Organize and Share your Electronics the way you want. Sign-Up for a free account now. It takes only 30 seconds!

Phishing attempt in the forum and how to clean it up

Phishing attempt in the forum and how to clean it up

The forum, which runs on the popular phpBB3 software, was hit by a phishing attempt in the last few hours. Around 2000 private messages were sent by hundreds of newly registered users. It’s not clear how this automated attack got past our own spam hammer protection that bars new users from sending private messages. Apologies for the annoying messages and thanks to everyone for the reports.

Here is the SQL we used to clear out the scammers and their messages in case this post turns up search results.

SELECT *  FROM `phpbb_privmsgs` 
left join phpbb_users on author_id=user_id
WHERE `message_subject` LIKE '%We are deleting inactive accounts! Confirm your ac%'

First, backup your database!

Second, run this query to review what will get deleted. Replace “We are deleting inactive accounts! Confirm your ac” with the subject the phishers used. Could also be a line in the post or a URL.

DELETE `phpbb_users`, `phpbb_privmsgs`
FROM phpbb_privmsgs
left join phpbb_users on author_id=user_id
WHERE `message_subject` LIKE '%We are deleting inactive accounts! Confirm your ac%' AND user_id NOT IN (x,x,x,x)

If users responded to the phisher (ours had some choice words…) they will also get deleted because of the reply subject. Replace x in the NOT IN () clause with the user_id of any legit users that should not be deleted (or omit it if there are none).

Run the query to delete the messages and the users. There is no going back (you did a backup right?).

Image of global phishing incident reports by <a href=”htp://commons.wikimedia.org/wiki/User:Offnfopt” title=”User:Offnfopt”>Offnfopt</a>.

Read more Here







 

More Articles to Read

ESP8266 Kit Released
ESP8266 Kit Released
An Arduino laser pinball machine
An Arduino laser pinball machine
CTCSS fingerprinting: A method for transmitter identification
CTCSS fingerprinting: A method for transmitter identification
TI DLP® Pico™ Technology for Aftermarket Head-up Displays
TI DLP® Pico™ Technology for Aftermarket Head-up Displays
Brute force computation for cheap log digital potentiometer
Brute force computation for cheap log digital potentiometer
Smart "Homer"
Smart "Homer"
A DIY Segway-style vehicle
A DIY Segway-style vehicle
Superbeta transistors inside: Die photos and analysis of the LM108 op amp
Superbeta transistors inside: Die photos and analysis of the LM108 op amp
Peeqo is a desktop bot that communicates through GIFs
Peeqo is a desktop bot that communicates through GIFs
Using a Programmable Input Multiplier to Minimize Integer Boundary Spurs
Using a Programmable Input Multiplier to Minimize Integer Boundary Spurs

Top


Shares