"vBulletin Spider & Poster"???

**Steve Machol** · Thu 23 Dec '04, 8:52pm

That does look suspicious. Do you have image verification enabled for registration?

**The Vegan Forum** · Fri 24 Dec '04, 12:09am

No (but I have disabled registrations for now, after this happened). I will enable image verification for the future.

**Floris** · Fri 24 Dec '04, 1:14am

There are some crackers on the internet that want to make havoc by exploiting big sites using XSS - there are also a few that target vB sites. So it is important to keep your forum software up to date, make regular backups (at least once per week) and if you can add .htaccess password protection to your admincp/ & modcp/ directories (you can also rename those 2 dirs to avoid auto script attempts). Turn on image verification, email validation and use a hard to guess, long, password. (To make brute force attempts harder)

**The Vegan Forum** · Fri 24 Dec '04, 5:50am

What is .htaccess password protection and how is it added?

**Floris** · Fri 24 Dec '04, 6:11am

You could add an extra security layer to your board by adding .htaccess password directory protection to your admin and mod control panel that holds a different user/pass combination then the one you use on the board.

This is a feature from the web server (unix/linux systems only), and works aside of vBulletin. Here is a indepth guide on how to use and setup .htaccess password protected directories on your server:

Comprehensive guide to .htaccess- intro

http://www.javascriptkit.com/howto/htaccess.shtml

You could setup one user/pass combination or give each administrator and/or moderator their own additional login.

Control Panels like Cpanel and Plesk and Ensim and various others provide a feature called 'web protect' or 'directory protection' where you can enter the dir name and it will add it for you.

**LunaTech** · Sun 9 Jan '05, 5:57pm

I've got another at 200.73.174.183 and the email at riverstyx.net

May want to at least ban them.

Anything else we can do? This makes me quite nervous after the recent PHP exploits.

The site I looked at listed it as Vbulletin Spider and Poster

**LunaTech** · Mon 10 Jan '05, 10:29am

From it's name and what it's done at my site so far (created usernames and made two test posts), my current best guess is that it is a SPAM tool.

So then it would spider the internet for vBulletin forums and threads or forums that matched it's keywords, automatically signup for an account, and then create threads or replies at the target site.

It seems to be far from finished, but steps should be taken to prevent it. Blogs now a days get hammered with SPAM. It could be quite a problem if the same thing happened to vBulletin.

The 3.0.5 upgrade also had a measure to prevent offsite POST's didn't it? That may be what is needed. Any other ideas?

**docsboard** · Fri 18 Feb '05, 4:56pm

We got the same spider register over 10 accounts, I banned the 200.73.174.183 IP address from within CPANEL
hope it works

**musicat** · Sun 20 Feb '05, 5:32pm

Watch out for this *******. I suggest banning 200.73.714.183 for now. He has hit my MB 5 times in the last few weeks, with identical profiles as described here and elsewhere.

I am at a loss as to what the point is other than to create a nuisance.

**NIS-Francisco** · Fri 18 Mar '05, 11:51am

Originally posted by musicat

Watch out for this *******. I suggest banning 200.73.714.183 for now. He has hit my MB 5 times in the last few weeks, with identical profiles as described here and elsewhere.

I am at a loss as to what the point is other than to create a nuisance.

200.73.714.183

That's an invalid IP ... 255.255.255.255 is the max.

**WhiteOx** · Fri 18 Mar '05, 11:58am

typo, he means 174

"vBulletin Spider & Poster"???

"vBulletin Spider & Poster"???

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment