phpBB • Creating Communities Worldwide

by **will727** » Mon Dec 20, 2004 1:56 pm

Hey, just thought someone might be able to help. Tried to access my forum today and got a strange message come up. Here is the forum address. Maybe some1 can help? Thanks

http://www.freedom-fighters.net/sigsource/index.php

by **fumbalah** » Mon Dec 20, 2004 2:06 pm

Yea, you got hacked, Were you not running the latest version. Check your database to see if they got to it

by **will727** » Mon Dec 20, 2004 2:46 pm

My friend host the forum for me and i host the website as he has more bandwidth than me. I'll contact him asasp and see if they got to the database. Thanks.

by **Steeldogs** » Mon Dec 20, 2004 2:54 pm

Check your index.php page and see if they were just renamed and this new index page was put in it's place.

by **Flyspray** » Mon Dec 20, 2004 3:17 pm

I had the same thing happen, but I'm unable to even get to the site. I think my hosting company has pulled the plug and is conducting upgrades or taken preventative measures.

by **will727** » Mon Dec 20, 2004 4:19 pm

thanks for the reponses guys. I still cant get in contact with the guy hosting my forum, but i'll let you no how i get on.

by **eureka345** » Mon Dec 20, 2004 4:44 pm

I've had the same thing happen too. So frustrating. I got the rest of my site working fine again, but not my forum.

by **Kirsty84** » Mon Dec 20, 2004 5:13 pm

Everytime i visit my forum: http://www.anistoncenter.com/jacf/ i get a message saying:

"This site has been defaced"

Can anyone help? I have no idea how to fix this. I'm running the site for somone else, and have no idea about anything technical.

Any help would be greatly apperciated. I'm in such a panic. Will everything at the forum be lost?

by **Steeldogs** » Mon Dec 20, 2004 5:36 pm

will727 wrote:Hey, just thought someone might be able to help. Tried to access my forum today and got a strange message come up. Here is the forum address. Maybe some1 can help? Thanks

http://www.freedom-fighters.net/sigsource/index.php

I see you got it back. How did you correct it. Kristy84 might could use the info

by **Techie-Micheal** » Mon Dec 20, 2004 6:03 pm

Kristy84: This appears to be an automated attack on the recent PHP (not phpBB) vulnerabilities. Make sure your host upgrades to the appropriate version of PHP.

by **xcs-bat** » Tue Dec 21, 2004 10:04 am

I don't think its a php problem, as my servers (aye several) got hacked and they have benn all running on the latest php version!

Any help would be apreciated!

thx!

by **marinedalek** » Tue Dec 21, 2004 10:49 am

Just thought I'd add another site to the long list of those hacked by the NeverEverNoSanity worm. http://petesqbsite.com/ - it's not my site but it was one I visited often. Guess which phpBB version it was running... 2.0.6 - urk! How did other people restore their sites? Did you have to do a full file backup?

by **xcs-bat** » Tue Dec 21, 2004 10:52 am

k got it

Its a security bug in phps unserialize() function. phpBB (and lots of other boards) are using it.

http://www.hardened-php.net/advisories/012004.txt

http://developers.slashdot.org/article. ... 17/1641212

there isnt a fix right now it seems, so I gota shut the boards on my servers down to protect my other customers

by **Druid_YGM** » Tue Dec 21, 2004 11:39 am

Does that mean ANY version of phpbb software is vulnerable then ?

by **xcs-bat** » Tue Dec 21, 2004 12:35 pm

seems like it

well the versions using the unserialize() function at least, and I guess thats every version.

Theres a workaround tough it seems. After installing it phpBB isnt using this function anymore. Havent confirmed it myself yet.

Will post the link after I tryed it.

Who is online

Advertisement