Alert!!: Some hackers/spammers trying to attempt the old password reset flaw!

[dollars5]

Recently on 5 of the Pligg based sites maintained by us; we noticed that there have been some sort of attack on the password reset to "Password" attempts - it was a security bug and was fixed with 9.6 beta and detailed steps to protect are discussed at Security Vulnerability and Security Vulnerability Part 2

Since these sites had the patched applied nothing serious other than all users received a password reset process e-mail (unless they hit that link in the e-mail the password will not get reset and they had not initiated it - fortunately they all forwarded this to ) - thanks Ash for fixing.

Not sure how many other sites were attempted on this. Some log study revealed that the IP that did attempt to access this page /login.php did infact take a referrer from those site's announcements listed at http://forums.pligg.com/my-pligg-site/ the IPs that were involved were:
66.98.212.79, 66.199.251.90, 62.231.243.137, 125.212.68.173, 68.36.148.91 in the order of number of requests.

So if you have your site listed - here or in Pligg directories, it is advisable to use the patches as outlined above.

Just thought of sharing it in here as it might be an alert to people who did not update their site code.

[tbones]

I´m not related, nevertheless thank you for helping the community not to suffer any harm from these bastards!

[dollars5]

more investigation links them to spammer addresses - still investigating for an IP ban on those addresses also harvesting more such spammer IPs. will keep this updated.

[tbones]

Have you tried reverse DNS? Then you could complain at the provider.

[dollars5]

Am doing that with dnsstuff.com to gather a more detailed info before we file any spam reports to their ISPs.

[tbones]

Would have been my choice also. Did you know that there is an dnsstuff extension for firefox (Mycroft Project: Sherlock & OpenSearch Search Engine Plugins) ?