Forum Hacked by someone

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
benevolent001
Registered User
Posts: 78
Joined: Fri Jul 30, 2004 6:27 pm

Post by benevolent001 »

Just wondering
Why do certain people always try to hurt others?
Just to show there superiority or something else?
Need School College Homework help?
Register at Free homework help just post your problems. Its Free

Dark Side
Registered User
Posts: 21
Joined: Sun Jun 13, 2004 1:08 am
Location: Southeast, U.S.

Post by Dark Side »

ScionCrow, sounds like the usual "probing for weak spot in the 'ol firewall" routine. I get it too from time to time. So far (knocking on wood here) no successful entries. 8)
Dark Side

User avatar
ufopsi
Registered User
Posts: 314
Joined: Fri Nov 12, 2004 1:18 pm
Location: Switzerland
Contact:

Post by ufopsi »

Sorry for everybody's hacks. I'm running 2.0.11 and not allowing file uploads: can I feel safe? My computer is not vulnerable to hacks, being Mac OS X.

User avatar
tanrek
Registered User
Posts: 219
Joined: Mon Sep 27, 2004 1:46 pm
Location: Germany, Offenbach
Contact:

Post by tanrek »

benevolent001 wrote: Just wondering
Why do certain people always try to hurt others?


A little bit of cold comfort: My forum was hacked twice. The first time someone installed a backdoor, very quietly and without damaging anything. The second time (some days later) some Brasilian script kiddies hacked it again and defaced it to make a show of their skills.

It sound strange but I am really really thankful to those Brasilian hackers because without them I wouldn't have noticed neither the existing security issues nor the installed backdoor which could have been used for undiscovered and really dangerous activities.

mixx941
Registered User
Posts: 116
Joined: Thu Feb 13, 2003 12:57 pm

Post by mixx941 »

ScionCrow wrote: Let's hope every at least upgrades to 2.0.11, don't really feel like getting more posts about being 'hacked' on to now do we? ;-)


Those of us who have had our forums hacked take no pleasure in posting about it. I wish it couldn't be so, but updating to 2.0.11 isn't the 100% solution either. I updated the day it came out and still got hacked a couple weeks later.

I check phpBB.com at least once a day, sometimes 2-3 times per day to see if there are any updates. I can maybe understand you being a little annoyed with people who post and didn't update, but for those of us who read everything that we could find about the issue and downloaded the proper updates within a couple hours of their release, I don't think that posting here is wrong.
MIXXnet IRC Network: http://www.mixxnet.net | irc.mixxnet.net

Dierk Droth
Registered User
Posts: 4
Joined: Sat Dec 11, 2004 4:49 pm

Post by Dierk Droth »

mixx941 wrote: Those of us who have had our forums hacked take no pleasure in posting about it. I wish it couldn't be so, but updating to 2.0.11 isn't the 100% solution either. I updated the day it came out and still got hacked a couple weeks later.


That's exactely my concern. Let's say
- I remove my existing 2.0.7 phpBB installation and only maintain the database holding the threads and posts
- I install 2.0.11 and continue using my existing DB

Will I be safe? Is there some stuff in the DB which could be malicious?

Regards

Graham
Former Team Member
Posts: 8462
Joined: Tue Mar 19, 2002 7:11 pm
Location: UK
Contact:

Post by Graham »

The database might contain admin accounts that someone had created in the past, so you should check for anything like that and remove it.

There is also the possibility of backdoors having been left elsewhere on the site which you should check for and remove.

And so far, I have not come across anyone being hacked on 2.0.11 which we have been able to trace back to phpBB itself, most that I've looked back have been the result of stuff left there from prior to the update. As I've said before if you have information to the contrary (including log-files if we need them), please contact either NeoThermic, myself or Techie-Michael with that information.
"So Long, and Thanks for All the Fish"

phpBB Useful Links: Knowledge Base | Userguide | Forum Search | MOD Database | Styles Database
My Links: Blog!

crnaguja
Registered User
Posts: 4
Joined: Sun Dec 12, 2004 1:49 pm

Post by crnaguja »

A phpBB forum that I installed had been hacked on 18. 11. 2004. Almost all files had been changed or at least touch-ed then. It is interesting that all of the files under template/VereorLCARS (which was used instead of the default) were intact.

Installing the last version (2.0.11) will not present any problem.

What interest me the most is: Is it safe (or possible) to use sql base backup (which I made *after* hacking occured) to retreive the posts?

max_m
Registered User
Posts: 22
Joined: Sun Mar 14, 2004 4:51 pm

Post by max_m »

My Forum was hacked a couple of weeks ago.

Someone installed a Trojan on one of the forums description. Yes, i too am hosted on ipowerweb.

I installed the highlight patch today (after verifying that i have no new admins or moderators which i don't know about) as well as password protected using .htaccess. the forum’s admin folder. It's been good since.

However, i did notice a spike in bogus registrations recently. Users who register and never activate the account. Using Funny suspicious (hacker like) names (names that my targeted audience normally don’t register with) .

I did notice one common thing to all these new registrations. Registration date is noted as "01 Jan 1970 10:00 am" although they were all made during November and December 2004 (and BTW my board is only one year old). All other clean looking, activated registrations are noted with their correct dates and time. Needless to mention that I am now in the process of deleting all suspicious looking (not activated) accounts which carry funny dates as noted above.

Anyone else noticing weird registration dates on their members list ? (check your last 100-200 registrations)

User avatar
tanrek
Registered User
Posts: 219
Joined: Mon Sep 27, 2004 1:46 pm
Location: Germany, Offenbach
Contact:

Post by tanrek »

max_m wrote: Registration date is noted as "01 Jan 1970 10:00 am" although they were all made during November and December 2004.


Seems as if they would have direct access to your forum database. Better you check your webspace once more for backdoors.

creativepart
Registered User
Posts: 159
Joined: Mon Mar 03, 2003 5:52 pm
Location: Spring Branch, Texas USA
Contact:

White Hat Hacker

Post by creativepart »

I had a Hacker that seems to be a white hat hacker. He did no damage and even emailed me to tell me to upgrade to 2.0.11. After I upgraded he did post as me and my moderator and tell us to change our passwords too.

Very scary stuff.
How do I ensure that he didn't make an Admin account for himself. I tried looking at the "group" information on my database via phpmyadmin, but I can't seem to find a way to tell what users are Admins. How do I do this?

Also, how do I insure that he didn't install a back door. I tried looking at every file name etc. I saw the info on page 10 and searched all my files for any of that source code.

What else can I do??
Paul Green

reedy
Registered User
Posts: 39
Joined: Wed Oct 08, 2003 8:28 pm

Post by reedy »

Hi

I have also endured the wrath of someone with nothing better to do. Unfortunately it is my own fault for not updating from 2.0.6 - but any help will be appreciated.

Upon trying to access the boards, I get the following error:

phpBB : Critical Error

Could not obtain lastvisit data from user table

DEBUG MODE

SQL Error : 1146 Table 'se1dr6zrhnox.phpbb_users' doesn't exist

SELECT * FROM phpbb_users WHERE user_id = -1

Line : 62
File : /home/.sites/78/site85/web/boards/includes/sessions.php

Thanks in advance for any help.

maliburacing
Registered User
Posts: 55
Joined: Wed Jul 28, 2004 6:17 pm

Post by maliburacing »

Mine got hacked. I was running 2.0.10. They forwarded the forum to another forum at : http://www.tha-forum.net They were on there bragging about their "kills".

Anyway, I am going to do a database restore from about a month back and upgrade to 2.0.11. Is that enough? Is there an easy way to see a list of ALL admins to make sure that there is no scum still in the admin list?

Graham
Former Team Member
Posts: 8462
Joined: Tue Mar 19, 2002 7:11 pm
Location: UK
Contact:

Post by Graham »

If you've got access to the database, run the following query to list all the admins

Code: Select all

SELECT * FROM phpbb_users WHERE user_level = 1;
"So Long, and Thanks for All the Fish"

phpBB Useful Links: Knowledge Base | Userguide | Forum Search | MOD Database | Styles Database
My Links: Blog!

reedy
Registered User
Posts: 39
Joined: Wed Oct 08, 2003 8:28 pm

Post by reedy »

Hey

Further to below, I have now upgraded to the latest version but still have the error as given below.

It seems the database field phpbb_users has been removed. I dont suppose this has been hidden elsewhere? Or is it as I suspect, gone forever?

Any help would be appreciated!
reedy wrote: Hi

I have also endured the wrath of someone with nothing better to do. Unfortunately it is my own fault for not updating from 2.0.6 - but any help will be appreciated.

Upon trying to access the boards, I get the following error:

phpBB : Critical Error

Could not obtain lastvisit data from user table

DEBUG MODE

SQL Error : 1146 Table 'se1dr6zrhnox.phpbb_users' doesn't exist

SELECT * FROM phpbb_users WHERE user_id = -1

Line : 62
File : /home/.sites/78/site85/web/boards/includes/sessions.php

Thanks in advance for any help.

Locked

Return to “2.0.x Support Forum”