Did I get hacked?!? -*Ipowerweb issue:Hack or MYsql problem?

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
beatme101
Registered User
Posts: 2866
Joined: Sat Jan 01, 2005 6:20 am
Location: The country cold comes from; Canada.
Contact:

Post by beatme101 » Fri Jul 01, 2005 8:15 pm

It does seem like a hack. If that is indeed the case, I recomment not using that host any more. A host that does not know how to use open_basedir (which is a php.ini command that prevents hosting clients from using php to access outside of their own folders), is not a secure host. ;)

EDIT: Take note that I am not saying the fault is phpbb, but a php restriction.

Katie Pie
Registered User
Posts: 165
Joined: Fri Apr 25, 2003 10:52 pm
Location: Bollnäs, Sweden
Contact:

Post by Katie Pie » Fri Jul 01, 2005 8:17 pm

Like I said, this can't be only iPowerWeb, because I have the exact same problem and my host is StartLogic.

Brandyn
Registered User
Posts: 43
Joined: Fri Apr 18, 2003 10:46 pm
Contact:

Post by Brandyn » Fri Jul 01, 2005 8:18 pm

So your saying there is a guy going around hacking every phpbb site he can find? Mine doesnt even show up on search engines unless you type in the exact name. So that cant be it.

ExtremeGL
Registered User
Posts: 207
Joined: Sun Jun 05, 2005 12:05 am
Location: the North Pole!
Contact:

Post by ExtremeGL » Fri Jul 01, 2005 8:23 pm

Yeah, definitely a hack. Why would anything else change our files to say that...Jeez...just what I needed!!! Here's what my board says:
Warning: main(./includes/template.php): failed to open stream: Permission denied in /home/extremeg/public_html/common.php on line 193

Warning: main(./includes/template.php): failed to open stream: Permission denied in /home/extremeg/public_html/common.php on line 193

Warning: main(): Failed opening './includes/template.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/extremeg/public_html/common.php on line 193

Warning: main(./includes/db.php): failed to open stream: Permission denied in /home/extremeg/public_html/common.php on line 197

Warning: main(./includes/db.php): failed to open stream: Permission denied in /home/extremeg/public_html/common.php on line 197

Warning: main(): Failed opening './includes/db.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/extremeg/public_html/common.php on line 197

Fatal error: Call to a member function on a non-object in /home/extremeg/public_html/common.php on line 217


And my other board says:
Warning: Unknown(/home/extremeg/public_html/seinfeld/index.php): failed to open stream: Permission denied in Unknown on line 0

Warning: Unknown(/home/extremeg/public_html/seinfeld/index.php): failed to open stream: Permission denied in Unknown on line 0

Warning: (null)(): Failed opening '/home/extremeg/public_html/seinfeld/index.php' for inclusion (include_path='.:/usr/local/lib/php') in Unknown on line 0


Two different things, or likely the same?
--Alex--
Merry Christmas!

CSA_E_Law
Registered User
Posts: 40
Joined: Tue Jan 27, 2004 1:36 am

Post by CSA_E_Law » Fri Jul 01, 2005 8:23 pm

not sure but the 2nd error is what the majority of us have.

glenncvance
Registered User
Posts: 7
Joined: Fri Jul 01, 2005 7:30 pm

Post by glenncvance » Fri Jul 01, 2005 8:24 pm

My brother-in-law works for Ipowerweb and this is what they're sending internally to everyone -
Everyone, we have an issue with PHP based apps.

If customers come in with issues, please communicate the following:

We have noticed that some PHP based applications are failing during normal operation. Our server administrators are investigating this issue and are working to resolve this matter as quickly as possible. We apologize for any inconvenience this has caused. We have no estimated time of repair to provide at this time.


He's attempting to reassure me, but I'm still a little worried.

CSA_E_Law
Registered User
Posts: 40
Joined: Tue Jan 27, 2004 1:36 am

Post by CSA_E_Law » Fri Jul 01, 2005 8:25 pm

its 7-9 files, once they close the hole and fix the files we can move on. Its not as hard as it looks.

And as i mentioned, nothing was done to the databases.

ExtremeGL
Registered User
Posts: 207
Joined: Sun Jun 05, 2005 12:05 am
Location: the North Pole!
Contact:

Post by ExtremeGL » Fri Jul 01, 2005 8:26 pm

So our boards will be restored to normal, right?
--Alex--
Merry Christmas!

glenncvance
Registered User
Posts: 7
Joined: Fri Jul 01, 2005 7:30 pm

Post by glenncvance » Fri Jul 01, 2005 8:30 pm

ExtremeGL wrote: So our boards will be restored to normal, right?


Now he didn't say that, but he's watching the situation (he's in sales for them). If I hear more from him I'll post, but it will probably be official party-line type stuff.

My guess is that they'll attempt to push out some sort of patch for the problem since we're not supposed to have to upgrade our phpbb software.
Last edited by glenncvance on Fri Jul 01, 2005 8:32 pm, edited 1 time in total.

iNfLuX
Registered User
Posts: 108
Joined: Thu Jul 10, 2003 2:55 pm
Contact:

Post by iNfLuX » Fri Jul 01, 2005 8:32 pm

i just have the same proble and it just started today... i use ipowerweb as well...

blykmik
Registered User
Posts: 40
Joined: Sat Jun 18, 2005 4:38 am
Contact:

Post by blykmik » Fri Jul 01, 2005 8:32 pm

This chat with Max T. from ipowerweb can be added to what we now know:
Please wait for a site operator to respond.
Chat Information You are now chatting with 'Max T.'
Max T.: Welcome to iPower HelpChat. How may I help you?
Mike: Apparently my forums have been hacked?
Max T.: hello Mike
Max T.: We have noticed that some PHP based applications are failing during normal operation. Our server administrators are investigating this issue and are working to resolve this matter as quickly as possible. We apologize for any inconvenience this has caused. We have no estimated time of repair to provide at this time.
Mike: Can you tell me what is going on? And how to get back up and running?
Mike: There was a specific message in my files (which have had their permissions changed to 000 and all contents deleted) There is the message "upgrade this script. This script could be exploited"...
Max T.: We have experienced some technical issues on this server that might have caused this problem We have been advised that the problem has been isolated and that the issue would be solved soon. For quality's sake, our admins tend to spend a slightly longer time investigating the root cause of an issue to completely fix it, rather than merely applying a temporary/unsafe fix, we've taken every possible step to ensure that this does not happen again.
Mike: That is fine, but can you explain the message "upgrade this script. This script could be exploited"? this isn't a server error or anything... someone actually got access to my files and changed them. I need to know if my directories are not secure at ipowerweb.
Max T.: Mike those permissions are set by our system administrators and no one else can make changes to your files and make them 000 only our system administrators
Mike: OK... So then it was the server administrators who left me that message in the files then?
Max T.: Yes
Mike: So is it reasonable to expect that you will eventually be able to restore my forums to the state they were in before this issue?
Max T.: Yes Mike Please allow the system administrators to investigate the issue . :)
Max T.: Is there anything else I can help you with?
Mike: You got it... I just wanted to get an official response from you. I just set up my forums yesterday and had a lot of new users in the process of signing up and creating topics... it is causing some issues for me now... But thank you for your help. I guess i'll keep checking back. I assume there is nothing I will have to do... this will just fix itself?
Max T.: You can place in a request to be notified via email at http://contactipower.com
Mike: Thanks Max... Have a good day, I appreciate your support.


You be the judge.

CSA_E_Law
Registered User
Posts: 40
Joined: Tue Jan 27, 2004 1:36 am

Post by CSA_E_Law » Fri Jul 01, 2005 8:32 pm

ExtremeGL wrote: So our boards will be restored to normal, right?


well, all you need is to be given permission to change those 7 files(just reupload them)

I have already seen this from ipowerweb
We have made a change to the way vDeck installs applications. Your existing applications have not been touched and are still functioning normally. You may access them here or by clicking on "Legacy Applications" under the Applications heading in the vDeck menu.


which just was added 30 seconds ago lol.

CSA_E_Law
Registered User
Posts: 40
Joined: Tue Jan 27, 2004 1:36 am

Post by CSA_E_Law » Fri Jul 01, 2005 8:35 pm

blykmik wrote: This chat with Max T. from ipowerweb can be added to what we now know:
Please wait for a site operator to respond.
Chat Information You are now chatting with 'Max T.'
Max T.: Welcome to iPower HelpChat. How may I help you?
Mike: Apparently my forums have been hacked?
Max T.: hello Mike
Max T.: We have noticed that some PHP based applications are failing during normal operation. Our server administrators are investigating this issue and are working to resolve this matter as quickly as possible. We apologize for any inconvenience this has caused. We have no estimated time of repair to provide at this time.
Mike: Can you tell me what is going on? And how to get back up and running?
Mike: There was a specific message in my files (which have had their permissions changed to 000 and all contents deleted) There is the message "upgrade this script. This script could be exploited"...
Max T.: We have experienced some technical issues on this server that might have caused this problem We have been advised that the problem has been isolated and that the issue would be solved soon. For quality's sake, our admins tend to spend a slightly longer time investigating the root cause of an issue to completely fix it, rather than merely applying a temporary/unsafe fix, we've taken every possible step to ensure that this does not happen again.
Mike: That is fine, but can you explain the message "upgrade this script. This script could be exploited"? this isn't a server error or anything... someone actually got access to my files and changed them. I need to know if my directories are not secure at ipowerweb.
Max T.: Mike those permissions are set by our system administrators and no one else can make changes to your files and make them 000 only our system administrators
Mike: OK... So then it was the server administrators who left me that message in the files then?
Max T.: Yes
Mike: So is it reasonable to expect that you will eventually be able to restore my forums to the state they were in before this issue?
Max T.: Yes Mike Please allow the system administrators to investigate the issue . :)
Max T.: Is there anything else I can help you with?
Mike: You got it... I just wanted to get an official response from you. I just set up my forums yesterday and had a lot of new users in the process of signing up and creating topics... it is causing some issues for me now... But thank you for your help. I guess i'll keep checking back. I assume there is nothing I will have to do... this will just fix itself?
Max T.: You can place in a request to be notified via email at http://contactipower.com
Mike: Thanks Max... Have a good day, I appreciate your support.


You be the judge.


GREAT POST.

that says it all, they found the files hacked then THEY locked us out.

Lee Deeming
Registered User
Posts: 143
Joined: Sat Jan 29, 2005 12:55 am

Post by Lee Deeming » Fri Jul 01, 2005 8:38 pm

No.. it says they made a cock-up.

doriath_FK
Registered User
Posts: 5
Joined: Fri Jul 01, 2005 7:31 pm

Post by doriath_FK » Fri Jul 01, 2005 8:39 pm

CSA_E_Law wrote:
We have made a change to the way vDeck installs applications. Your existing applications have not been touched and are still functioning normally. You may access them here or by clicking on "Legacy Applications" under the Applications heading in the vDeck menu.


which just was added 30 seconds ago lol.


No, not really. I saw this message for a while, then it dissapeared... Also, phpmyadmin changed back to its older version yesterday.

Locked

Return to “2.0.x Support Forum”