[Solved] Hacker!

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Post by Techie-Micheal » Sun Jun 09, 2002 9:40 pm

Again, create a .htaccess file with this in it:

Code: Select all

Order deny,allow
Deny from all
Allow from 128.34.17
Put this in your admin folder in the phpBB root. Of course replace your IP with the one above (to make sure you don't accidently block yourself from your admin panel, put only the first two or three octets unless you have a static IP, I have put the first three octets of a "fake" IP). This will make sure no other admins except you can get it. Also, if you have access to your log files, take a look at them and see if you can find anything out of the ordinary and pm me or another support team member if you do find something.
Proven Offensive Security Expertise. OSCP - GXPN

Imhotep
Registered User
Posts: 4
Joined: Sat Jun 08, 2002 4:25 pm
Location: Hamunaptra

Post by Imhotep » Mon Jun 10, 2002 1:15 am

right... do as stated above and, in addition, name that file .htaccess

i know it may look weird with the period in front, but that's the way it is with *nix systems. :) ye might also want to start reading bugtraq.com and see if there is a new exploit for your database (like an msql injection exploit) er suffin else.

http://online.securityfocus.com/archive/1

let me ask more questions... do you administrate this board from both home and office? if office, does anyone in the office have access to your PC? anyone at home messing with you? save yer pswds locally so ye don't have to keep typing them in?

think outside the box. think like a h4x0r and ye might find em. :)

qwarth
Registered User
Posts: 17
Joined: Sat Mar 23, 2002 6:49 am

Post by qwarth » Mon Jun 10, 2002 5:21 am

a little piece of advice that i don't think anybody has mentioned... turn off html in signatures and posts.

people can add nasty attatchments such as javascript, flash files, shockwave etc to postings.

a good hacker could harvest cookies from your regular users... and use any of their logins to get in... including yours. every time you change your password, he/she could in theory get your new cookie.

s010 did it to gurn.com and dogsonacid.com messed with the moderators and admin, it was funny. but he is a hacker with a sense of humor, soem are not as nice.

gatty
Registered User
Posts: 506
Joined: Fri May 03, 2002 12:27 am
Location: Australia
Contact:

Post by gatty » Mon Jun 10, 2002 5:56 am

i don't thikn you can insert javascripts in signitures withuot the script tags being 'allowed', or does this just apply to the posts?
Gatty
www.gatty.net
Free Hosting With PHP/MySQL Support!

Image Search Before Asking!

Falco1199
Registered User
Posts: 156
Joined: Fri May 17, 2002 9:11 pm
Location: New York
Contact:

Post by Falco1199 » Mon Jun 10, 2002 11:20 am

I don't have HTML enabled. I'll try making the .htaccess file... Do I just put that in the admin folder with that code? Should it have a .php extension?

What are log files and how would I access them? Do you mean FTP log files? If I found them, how would I find something unusual? I'm pretty sure I can download them via FTP...

I run the PC from my home... my AOL password is saved, but I highly doubt anyone in my house is doing this. The only person here with me daily is my brother, and he doesn't know a think about the internet...

I don't have HTML enabled... I was always scared of someone messing up the forums with it. :-D I was scared of really huge tables though, not cookies... Well, anyway, lucky me... in THAT sense.

I guess for now I just the answers to my questions, specifically the .htaccess ones as that seems imperative.
:-D

fishfreek
Registered User
Posts: 695
Joined: Tue May 14, 2002 3:05 pm
Location: Virginia
Contact:

Post by fishfreek » Mon Jun 10, 2002 1:06 pm

The file name should be ".htaccess" (drop the "") nothing more nothing less. After you create the file you might not be able to see it as it will be a hidden file.

The log files are usually stored in a directory seperate from your webfiles. If its a stand alone server it would be /etc/httpd/logs or /var/logs/httpd or a simular path.

If you have access to the httpd.conf file it will tell you where the logs are being written to.

Falco1199
Registered User
Posts: 156
Joined: Fri May 17, 2002 9:11 pm
Location: New York
Contact:

Post by Falco1199 » Mon Jun 10, 2002 7:12 pm

OK I checked the log files, and nothing is unusual. I'm making the .htaccess file now. :-D

One other thing though... the hacker is able to delete posts, but no one other than myself is an admin. Him not being able to get into the admin panel won't stop him then, will it?? :-(

PS: Say I want to add my AOL address to the list. Would it be like this:

Allow (IP1)
Allow (IP2)

OR would it be

Allow (IP1),(IP2)

??
:-D

Falco1199
Registered User
Posts: 156
Joined: Fri May 17, 2002 9:11 pm
Location: New York
Contact:

Post by Falco1199 » Mon Jun 10, 2002 7:29 pm

Problem: I have a PC, and it automatically puts .txt on myt files when I use textpad or wordpad. It saves the file as .htaccess.txt. Is this alright? Can I change this?? :-(
:-D

Bert Vierstra
Registered User
Posts: 26
Joined: Mon May 27, 2002 11:02 am
Location: Singaraja, Bali, Indonesia
Contact:

Lycos

Post by Bert Vierstra » Mon Jun 10, 2002 7:35 pm

Hi,

I've installed a phpBB 2.01 for a guy on lycos.

It works, with some "strange" things.

http://members.lycos.co.uk/princeg2kk/

I am not an admin or moderator there....

But searching for "lycos" on phpBB gave me some ideas how to
"solve" problems....
Thats It !, Bert

My WeBlog - Adsense Sharing Forum

User avatar
Black Fluffy Lion
Former Team Member
Posts: 6057
Joined: Sat Dec 15, 2001 11:37 am

Post by Black Fluffy Lion » Mon Jun 10, 2002 7:40 pm

Falco1199 wrote: Problem: I have a PC, and it automatically puts .txt on myt files when I use textpad or wordpad. It saves the file as .htaccess.txt. Is this alright? Can I change this?? :-(


Renaming in windows or in your FTP client should work ok - right click, rename. Right click, properties may also help.

Falco1199
Registered User
Posts: 156
Joined: Fri May 17, 2002 9:11 pm
Location: New York
Contact:

Post by Falco1199 » Mon Jun 10, 2002 7:59 pm

OK, I have an .htaccess file. It doesn't appear as blank though... it appears as .htaccess. Anyway, it's uploaded.
Falco1199 wrote: One other thing though... the hacker is able to delete posts, but no one other than myself is an admin. Him not being able to get into the admin panel won't stop him then, will it?? :-(
:-D

User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Post by Techie-Micheal » Mon Jun 10, 2002 8:10 pm

No, that won't stop him. If he is a moderator with permissions in that forum, then he can still mess with things and just not admin things. That's probably why he hasn't changed your password or anybody else's . . .
Proven Offensive Security Expertise. OSCP - GXPN

shuric
Registered User
Posts: 4
Joined: Mon Jun 10, 2002 10:33 pm
Contact:

Post by shuric » Mon Jun 10, 2002 10:42 pm

primedomain wrote: You should upgrade to 2.0.1. Not only does it fix a couple of bugs, it also fixes some security issues. It is strongly recommended to upgrade!
Why can't you upgrade?

If I upgrade from 2.00 to 2.01, will I have to reinstall all of my mods?

User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Post by Techie-Micheal » Mon Jun 10, 2002 10:51 pm

That depends. If you use the patch, no. If you use the changed files, maybe, if you use the full package, definitely.

Falco1199:
What do you mean by it doesn't appear blank, it appears as .htaccess?
Proven Offensive Security Expertise. OSCP - GXPN

fishfreek
Registered User
Posts: 695
Joined: Tue May 14, 2002 3:05 pm
Location: Virginia
Contact:

Post by fishfreek » Tue Jun 11, 2002 12:05 am

I see that you got the file named but in the future if you want a file to be specific when your saving the file put it in "" like this ".htaccess" this tells windows to save the file exactly as entered. Windows will ofcourse drop the "".

Locked

Return to “2.0.x Support Forum”