Hacked by TeufeL and r0nin

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
kressevadder
Registered User
Posts: 48
Joined: Mon Apr 14, 2003 11:13 am
Contact:

Hacked by TeufeL and r0nin

Post by kressevadder »

Hallo,

ok, culpa mea - I was running phpBB 2.0.11...

On the weekend my board was "Hacked by TeufeL". All my postings (~2800) are deleted. I removed all the files from the server and stopped the forum.

I took a look at the files in my phpBB folder and found some files names "r0nin". It seems that the belong to the "santy" worm.

Im not sure if the "TeufelHack" and the r0nin executable are dealing in the same context - but I believe not.

The problem is, that I don't know, if I can use my database backups, because all the backups I've got, were made, when the r0nin was alredy in the serverdir.

Is there anyone who has more information?

Thanks Manfred
who_cares
Registered User
Posts: 5106
Joined: Fri Jan 14, 2005 11:04 pm
Location: ATL
Contact:

Post by who_cares »

you should check the site description/forum descriptions for any code the hacker may have hidden
then you can check the users table for extra admins/mods
Hynee
Registered User
Posts: 21
Joined: Sat Dec 25, 2004 6:58 am

Post by Hynee »

Yeah, all phpBB versions prior to 2.0.15 (if memory serves correctly) are vulnerable to the Santy Worm--you should upgrade to 2.0.18 when you reinstall, and learn to upgrade!

If your post data is toast you should probably just start afresh, because as the previous poster pointed out, if it isn't just the Santy Worm then someone could have stolen login details, or given themselves admin access.
kressevadder
Registered User
Posts: 48
Joined: Mon Apr 14, 2003 11:13 am
Contact:

Post by kressevadder »

Thanks for yor response,

I already installed 2.0.18 as a temporary forum - and be sure, I've learned my updating and backup lesson :wink:

I think, we will restart with an new forum, not a restore of the old one. In my old script were some own modifications. I will leave them out, so updates will be easyer in future.

I'll try to write an "export script" for the old postings and make a kind of digest.

Still a lot of work, but the LPIBoard will go on.

Thanks Manfred
Locked

Return to “2.0.x Support Forum”