Forum Moderators: rogerd
Anyone here have good threat assessment?
It's showing up in usually credible sources like Netcraft News and Information Week's RSS feed, but I have yet to read anyhitng more specific than the statement that some German site implied that the next time there's a critical vulnerability announced, we all better look out.
And I'm not sure how "botnet" figures into this, other than a cool-sounding buzzword to inject some excitement into headlines.
Added for clarity: InformationWeeks headline cries "Bot Herders Ready Attack Against Message Forums" and starts off with the sentence "Botnet controllers may be planning a large-scale attack against message forums, TechWeb has learned."
The email address used by FuntKlakow, from what I've been able to determine, is not valid, so if you require email verification, then the bot won't be activated. I'm not sure about the one used by Cepelin. It looks like it might be a reasonable address, but it's in Poland, so I don't know for sure. On my forum, neither Cepelin nor FuntKlakow were activated, as I require email verification on registering.
There is a lot of speculation that the bots are registering to take advantage of an as-yet-undiscovered vulnerability in PHPbb, but so far, to me, it just looks like yet another "get free link popularity by registering on thousands of boards with the link in your sig" kind of ploy. I put word filters in my PHPbb for the site names in the sigs so at least those sites won't get free popularity off of me.
I'm not particularly worried about an attack from this, other than maybe a mass link spam attack.
JK
Flood control will help if there are only a few userIDs involved.
