Page 1 of 2

gokay turk hacker virus! help!

Posted: Wed Oct 19, 2005 12:30 pm
by massimomassimo
hi there, my forum www.tsnk.co.uk/phpBB2 has been hacked and wondered how i can solve this without losing all my posts? i have/had alot of important information on there and it seems to have erased all the posts but i have a feeling its just 'hidden' and can be recovered. i havnt done a back up before, yes i know that was stupid of me!!!

if you look on my website you can see that hes put up an image, soundfile, renamed my forum to 'hacked by gok-kay' and erased all posts except for polls (why!?!?!?!). i did a search on google and other peoples forums have been hacked (though not that many forums) and each forum has a different image/animation and some even a video file.

thank you very much for your help

Massimo

Posted: Wed Oct 19, 2005 12:40 pm
by massimomassimo
also, i cant log into administration.the button is missing,

Posted: Wed Oct 19, 2005 12:43 pm
by KevC
One thing to do is back up your databases and the config.php (this has the link info to the databases) file before you start.

You can get to the databases through phpmyadmin (in your server site control panel).

You can also install the starfox toolkit (linked in my sig) and make yourself an admin again and delete anyone who is an admin that shouldn't be.

Posted: Wed Oct 19, 2005 12:52 pm
by massimomassimo
ok , but what do you mean 'before i start' ? what should i be starting?

ill try what you said when i get home- im just at work! any other advice??

Posted: Wed Oct 19, 2005 12:59 pm
by KevC
Start fixing and updating.
You got hacked because you're on v2.0.11 and the current one is 2.0.17.

Basically what you can do is download the 2.0.17 version and upload everything except the config.php, install and contrib folders (you'll have to run the update_to_latest.php file in the changefile zip as well).

That will update the forum but you'll lose any MODs you have.

More info here
http://www.phpbb.com/kb/article.php?article_id=271

Posted: Wed Oct 19, 2005 4:56 pm
by Stung
Hi,

I've been hacked too. I think it's from some Turkish thing because of the language left on the messageboard. It is at http://www.flyingsams.com/forum. I would like to upgrade, but my board is heavily modded. Do I have to reinstall all the modifications when I upgrade? If I do, what is the easiest way to do so?

Thank you.

Posted: Wed Oct 19, 2005 5:15 pm
by KevC
You can get the change files from here
http://www.phpbb.com/phpBB/catdb.php?cat=48

Do stepwise upgrades eg 2.0.10>11 then 11>12 etc etc.

You can install them with easyMOD.

Posted: Wed Oct 19, 2005 5:21 pm
by Myztri
I too got this. It was an error on my part, by not noticing an upgrade, and by not having a backup file that would do any good.
I simply started over, but am now having an odd error.
The stupid thing deletes posts, and deleted the admin account. Nothing I could do without the proper files to restore, so i started fresh.

phpbb boards easily hacked

Posted: Wed Oct 19, 2005 5:56 pm
by Mike2737
There sure are a lot of hacked phpbb boards.

From what i've seen phpbb users are very easily susceptible to being hacked, for whatever reason. This is the only board i've ever used where every day i see a member posting about how he's been hacked.

This is frightening to a new user like myself.

:(

Re: phpbb boards easily hacked

Posted: Wed Oct 19, 2005 6:00 pm
by jwunderly
Mike2737 wrote: There sure are a lot of hacked phpbb boards.

From what i've seen phpbb users are very easily susceptible to being hacked, for whatever reason. This is the only board i've ever used where every day i see a member posting about how he's been hacked.

This is frightening to a new user like myself.

:(


There sure are a lot of people who just install a board and then never (or rarely) do any maintenance on it. All you have to do is keep updated. Sign up for the e-mail notification here under the Support Menu. When a new version is released, everyone who subscribes to the list gets notified.

Posted: Wed Oct 19, 2005 6:13 pm
by Myztri
I will be th first to admit that i got hacked for my failure t update and upgrade.

forum

Posted: Wed Oct 19, 2005 6:25 pm
by By_Korsan
ne varmı su an nette

Posted: Wed Oct 19, 2005 8:49 pm
by massimomassimo
ok, firstly thanks everyone for all your help. I have tried all this but i cant maintain all my old posts etc and i still get the hack when i reinstall and re upload the config file. is there any way to upload it all and get rid of this hacK?

Posted: Wed Oct 19, 2005 10:53 pm
by massimomassimo
ok, i basically reinstalled the forum, and now i have it all back up with my template, but just without all the posts and memberlists, so was just wondering how to get that back up without bringing the hack back up? i reuploaded my config file but that hasnt changed anything.... which files should i re upload? should the config file be making a difference?

Posted: Thu Oct 20, 2005 5:18 am
by Lumpy Burgertushie
massimomassimo wrote: ok, i basically reinstalled the forum, and now i have it all back up with my template, but just without all the posts and memberlists, so was just wondering how to get that back up without bringing the hack back up? i reuploaded my config file but that hasnt changed anything.... which files should i re upload? should the config file be making a difference?

the problem is that the hack is in your database, everytime you restore it, you get the hack back

go into the database and clean out the hacker stuff. it is usually in the forum descriptions or server name fields, check every single table and field for any html or javascript or anything else that is not supposed to be there,

also, check the phpbb folder for any files that are not part of phpbb, etc.

robert