running 2.0.10 and got hacked by "Hacked By SecretlyX&q

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
Leythos
Registered User
Posts: 5
Joined: Sat Dec 13, 2003 9:34 pm

running 2.0.10 and got hacked by "Hacked By SecretlyX&q

Post by Leythos »

I had a single board running 2.0.10 and got hacked, yea, I know, it was my fault for not installing the latest versions over the last months...

I made a copy of the mdb (access) file and then wiped the files (all of them) and did a fresh install of 2.0.17 and did a quick setup for the site, name, email, etc... Then I opened the new MDB file and the old MDB file, found where they inserted their links, changed them back, then copied the user, posts, etc... tables (just the ones with groups, users, posts, topics) to the new database....

It all seems to work like it did on the old version - didn't lose any data. I deleted all the users and set all areas to REGISTERED in order to post/reply/delete and it requires an ADMIN to allow one to register.

Any idea if I need to do anything else?

What this a hack of the phpbb code or a hack of PHP itself?
User avatar
Lumpy Burgertushie
Registered User
Posts: 68279
Joined: Mon May 02, 2005 3:11 am
Contact:

Post by Lumpy Burgertushie »

well, what you did doesn't make any sense to me, but if it is working the way you want, then that is fine.

the hackers got in by phpbb most likely, that version you had is 7 versions and a year or more out of date. phpbb is no different than windows, the more popular a software is , the more hackers are going to attack it and the more the developers have to stay on their toes and come out with new versions.


just get on the mailing list and keep updated.

also,
if you get very popular , like more than 10 or 20 usuers at a time, that access database is not going to work any more.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
Leythos
Registered User
Posts: 5
Joined: Sat Dec 13, 2003 9:34 pm

Post by Leythos »

Yep, I was aware it was outdated, I mentioned that. What I would like to know about is if the hack was due to a phpbb exploit or a exploit in PHP itself. We have about 80 sites (only 2 boards) on the server running IIS6/.net and have never had a problem with any of the IIS/.Net sites, but we design the sites and apps ourselves.

phpbb is the only thing we've not designed ourselves, so that was the point of my asking - we also don't use PHP except for phpbb. So, do you know if it was a exploit of phpbb or PHP that let them compromise it.

Also, as for MS Access, we're just use the site for friends and such, nothing where we would have more than 2 or 3 at a time. I would love to setup on MS SQL server as we have several of those licensed with processor licenses that would be very nice.
p3980
Registered User
Posts: 1311
Joined: Sat Jul 23, 2005 5:02 pm

Post by p3980 »

Leythos wrote: Yep, I was aware it was outdated, I mentioned that. What I would like to know about is if the hack was due to a phpbb exploit or a exploit in PHP itself. We have about 80 sites (only 2 boards) on the server running IIS6/.net and have never had a problem with any of the IIS/.Net sites, but we design the sites and apps ourselves.

phpbb is the only thing we've not designed ourselves, so that was the point of my asking - we also don't use PHP except for phpbb. So, do you know if it was a exploit of phpbb or PHP that let them compromise it.

Also, as for MS Access, we're just use the site for friends and such, nothing where we would have more than 2 or 3 at a time. I would love to setup on MS SQL server as we have several of those licensed with processor licenses that would be very nice.


It was most likely hacked through phpBB
Support Request Template <> Knowledge Base<>starfoxtj's Admin Toolkit
Member of the Unofficial Forum for phpBB.com Supporters
Image
User avatar
Lumpy Burgertushie
Registered User
Posts: 68279
Joined: Mon May 02, 2005 3:11 am
Contact:

Post by Lumpy Burgertushie »

Leythos wrote: Yep, I was aware it was outdated, I mentioned that. What I would like to know about is if the hack was due to a phpbb exploit or a exploit in PHP itself. We have about 80 sites (only 2 boards) on the server running IIS6/.net and have never had a problem with any of the IIS/.Net sites, but we design the sites and apps ourselves.

phpbb is the only thing we've not designed ourselves, so that was the point of my asking - we also don't use PHP except for phpbb. So, do you know if it was a exploit of phpbb or PHP that let them compromise it.

Also, as for MS Access, we're just use the site for friends and such, nothing where we would have more than 2 or 3 at a time. I would love to setup on MS SQL server as we have several of those licensed with processor licenses that would be very nice.

well, mysql is free and works very well on your servers, and is really what phpbb was written for I think.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
mfest
Registered User
Posts: 18
Joined: Sat Mar 20, 2004 5:36 am
Location: New Jersey, USA
Contact:

Post by mfest »

I too was hacked by this same idiot and it was only the forum page, no other parts of my website. I did a google search on this guy and found a lot of site hacked by this same @$$. All phpbb sites and many without the latest versions installed. I had several board running and the one that got hacked was (i think) 2.0.08
Learning to fly is easy, just throw yourself at the ground and miss.
idotcom
Registered User
Posts: 3
Joined: Wed Oct 19, 2005 9:07 pm

Post by idotcom »

My forum was hacked too.

The a55 changed two values in the database. Replacing the values with javascript redirect.

The two values are:

phpbb_config: server_name
phpbb_categories: cat_title

How this happened, I am not sure yet. I think it was injected with a form field. So my thought is that the phpbb form processing has a flaw, allowing injection. I too am using an older version, but will update to see if it happens again.


Hope this helps... at first I thought it was all gone. But if you just login to your database and change those values (might be others... try searching all of your phpbb tables for part of the url injected, in my case "secretlyx" and change the values).


Goodluck! :)
User avatar
Lumpy Burgertushie
Registered User
Posts: 68279
Joined: Mon May 02, 2005 3:11 am
Contact:

Post by Lumpy Burgertushie »

as has been said many times, those exploits were closed several versions ago. you have to stay updated with this software just like you do any other.

when something is as popular as phpbb is, then the hackers stay at it.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
mfest
Registered User
Posts: 18
Joined: Sat Mar 20, 2004 5:36 am
Location: New Jersey, USA
Contact:

Post by mfest »

as has been said many times, those exploits were closed several versions ago. you have to stay updated with this software just like you do any other.


Very true, and even those who get very little traffic on their boards (like me) could learn from the experience.
Learning to fly is easy, just throw yourself at the ground and miss.
Locked

Return to “2.0.x Support Forum”