Serious Security Problem !!!

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
ultr-AL
Registered User
Posts: 6
Joined: Tue Feb 01, 2005 7:46 pm
Location: NeTHeRLaNDs
Contact:

Serious Security Problem !!!

Post by ultr-AL »

Hello People.

I have mij own phpBB forum. I installed a lot of scurity mod's and other MOD's But there is some one and he coms alwas on the place where the normal user's no permissions have.

He haves a backup of mij DATABASE :(

Also he can do everything on my ACP :(

How he is doing? I dont now. I installed all security MOD's. Some forums are PASSWORD protected. I hided my config.php. I have a high security but how can he comes every where. How can he get a backup of my forum :(

I think there is a real serious security problems. The person who can do everything on my forum is a hacker !!! He is a member of www.cyber-warrior.org The biggest hacker community of Turkey. I am a turkish person to. I learnd hacking to but how can that :(

My security level is highest..!!

PLEASE HELP PHPBB COMMUNITY !!!
ultr-AL
Registered User
Posts: 6
Joined: Tue Feb 01, 2005 7:46 pm
Location: NeTHeRLaNDs
Contact:

Post by ultr-AL »

Can some one help me please :roll:
ultr-AL
Registered User
Posts: 6
Joined: Tue Feb 01, 2005 7:46 pm
Location: NeTHeRLaNDs
Contact:

Post by ultr-AL »

What is this man. The people who created phpBB dont answers.. I think there is a real problem.. I think a new bug ore something !!!!
The Techboy
Registered User
Posts: 207
Joined: Tue May 04, 2004 7:37 pm

Post by The Techboy »

I had a look at your forum...none of the known security issues seem to affect you so it's more than likely he just has your password or something. Try changing it.

Oh, and, I can guess that you got no response for a few reasons. You gave it half an hour, and you claimed to be a hacker, which is most likely frowned upon by most of the people here.
Eat recycled food. It's good for the environment and OK for you.
ultr-AL
Registered User
Posts: 6
Joined: Tue Feb 01, 2005 7:46 pm
Location: NeTHeRLaNDs
Contact:

Post by ultr-AL »

He dont haves my password !!

I dont understand it ? I want to delete everything and than intall it again but thats not good. I will fixe it. :( I hate this situation. If a cant do anything :(
User avatar
AlleyKat
Registered User
Posts: 1037
Joined: Wed Jul 16, 2003 5:06 pm
Location: Odense, Denmark
Contact:

Post by AlleyKat »

1) Ban the users IP/IP-range to keep him out while fixing the site (you could use .htaccess for that)
2) Get the password on the database changed (and edit config.php accordingly), and get it changed for FTP too,
3) Delete the users profile(s)/change user rights so theres only yourself as Admin,
4) Change your own profile password.
Image Dansk phpBB support (uofficielt)
Find unofficial support in your language here.
Help translate Mozilla extensions @ Babelzilla - Your Language Counts Too!
ultr-AL
Registered User
Posts: 6
Joined: Tue Feb 01, 2005 7:46 pm
Location: NeTHeRLaNDs
Contact:

Post by ultr-AL »

AlleyKat wrote: 1) Ban the users IP/IP-range to keep him out while fixing the site (you could use .htaccess for that)
2) Get the password on the database changed (and edit config.php accordingly), and get it changed for FTP too,
3) Delete the users profile(s)/change user rights so theres only yourself as Admin,
4) Change your own profile password.


Step 3 and 4 is easy.

But step 1: what must i do in .htacces ?

Step 2: what must i edit in config.php and how can i do changes for FTP to ?

Sorry people but this is not normal. I Banned him. I did everything. But he is everywhere ? I think there is a new bug. Hackers founded some more bugs i think :(
User avatar
AlleyKat
Registered User
Posts: 1037
Joined: Wed Jul 16, 2003 5:06 pm
Location: Odense, Denmark
Contact:

Post by AlleyKat »

1) Explained here

2) Contact your host, and get the passwords changed for both MySQL and FTP access. Then change it in config.php (when host has changed them). This isn't something you can do yourself unless you administer the web server(s).


I highly doubt that a new security hole has been found by these so-called 'hackers'. More probable is that they have access to your files and/or database - that way, they can do almost anything.

I'd also recommend that you check out your files (you could compare a backup of the files with the original phpBB package), they may have altered files to ensure access for themselves. I assume here that you use phpBB 2.0.11.
Image Dansk phpBB support (uofficielt)
Find unofficial support in your language here.
Help translate Mozilla extensions @ Babelzilla - Your Language Counts Too!
ultr-AL
Registered User
Posts: 6
Joined: Tue Feb 01, 2005 7:46 pm
Location: NeTHeRLaNDs
Contact:

Post by ultr-AL »

Thanks man. I will try to do everything to make the forum www.turkwarrior.org/forum save..

Thnaks..
Locked

Return to “2.0.x Support Forum”