or shall we continue
> >> to debate M$ perfidy, securely wiping hard drives, and spyware
> >> woes whilst some scumbag gets away with it ??
> >
> >I'll ask the obvious (don't run a board, myself).. anything significant
in
> >the HTTP that you can trap, and are the proxies actually useful to users?
> >
> >Might explain why most forums I use now mandate registration...
>
> The incoming http does contain unique things and the proxies
> are useful for people who want to hide their address.
>
> However, although one can block the stuff the webserver loading
> remains.

Fairy snuff.

Not much you can do about that, that I can see - assuming that you can't
"shield" something against a dynamic query (i.e. poison the attack vector by
pretending your forum is something else, or returning a tainted response

H1K

"Jim Watt" <jimwatt@aol.no_way> wrote in message
news:gl0ek1paa99eb1umdhaimslbj6adsbk0l3@4ax.com...
> On Fri, 07 Oct 2005 22:38:58 GMT, "Hairy One Kenobi"
> <abuse@[127.0.0.1]> wrote:
>
> >Not much you can do about that, that I can see - assuming that you can't
> >"shield" something against a dynamic query (i.e. poison the attack vector
by
> >pretending your forum is something else, or returning a tainted response
>
> So far the owners of the proxies seem to have changed their default
> passwords too.
>
> Not sure if the motive is to promote scummy websites or just grafity
> however it seems to be a widespread issue and someone is spending
> serious time on it.

Are the attacks limited to that one specific bit of forum software?

Disgruntled former collaborator?

Although it didn't degenerate into attacks, the Smoothwall project got
distinctly "iffy" a few years back. It happens, when egos bounce off each
other sufficiently hard.

H1K

"Jim Watt" <jimwatt@aol.no_way> wrote in message
news:85lfk1dc2uj4fthp875ke8qemvpajudlrm@4ax.com...
> On Sat, 08 Oct 2005 10:27:26 GMT, "Hairy One Kenobi"
> <abuse@[127.0.0.1]> wrote:
>
> >> Not sure if the motive is to promote scummy websites or just grafity
> >> however it seems to be a widespread issue and someone is spending
> >> serious time on it.
> >
> >Are the attacks limited to that one specific bit of forum software?
> >
> >Disgruntled former collaborator?
>
> I don't think so, its either sheer destruction or an attempt to
> promote dubious websites. It seems to be a common problem
> rather like spyware.
>
> It may indeed be coming from machines 'owned' by someone
> as the attacks on my message board vary.

Ah. OK

> >Although it didn't degenerate into attacks, the Smoothwall project got
> >distinctly "iffy" a few years back. It happens, when egos bounce off each
> >other sufficiently hard.
>
> Interesting, I found a client running that and it looked quite good.

It was (eventually! They initially had a morbid for fear on anything close
to a current kernel - PITA when it came to finding drivers, etc)

Basically just RH with a pretty front end. Worked as well as you would
expect (very), but ended up getting replaced with an embedded solution - the
problem with old kit is that it can be a little power-hungry ;o)

H1K