SMTP hacked

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
djfreak
Registered User
Posts: 14
Joined: Fri Feb 06, 2004 6:14 pm
Location: SF, CA
Contact:

SMTP hacked

Post by djfreak »

Hi folks

I just want to start by taking my hat off to the folks at phpbb. Nice work indeed. Only a couple of OS X Server MySQL issues at first but I seem to have worked them out except:

Someone has apparently hacked into my mail server and I strongly suspect my new phpbb based forum - http://www.beathustler.com/forums caused it.

I woke up to an unusual number of junk mails many with returns with reply to addresses like mike@beathustler.com or julie@beathustler.com both of which do not exist on my server which I run (www.beathustler.com). Most of the returns and the TEST mails which he/she ran to see if their little scheme was working had .uk on them so I think it came from England.

Anyway...This is my first "hack" since hosting my own server. OS X has generally behaved beautifully in terms of security. It seems that this person hacked into the settings of my .php files and got my SMTP user name and password which of course FREAKED me out so I changed them all over the server.

How doesn the embedded phpbb email button work? If I leave smtp off and take out the SMTP info then will people still be able to use the email button? How can I secure these PHP files better?

Help!

Thank you very much.

Evan Miller
Come to www.beathustler.com every Sunday at 5PM (PST) to hear Beathustler radio LIVE.
JessicaM
Registered User
Posts: 25
Joined: Tue Feb 03, 2004 8:46 am

Post by JessicaM »

I am working on coding this forum as well and we were shocked to wake up and look at our outbox to find hundreds of emails sent from our beathustler.com address. We strongly believe the person hacked into our php pref/config files, accessing our server info to send out spam emails to people (we've been getting returns all morning).

Any phpbb board administrators or developers ever hear of this happening? What measures can a person take to make the board more hacker-proof?

Thanks.

-Jessica
Stefan Koopmanschap
Former Team Member
Posts: 7388
Joined: Sun Oct 28, 2001 9:47 am
Location: Woudenberg, Netherlands
Contact:

Post by Stefan Koopmanschap »

hmm.. I don't think phpBB was actually the cause of this. they may have gotten the SMTP password from the phpBB database, but that means that they probably obtained access to your MySQL server somehow.

if you have a mailserver installed on your server, then using php's own mail() function will work fine (that is, if php is configured correctly to work together with that mailserver ... see the php documentation for more information on how to do that). to use php's mail function in php, simply disable the use of SMTP.
djfreak
Registered User
Posts: 14
Joined: Fri Feb 06, 2004 6:14 pm
Location: SF, CA
Contact:

Thanks

Post by djfreak »

Thanks for your help. I'll look at the docs and see if I can find that.

Evan
Come to www.beathustler.com every Sunday at 5PM (PST) to hear Beathustler radio LIVE.
JessicaM
Registered User
Posts: 25
Joined: Tue Feb 03, 2004 8:46 am

Post by JessicaM »

If we disable the SMTP, then users of our forum are not able to use the 'email' function.

So we re-enabled SMTP and again a second time just now we see 1200 outgoing mails on our outgoing mail. Someone from England (because it is from a co.uk address) is sending out spam via our mailbox.

We are convinced it is related to our recent installation of our message board because this never happened once before we installed the board.

How can we stop this spammer while still enabling SMTP so that we can use the email funciton on our board?

Thanks in advance for your help.
User avatar
CTCNetwork
Former Team Member
Posts: 15424
Joined: Fri Dec 19, 2003 3:50 am
Location: In that Volvo behind you!
Contact:

Post by CTCNetwork »

The question to ask is "Who is hosting your Forum".

They will have the means to block this person. as they are using their servers as an open relay . . . ! ! !

Have you tried to block the related IP address in the ACP ? ?

Good Luck . . .
Density:- Not just a measurement~Its a whole way of Life.! ! !
| Welcome! | RTFM!!! | Search! It's Easy! | Problem? | Spam? | Advice! |
JessicaM
Registered User
Posts: 25
Joined: Tue Feb 03, 2004 8:46 am

Post by JessicaM »

I am hosting my own server actually.

I cant seem to find any IP in the bounced messages to block either.

:(
User avatar
CTCNetwork
Former Team Member
Posts: 15424
Joined: Fri Dec 19, 2003 3:50 am
Location: In that Volvo behind you!
Contact:

Post by CTCNetwork »

Ahhh...

Then YOU are running an open relay mail server... Not so good..

Take a look at This as one of these guys may be able to help you sort things out...

:D

Good Luck. . .
Density:- Not just a measurement~Its a whole way of Life.! ! !
| Welcome! | RTFM!!! | Search! It's Easy! | Problem? | Spam? | Advice! |
Locked

Return to “2.0.x Support Forum”