[Solved] Hacker!

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
- szo2 -
Registered User
Posts: 538
Joined: Tue Apr 30, 2002 3:29 pm
Location: Hong Kong
Contact:

Post by - szo2 - » Sat Jun 08, 2002 4:55 am

Did you change your password?

tkn
Registered User
Posts: 14
Joined: Thu Jun 06, 2002 11:28 am

Post by tkn » Sat Jun 08, 2002 6:20 am

Just thought I'd mention that phpBB 2.0.1 works fine on lycos for me.

Maybe you should try to update again. :)

-tkn

pam
Registered User
Posts: 281
Joined: Fri Jun 07, 2002 1:03 am
Location: Mass.

Post by pam » Sat Jun 08, 2002 2:33 pm

If this person is 'hacking' why not ban his/her Class C or even Class B for a while and see if that helps?

Unless they use an open Cisco or open proxy to connect, you should be able to block them

Dumb-newbie advice :)

Falco1199
Registered User
Posts: 156
Joined: Fri May 17, 2002 9:11 pm
Location: New York
Contact:

Post by Falco1199 » Sat Jun 08, 2002 3:42 pm

I've changed my password about a million times.
I've been trying to get 2.0.1 working. You're so friggin lucky!!
WTF is a Class C or Class B??

OK, now my forums are up, but errors are EVERYWHERE...
:-D

pam
Registered User
Posts: 281
Joined: Fri Jun 07, 2002 1:03 am
Location: Mass.

Post by pam » Sat Jun 08, 2002 4:13 pm

An IP consists of 4 sets of numbers

123.45.67.890

123.45.67.* is a Class C ban
123.45.* is a Class B ban

77700
Registered User
Posts: 12
Joined: Sat Jun 08, 2002 2:47 am

YES HE CAN!!!!

Post by 77700 » Sat Jun 08, 2002 4:33 pm

Trust me I know. Well I didn't read the other posts and am just setting up my boards. I'm good with programming but still need help with my SQL.

But the point I'm making is, hackers can scan through your server using a scanner and hack through using a shell account so be careful!!! 8O

Imhotep
Registered User
Posts: 4
Joined: Sat Jun 08, 2002 4:25 pm
Location: Hamunaptra

Post by Imhotep » Sat Jun 08, 2002 4:35 pm

Make sure you are the only ADMIN on your board! If not, have all other admins change their pswd. If you have a *nix server, you can ban that persons IP with the following .htaccess file placed in web root:

Code: Select all

<Files *>
Order allow,deny
Allow from all

Deny from 64.40.59.19,216.198.76.178

</Files>
If you are not the only admin, you might also consider the fact that you may have a corrupt admin letting someone in through the backdoor. There are lots of possible scenarios... you need to start from ground zero and work your way out.

~Imhotep

User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Post by Techie-Micheal » Sat Jun 08, 2002 9:59 pm

Imhotep wrote: Make sure you are the only ADMIN on your board! If not, have all other admins change their pswd. If you have a *nix server, you can ban that persons IP with the following .htaccess file placed in web root:

Code: Select all

<Files *>
Order allow,deny
Allow from all

Deny from 64.40.59.19,216.198.76.178

</Files>
If you are not the only admin, you might also consider the fact that you may have a corrupt admin letting someone in through the backdoor. There are lots of possible scenarios... you need to start from ground zero and work your way out.

~Imhotep


That's a very good idea. However, the <FILES> tags are not needed as most configuration allow .htaccess customization to start with Order allow,deny
Also, if you do have other admins, personally, I'd temporarily strip them of admin access and apply that .htaccess file in the admin folder of phpBB.

[offtopic]
That was a good movie, wasn't it?
[/offtopic]
Proven Offensive Security Expertise. OSCP - GXPN

AJ Riddle
I've Been Banned!
Posts: 94
Joined: Tue May 14, 2002 12:42 am
Location: BCII (Black-Cell Insane Isylum in Cukkuton, Missouri)
Contact:

Post by AJ Riddle » Sat Jun 08, 2002 11:22 pm

hmmmmm... Do what everyone else says is the best advice i can give...

Falco1199
Registered User
Posts: 156
Joined: Fri May 17, 2002 9:11 pm
Location: New York
Contact:

Post by Falco1199 » Sun Jun 09, 2002 5:27 am

I would REALLY like to... I'm an idiot though and I really can't comprehend what most people are saying. Especially Imhotep, though I highly appreciate your help. I know my admins aren't doing this; I had a hacker on a previous forum where I was the only admin. That was recently, and this hacker is doing the same type of thing as that one. I'm keeping the admins in case of a situation where I can't get onto the forums, but another admin can.
:-D

pam
Registered User
Posts: 281
Joined: Fri Jun 07, 2002 1:03 am
Location: Mass.

Post by pam » Sun Jun 09, 2002 1:42 pm

Have you run a virus scan to be sure you don't have a virus/trojan or that no one installed a key logger on your system?

User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Post by Techie-Micheal » Sun Jun 09, 2002 6:17 pm

Chances are, if it's a Linux server, it doesn't have a virus (less than 1% chance that a Linux server has a virus) What I would check is to see if there are any root kits but you don't need to go that route just yet. Use .htaccess in your admin area and see if that helps at all. I would also go through all of your users (phpmyadmin would be the easiest way) and see if they have named themselves as admin.
Proven Offensive Security Expertise. OSCP - GXPN

elfy
Registered User
Posts: 25
Joined: Sat Jan 05, 2002 5:42 am
Location: Poland

Post by elfy » Sun Jun 09, 2002 6:37 pm

maybe he just knows your ftp password to the site? then he knows your sql DB password then he is able to modify his permissions on the forum and make himself admin.

User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Post by Techie-Micheal » Sun Jun 09, 2002 6:44 pm

You FTP password doesn't have to be the same as your RDMBS password. Mine isn't. At any rate, update your passwords. All of them. Change your shell if you have shell access, to be different from your mysql password and to be different from your phpBB password and different from your ftp password if at all possible.
Proven Offensive Security Expertise. OSCP - GXPN

Falco1199
Registered User
Posts: 156
Joined: Fri May 17, 2002 9:11 pm
Location: New York
Contact:

Post by Falco1199 » Sun Jun 09, 2002 9:28 pm

I've changed all my passwords about 5 times by now and they're all different. The only one I haven't changed is YIM. If someone says one more thing about changing passwords my comp is going out the window.

As I said before, the way this hacker has worked in the past is by making other people admins. He's already made a few people have administrator status. I can't suspect them though; I take away the status and the hacking continues. Anyway, I contacted Black Fluffy Lion and he said to delete phpMyadmin if I had it...

Any other ideas?
:-D

Locked

Return to “2.0.x Support Forum”