phpbb hacked

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
r4y-fx
Registered User
Posts: 12
Joined: Wed Dec 21, 2005 9:46 am

phpbb hacked

Post by r4y-fx »

Last night 4.30am (GMT Time) my forum got hacked.

We have been security updates etc on the forum everytime there is an update

I am just wondering has anyone seen this type of hack before?

http://www.westlothiancruise.co.uk/imag ... e_hack.jpg

We use usergroups (our admin team was on one) Our entire Admin team was deleted, and the skin I was using removed.

Our forum is now back up and running although I am interested in knowing how this was done. It seems to be an isolated incident as they did not attack anything bar my phpbb forum.

I have other things running off mySQL database which is also used for the site.

Could anyone shed more light on this?
Last edited by r4y-fx on Thu Dec 22, 2005 1:27 pm, edited 1 time in total.

Snapdragon
Registered User
Posts: 85
Joined: Fri Apr 04, 2003 3:45 pm
Location: Edmonton, Alberta
Contact:

Post by Snapdragon »


r4y-fx
Registered User
Posts: 12
Joined: Wed Dec 21, 2005 9:46 am

Post by r4y-fx »

Technie-Micheal states
It should be noted that this does not affect users on 2.0.18.


Is this untrue?

r4y-fx
Registered User
Posts: 12
Joined: Wed Dec 21, 2005 9:46 am

Post by r4y-fx »

You can lock this topic now please found my issue

camweh
Registered User
Posts: 128
Joined: Thu Dec 09, 2004 1:58 am

Post by camweh »

Would be helpful if you added (Resolved) to the subject heading and explained. The same thing might recur and we'll be all the wiser.

User avatar
Lumpy Burgertushie
Registered User
Posts: 67398
Joined: Mon May 02, 2005 3:11 am
Contact:

Post by Lumpy Burgertushie »

it would be more helpful, if you would change the title , since it was not .18 that got hacked, this type of thing panics people and then we spend days, calming them down.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?

r4y-fx
Registered User
Posts: 12
Joined: Wed Dec 21, 2005 9:46 am

Post by r4y-fx »

I thought I resolved this issue as I thought it was an internal issue (one of my admin's msn got hacked)

But it has just happened again (same issue)

As I said before I am running 2.0.18

User avatar
-jm-
Former Team Member
Posts: 2025
Joined: Fri Jul 16, 2004 10:56 am
Location: Inside the mind of the machine
Contact:

Post by -jm- »

do you have html enabled in your forum?
Did someone posted nested url bbcode in your forum during the last days?
Could you provide a list of MODs installed?
What is your PHP version?
-jm- (a.k.a. juanm) - *NO* private support
Hacked?
With so many beautiful colors in the world it’s a shame to make everything black and white - Dennis R. Little
my links: tips&stuff :: stuff only

User avatar
jwunderly
Registered User
Posts: 5740
Joined: Sun Mar 30, 2003 2:18 pm
Location: Easton, PA (in the groove)

Post by jwunderly »

-jm- wrote: do you have html enabled in your forum?
Did someone posted nested url bbcode in your forum during the last days?
Could you provide a list of MODs installed?
What is your PHP version?


Shoot the works and copy the Support Request Template body into a reply to this topic and complete it as fully as possible, so that we may provide assistance.
John (A cranky old man. "Looking for an echo ...")
using any control-panel install/update is like shooting yourself in the foot. It won't kill you, but you're really going to hobble around until it heals.
Using the wrong tools (Front Page, DreamWeaver) gives the same results
Do not PM me for Support!

r4y-fx
Registered User
Posts: 12
Joined: Wed Dec 21, 2005 9:46 am

Post by r4y-fx »

-jm- wrote: do you have html enabled in your forum?
Did someone posted nested url bbcode in your forum during the last days?
Could you provide a list of MODs installed?
What is your PHP version?


No html embedded

No MOD's

No nested bbcode

php-4.3.11-2.8

cybrid23
Former Team Member
Posts: 9877
Joined: Wed Jun 29, 2005 5:55 am
Location: Somewhere in the Midwest...
Contact:

Post by cybrid23 »

One question:
We have been security updates etc on the forum everytime there is an update


Does that mean you have only applied the security updates, or have you done the complete update packages? How exactly do you update your board?

(ok,ok. That's two questions)
---Never leave home without a towel and your peril sensitive sunglasses.
---Do Not PM Me For Support. It will go unanswered.
Thanks.

r4y-fx
Registered User
Posts: 12
Joined: Wed Dec 21, 2005 9:46 am

Post by r4y-fx »

cybrid23 wrote: One question:
We have been security updates etc on the forum everytime there is an update


Does that mean you have only applied the security updates, or have you done the complete update packages? How exactly do you update your board?

(ok,ok. That's two questions)


We do the updates via server side by patching it

Taipo
Registered User
Posts: 174
Joined: Fri Jan 07, 2005 9:25 pm
Contact:

Post by Taipo »

We use usergroups (our admin team was on one) Our entire Admin team was deleted, and the skin I was using removed.


Best to start with the basics, how many adminstrators do you have on your board? So far deleting a usergroup, users and removing a theme are all actions a user with administration rights can do.

If you have more than one administrator, get all the administrators to change their passwords. Sounds a bit basic but it looks like a bit of animosity going on between the two sites and it could be possible that through some form of social engineering someone has managed to either get their username changed to administrator status or they have the password of one of the administrators.

Check to make sure no other username has administrator status. All that sort of thing, just eliminate it all as possibilities.

Locked

Return to “2.0.x Support Forum”