WTF This is getting the be total bullshit

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
donmega
Registered User
Posts: 66
Joined: Wed Aug 31, 2005 4:52 am

WTF This is getting the be total bullshit

Post by donmega »

Why is it that once a month my website gets hacked?

Im really starting to think phpbb has more loopholes then windows xp.
I can now see why people switch to that crappy invision board garbage, probably because they kept finding their website hacked every month like me.

Ill post my site URL if I can.

heres were you will go if you try to go to my site, http://www.black-port.org/hacked.htm

How awesome IS THAT !!! WOOOOHOOOOOOO


If anyone knows the fix for this lemme know please, I have delt with tons of other hacks but not this one.

Thanks in advance
MarkTheDaemon
Former Team Member
Posts: 2771
Joined: Thu Oct 20, 2005 2:42 am
Location: United Kingdom
Name: Mark Barnes

Post by MarkTheDaemon »

Are you on the latest version of phpBB?


2.0.18


mark
donmega
Registered User
Posts: 66
Joined: Wed Aug 31, 2005 4:52 am

Post by donmega »

I cant even log in to check but I think I am, I guess I will just say scrap all my mods and themes and go ahead and do an update to the latest and hope it fixes the problem.
donmega
Registered User
Posts: 66
Joined: Wed Aug 31, 2005 4:52 am

Post by donmega »

I did an update to latest patch and no luck.

Guess I will try the other update :(

damn damn damn
donmega
Registered User
Posts: 66
Joined: Wed Aug 31, 2005 4:52 am

Post by donmega »

No luck.

Anyone have any clue where this redirect could possibly be hidden ?

Thanks
The Techboy
Registered User
Posts: 207
Joined: Tue May 04, 2004 7:37 pm

Post by The Techboy »

Does every single page redirect? If so, page_header.php, overall_header.tpl ....
Eat recycled food. It's good for the environment and OK for you.
donmega
Registered User
Posts: 66
Joined: Wed Aug 31, 2005 4:52 am

Post by donmega »

Yes every page redirects, checked Page_header.php and all of the Overall_header.php files in my themes.

No luck so far
cybrid23
Former Team Member
Posts: 9877
Joined: Wed Jun 29, 2005 5:55 am
Location: Somewhere in the Midwest...

Post by cybrid23 »

May want to access your database and check the forum descriptions...Could be in there too...

Why is it that once a month my website gets hacked?


Have you checked your site for backdoors left by the hackers, extra admin acocunts in the database, unknown/unrecognized files on your website?

Is your host up to date on their security measures? Could be their getitng in from the host side. Are you on a shared hosting plan? They could be getting in from another board who has not updated thereby giving them access to everyones board, updated or not....

Too many variables to say they used phpbb to get to your site. Once a site/host is compromised, it can be a bugger to make it secure again.
---Never leave home without a towel and your peril sensitive sunglasses.
---Do Not PM Me For Support. It will go unanswered.
Thanks.
The Techboy
Registered User
Posts: 207
Joined: Tue May 04, 2004 7:37 pm

Post by The Techboy »

Okay if it is indeed in the files, then you'll want to:
-> Delete all of your forum exclduing config.php. ALL of it.
-> Reupload 2.0.18 vanilla.

That works, hmm?
Eat recycled food. It's good for the environment and OK for you.
Fnarg
Registered User
Posts: 1
Joined: Fri Nov 04, 2005 9:20 pm

Post by Fnarg »

What they've probably done (I am familiar with the black-port thing) is changed some of the variables in the database, such as the name of the forum, and/or some or all of the sub forum names or categories to a javascript that redirects the user to their site.

Check the database tables like phpbb_config's value for "sitename" and see if it's been changed to a script.
donmega
Registered User
Posts: 66
Joined: Wed Aug 31, 2005 4:52 am

Post by donmega »

Checked for unknown/unrecognized, extra admin accounts in phpmyadmin, and forum descriptions. All looks well.

Guess its a complete reinstall and loosing everything except my member list hopefully, im near 3k members now so that would definetly blow.
donmega
Registered User
Posts: 66
Joined: Wed Aug 31, 2005 4:52 am

Post by donmega »

Fnarg wrote: What they've probably done (I am familiar with the black-port thing) is changed some of the variables in the database, such as the name of the forum, and/or some or all of the sub forum names or categories to a javascript that redirects the user to their site.

Check the database tables like phpbb_config's value for "sitename" and see if it's been changed to a script.


BAM, that was it, but they changed more then just those, trying to find the rest now.

Hopefully I can fix all this.

How do you guys think they got into my sql database and what can I do about it ?

thanks
donmega
Registered User
Posts: 66
Joined: Wed Aug 31, 2005 4:52 am

Post by donmega »

Ok now when I click on forum admin / managment it does the redirect in there.

Any clue where that one is ?

Thanks
The Techboy
Registered User
Posts: 207
Joined: Tue May 04, 2004 7:37 pm

Post by The Techboy »

It was done because you used an old version of phpbb or an insecure password - nothing else to be said about that.
Eat recycled food. It's good for the environment and OK for you.
donmega
Registered User
Posts: 66
Joined: Wed Aug 31, 2005 4:52 am

Post by donmega »

Got it, last one was in phpbb_catagorys

Thanks for all your help.

Now I can take a nap :)
Locked

Return to “2.0.x Support Forum”