Jump to content


Photo
- - - - -

Can anyone speak the language of Belgium?


  • Please log in to reply
15 replies to this topic

#1 nick84

nick84

    Member

  • Agents of the Revolution
  • 1,680 posts
  • Gender:Male

Posted 27 October 2002 - 05:36 PM

I was just wondering if anyone knows what language they speak in Belgium (i.e. on [dot] “be” domains) or knows any translation sites for it, as I got a referral on my site from http://www.tik.be. But I cant understand what they are saying!

Het PUB forum is een tijdje offline geweest wegens misbruik. Meer uitleg hierover vindt u op het forum zelf.

UPDATE: intussen zijn we gecontacteerd door beheerders van een ander forum die ook gekraakt zijn. We willen alle gebruikers van PHPBB2 software dan ook sterk aanbevelen hun software dringend up te daten en de beveiliging sterk in de gaten te houden. Wie stappen wil ondernemen tegen dit misbruik kan contact met ons opnemen per mail. Op http://www.rootsecur...em=exploit_code vindt u info over wat de vermoedelijke fout is. Deze exploit is blijkbaar nog niet op bugtraq en een aantal andere bekende security sites verschenen.



#2 nick84

nick84

    Member

  • Agents of the Revolution
  • 1,680 posts
  • Gender:Male

Posted 27 October 2002 - 06:08 PM

I also just found this as well that I cant read :(

Onderwerp: Verontschuldigingen voor forum misbruik  

Beste PUB forum bezoeker,

Iemand is er in geslaagd om misbruik te maken van het PUB forum. We willen hiervoor om te beginnen onze verontschuldigingen aanbieden. Blijkbaar was er een onbekend veiligheidslek in het gebruikte software-pakket van het forum.

De fout is gelokaliseerd en de gegevens van de dader zijn bekend. PUB zal hiertegen stappen ondernemen. Er zijn geen persoonlijke gegevens uit de ledendatabase gelekt. De inbreker heeft misbruik gemaakt van een optie van het forum om alle gebruikers te mailen. Dit betekent dat hij daarvoor geen toegang moet hebben tot de mailadressen in kwestie, maar jammer genoeg wel een massa mailing heeft kunnen sturen naar een deel van de forum leden.

Het misbruik werd vrij snel ontdekt en we hebben nog een deel ervan kunnen verijdelen. We doen er alles aan om de dader op te sporen en de geëigende maatregelen te treffen.

Het PUB-bestuur



#3 GUEST_Luc_***

GUEST_Luc_***
  • Guests

Posted 28 October 2002 - 04:18 AM

Hi, I'm from www.tik.be (the language is Dutch.)
We had a problem with our forum and someone gave us the link to your site as a possible explanation for the abuse. We don't accuse your site or anything else, it's just information for other phpBB2 users.
(some kids have been using this or a similar exploit to abuse phpBB2 fora in Belgium)

And yes, we understand English, if you have any further questions. ;)

#4 GUEST_Aenesidemos_***

GUEST_Aenesidemos_***
  • Guests

Posted 28 October 2002 - 05:39 AM

I was just wondering if anyone knows what language they speak in Belgium (i.e. on [dot] “be” domains) or knows any translation sites for it, as I got a referral on my site from http://www.tik.be. But I cant understand what they are saying!


In Belgium we have 3 languages:
Dutch (the language used in tik.be), French and German.
The majority of the population (about 60%) is Dutch-speaking.
German is used by a small minority near the German border.
The rest of the population is French-speaking.

#5 GUEST_PowerKe_***

GUEST_PowerKe_***
  • Guests

Posted 28 October 2002 - 05:49 AM

Let's be nice and translate those msgs, here goes the first one:

The PUB (Pandora User Base) forum has been offline for a while due to abuse. More information about this you can find at the forum

UPDATE: by now we've been contacted by the administrators of another forum who've been hacked as well. We'd like to recommend all users of PHPBB2 to update their software urgenlty and monitor security closely. People who like to press charges can contact us by mail. At http://www.rootsecur...em=exploit_code you'll find more information about the bug. It seems like this exploit has not yet been published at bugtraq and other well known security sites.



#6 nick84

nick84

    Member

  • Agents of the Revolution
  • 1,680 posts
  • Gender:Male

Posted 28 October 2002 - 05:53 AM

Thanks very much for taking the time to translate it for me :) - much appreciated.

(knowing what language it is now I also managed to find a free online translator at
http://www.worldling...ranslator.html)

#7 GUEST_PowerKe_***

GUEST_PowerKe_***
  • Guests

Posted 28 October 2002 - 06:03 AM

Second one...

Subject: Apologies for the forum abuse

Dear PUB forum visitor,

Someone has succeeded in abusing the PUB forum. We would like to start by apologizing for this. It seems like there has been an unknown security error in the software we are using for this forum.

The error has been found and the data about the intruder are identified. PUB will take actions against him. No personal data has been retrieved from the members database. The hacker has abused a forum utility to send mass-mailings to all users. This means that he did not need to have access to te email addresses in order to do this. Unfortunately, he did succeed to send an email to some of the forum members.

The abuse was discovered quickly and we managed to prevent part of it. We are doing our best to track down the hacker and to take actions.



#8 nick84

nick84

    Member

  • Agents of the Revolution
  • 1,680 posts
  • Gender:Male

Posted 28 October 2002 - 06:59 AM

Just a thought …

(I assume you managed to get the abusers ip address)

If anyone on the forum over there knows Perl/php etc / how to interface it with the forums database you might try writing a script to compare the IP address which you forum has logged posts from and comparing them to the abusers ip to see if you get any matches etc.

#9 GUEST_Luc_***

GUEST_Luc_***
  • Guests

Posted 28 October 2002 - 02:53 PM

Script? What do you think about:

mysql> select post_username from phpbb2_posts where poster_ip=''; ;)

The user registered only a few minutes before the abuse. We found his (hotmail) email in the maillog (he delete some of his profile information). Google showed us the way to an "hackers" forum with his profile and another email address... And we have an Apache log with all the other info we need.

#10 Admin

Admin

    The Big Dawg!

  • Admin
  • 62 posts

Posted 28 October 2002 - 03:54 PM

to all the guests...

Firstly, I would *LOVE* to have you all join the board! We always welcome overseas views as it adds a lot to our dicussions!

Secondly, I hope that you will find out that none of us has actually "abused" your site. You seem to realize that by not accusing us, which is appreciated. Perhaps you should consider switching forum software. The invision board that I am currently using seems to have many more security features (such as hiding the actual email address, even from the ADMIN) and I highly recommend it. Assuming your databse uses MYSQL, you may able to easily import it into invision. They have several converters available.

#11 StankDawg

StankDawg

    same old Dawg, no new tricks

  • Moderating Team
  • 8,075 posts
  • Country:
  • Gender:Male

Posted 28 October 2002 - 03:56 PM

Admin = StankDawg, BTW. I forgot to logout of admin mode. :wacko:

#12 nick84

nick84

    Member

  • Agents of the Revolution
  • 1,680 posts
  • Gender:Male

Posted 28 October 2002 - 04:52 PM

The user registered only a few minutes before the abuse. We found his (hotmail) email in the maillog (he delete some of his profile information). Google showed us the way to an "hackers" forum with his profile and another email address... And we have an Apache log with all the other info we need.

Well it looks like you’ve got it covered and by the sounds of it the intruder wasn’t a regular member of your forum. But what I was thinking when I posted the message before was that it was possible the person was a legitimate forum member before the abuse under a different account, and if so you could try looking through the mySQL database, and getting all previous posters IP addressed/usernames then compare the IP addresses to the abusers and see if you get a match. I was thinking it would be likely the person had previous knowledge of the forum, (why choose that one over any other) unless they just did a google for phpbb2. I guess you’ve checked your logs (in the referrer field) to see how the person saw your site in the first place etc?

I just realised you didn’t’ use the word hacker you used intruder which is cool :)

You probably know all the tricks etc, but I believe hotmail (like most other web mail accounts) passes on a senders IP (unless of course its proxied) so if the person has a static IP, and you can social engineer a response …

Also out of interest what forum was the abuser from?

#13 GUEST_Guest_***

GUEST_Guest_***
  • Guests

Posted 28 October 2002 - 05:33 PM

Referer:
"GET /forum/ HTTP/1.1" 200 36026
"http://www.google.be/search?hl=nl&ie=UTF-8&oe=UTF-8&q=powered+by+phpbb+2.0.0&btnG=Google+zoeken&meta=cr%3DcountryBE"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)"

In the meanwhile, we discovered 2 other abused sites...

We don't accuse your site or forum, we know it was a Belgian user and we know we /had/ to upgrade. We just didn't realise there was such an enormous security hole in forum and that's why it wasn't upgraded, while everything else on the server was... Mayby in the future you could announce this kind of leaks on bugtraq (and other lists) to "promote" it - and your site.

The abusers came from www.zwabber.org (also in Dutch). (At least two, one on our forum and another member on another abused forum).

#14 StankDawg

StankDawg

    same old Dawg, no new tricks

  • Moderating Team
  • 8,075 posts
  • Country:
  • Gender:Male

Posted 28 October 2002 - 09:26 PM

Well, I know that the exploit was submitted to a large outlet. The fact that they chose not to publish it and make it known has been largely discussed here at DDP.

:pissed: :pissed: :pissed:

#15 GUEST_PowerKe_***

GUEST_PowerKe_***
  • Guests

Posted 29 October 2002 - 08:01 AM

The fact we didn't check up on previous posts is because:
1) We already discovered he found us by google. In fact, what we did was check when the mass-mail was sent, look up the IP of the person that used the mass-mail function in the access log, filter the last 24h of the access log for that IP so we had a complete log of his actions. Then we noticed he found us via Google and created a new account.

2) The IP used is of an ADSL line from a provider that disconnects clients every 36 hours. So even if he was a previous user, we probably could not find him unless he used the account in the last 36h. Then again, even if we found the IP there would also be a good chance it would be of another innocent user. However, I did run a check on his IP and it doesn't show up in any other post. If he would have created a message in the last 36h using another account, it would also have shown up in the access log since we filtered it for his IP.

#16 StankDawg

StankDawg

    same old Dawg, no new tricks

  • Moderating Team
  • 8,075 posts
  • Country:
  • Gender:Male

Posted 29 October 2002 - 10:41 AM

yes, but if he is smart, he would have disconnected and intentionally got a new IP address assigned to him.

1) Check your logs for posts made just before or after the time in question.

2) Also check for IP addresses beginning with the same first 2 or 3 nodes in the IP address. if the original post is from 125.224.123.321 and there are other posts from 125.224.*.* or even 125.224.123.* they may have been the new IP address assgned to the same person. This will be true no matter how long after the post.

Both of these are "circumstantial" in nature, meaning that it doesn't prove anything, but it gives you some ideas on who to watch or where to look.

BTW, I completely made up the IP addresses, don't know who they belong to, and didn't check. :)




BinRev is hosted by the great people at Lunarpages!