phpBB • Creating Communities Worldwide

by **WayneRooney** » Sun Nov 21, 2004 7:09 pm

Hello All,

It seems that someone hacked my forum. He only changed my Index, I still have all my messages etc. What should I do to put my index back? And how to trace this guy?

bico · by **bico** » Sun Nov 21, 2004 7:39 pm

I'm sorry to hear that your board has been hacked.

If your index is the original phpBB index.php then just reupload it.

by **CaptSpike** » Sun Nov 21, 2004 7:52 pm

As of this morning when you go to our index page Virus scan alerts of a trojon having been deleted.
How do I fix this and how do I prevent it in the future?
I do have a .tar back up. Can I fix it using that without losing posts?
Thanks,
Mark

by **Techie-Micheal** » Sun Nov 21, 2004 8:20 pm

What version of phpBB were you using? If you have a clean backup, that you know is clean before the attack, reupload that, and immediately move to 2.0.11 if you haven't already. Also, can you pm me the url to your site?

by **CaptSpike** » Sun Nov 21, 2004 8:44 pm

I downloaded fresh back ups of my site and the bb. I extracted both to a folder and scanned the files for virus'. Said non found. So where is this virus coming from? My Host? It only alerts on my index page of the forums board no where else.
Thanks, for any help.
Mark

by **Saint Keith** » Sun Nov 21, 2004 8:53 pm

I've had the same problem. The coding was hiding in my forum description. Go into your admin, then forum management and general forum settings and check for unwanted code in your forum descriptions. If it's there, delete it.

how it got there, I'll leave to the techies to work out.

by **Techie-Micheal** » Sun Nov 21, 2004 9:19 pm

As I told Saint Keith in his topic, CaptSpike has the same problem, exact same injected code. Once cleaned up and verified, immediately update to 2.0.11. This is imperative.

by **SSIN** » Sun Nov 21, 2004 9:48 pm

I have the same problem too. From what I can figure it happened sometime last night. I am receiving several emails from my forum members (those running McAfee) complaining that they are receiving several pop-ups and it is freezing their internet.

by **Techie-Micheal** » Sun Nov 21, 2004 10:01 pm

SSIN wrote:I have the same problem too. From what I can figure it happened sometime last night. I am receiving several emails from my forum members (those running McAfee) complaining that they are receiving several pop-ups and it is freezing their internet.

Check the forum description for viewforum.php?f=1 in the admin panel. There you will find the code to remove. Then immediately update to 2.0.11 and run (and tell your users to run) a full manual virus scan on their pc's.

by **EGL-Anubis** » Sun Nov 21, 2004 10:06 pm

You might not be able to find this using virus scanners....might wana get adware and spyware systems checking too...Trojan Horses these days are extremely difficult to get rid of...you can never been to careful.

I suggest considering Pest Patrol....no..its not free....but it works extemrely well.

by **Saint Keith** » Sun Nov 21, 2004 10:11 pm

Correct, it doesn't show up on virus scans. I downloaded my entire site and scanned it (not the database) and it came up clean.

It was just by blind luck that I checked the forum description in admin and found it there.

I'm using spybot and immunizing IE meant that I personally wasn't getting the trojan infecting my PC, but many of my users were.

I also think its fair to say that Firefox has got itself hundreds, if not thousands of new users in the past week. The Trojan does not work on FireFox

by **EGL-Anubis** » Sun Nov 21, 2004 10:14 pm

Well well.....all i can say is..

THANK YOU MICROSHAFT

I was really tempted to point out that the other browsers...notably Firefox and i think Safari..are imune to the frame injection vunerability...but i wasnt to sure..guess my inital assumption was correct.

At least for firefox.

by **SSIN** » Sun Nov 21, 2004 10:17 pm

Techie-Micheal wrote:
SSIN wrote:I have the same problem too. From what I can figure it happened sometime last night. I am receiving several emails from my forum members (those running McAfee) complaining that they are receiving several pop-ups and it is freezing their internet.
Check the forum description for viewforum.php?f=1 in the admin panel. There you will find the code to remove. Then immediately update to 2.0.11 and run (and tell your users to run) a full manual virus scan on their pc's.

I am so sorry to waste your time, but is the Admin Panel through Vdeck? The gentleman that was looking after my Forum, etc. decided to go on to bigger and better things and other than the passwords, I am at a loss to find my way around in PHPbb yet. Again, please forgive my lack of knowledge.

Leslie

by **Saint Keith** » Sun Nov 21, 2004 10:21 pm

If you are logged onto your forum as the Admin, then the link "Go to adminstration panel" will appear at the bottom of every page as you view the forum.

Click on that link

On the left hand side, click on "management" under the Forum Management menu

Then click on "Edit" against the first forum on your list.

It should then show your general forum settings with Forum Name, Description, Category, Pruning, and Forum Status. The virus code should be hiding in your forum description as a serious of numbers. Delete them all and hit the "update" button.

by **CaptSpike** » Sun Nov 21, 2004 10:22 pm

What is everyones host company? I wonder if we are all hosted by the same? Mine is Ipower.web.
Anyone else?
Mark

Who is online

Advertisement