Hi, all!

Well I have tracked down why these people are coming to the sites and
signing up to the boards and all that fun stuff.  You can delete message now
if this is of no interest.

I finally ran across a string on a message board detailing the issues I was
having on the phpBB installations on one of the web servers.  It appears
this is a different type of spamming attempt that is related to web page
rankings, trying to draw people to malicious or 'great offer' sites.

All of the instances in my case can be traced back to Russian addresses and
phpBB shows those entries as also being of a Russian language type.

What happens is the person signs up on the bulletin board with a false email
address and fills in the profile information. In a default phpBB
installation even those people who are not active with the board, but are
users, are listed in the user list so that all users can see them.  At this
point their work is done and they sit and wait for people to click on the
link they've placed in their profile.  They are then shuttled to the bogus
site which possibly contains spam-type promotions/products, malware or some
other nasty surprises.  By doing this they are not only luring the other
users to the site, they also use the reciprocal links which now exist in the
phpBB profile to increase their rankings in search engines which will also
drive the traffic to their sites.

Anyway, that is what has been going on.  There were no php specific exploits
used in this case, only an exploitation of bad coding practices in phpBB.

:)
Missy Koos
Webmistress & Database Developer
Student Affairs & Services
Michigan State University

113 Student Services Building
East Lansing, MI  48824
517.355.9510 x138