My Forum is Hacked - Please Help - Urgent!!!

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
sunilvarma
Registered User
Posts: 83
Joined: Mon Apr 25, 2005 1:35 pm
Location: India
Contact:

My Forum is Hacked - Please Help - Urgent!!!

Post by sunilvarma » Fri Jan 13, 2006 6:31 pm

hi all

my forum (2.0.19) is hacked

i dont know how - but someone managed to delete the attachments from

the posts, put a few ........... in the topic title and in the post body

now i closed the forum and found 2 ips which caused the havoc

i tried to ban the ips range

will it take place immidiately or will it take some time?

can i open my forum now or should i keep it closed?

how actually can anyone do that??

any bug or a hole in the code??

please help - its urgent...........

:cry:
Using a mobile for calling only is like buying a car just for it's ashtray
Smart Phone Arena - Helping Smart Phone Users Worldwide

cfbmedia
Registered User
Posts: 21
Joined: Wed Jul 06, 2005 9:56 pm

Post by cfbmedia » Fri Jan 13, 2006 6:34 pm

The bannings will take place immediately.

Best bet is if they hacked it the only thing you would have to do is re-copy the "index.php" file back in your phpbb folder or whatever folder your forum is located.

(happened to me once, and that is all i had to do)

sunilvarma
Registered User
Posts: 83
Joined: Mon Apr 25, 2005 1:35 pm
Location: India
Contact:

Post by sunilvarma » Fri Jan 13, 2006 6:37 pm

they didnt hack my index page

they are just editing all the posts with attachments

i m gettin really tensed....
Using a mobile for calling only is like buying a car just for it's ashtray
Smart Phone Arena - Helping Smart Phone Users Worldwide

cfbmedia
Registered User
Posts: 21
Joined: Wed Jul 06, 2005 9:56 pm

Post by cfbmedia » Fri Jan 13, 2006 6:38 pm

sunilvarma wrote: they didnt hack my index page

they are just editing all the posts with attachments

i m gettin really tensed....


okay, something i havent dealt with...I am not a PHPBB guru by anymeans though...good luck.

RCP
I've Been Banned!
Posts: 188
Joined: Tue Jul 12, 2005 2:38 pm

Post by RCP » Fri Jan 13, 2006 6:46 pm

are you sure it is a hack? Because anyone that would hack it, would destroy it. Maybe the upgrade to .19 did not go according to plan? and files are currupt or damaged/missing ?

User avatar
zlisiecki
Registered User
Posts: 134
Joined: Fri Jan 25, 2002 1:38 pm
Location: Warsaw
Contact:

Post by zlisiecki » Fri Jan 13, 2006 6:52 pm

what phpbb version do you use ? the exact knowlegde is important for the community.

if somebody is writting your files and you don't have controll over it the best thing to do is reformat the disk !!!
yet before reformating make an exact copy, or just buy a new disk.
1. install www server (apache) chrooted
2. install mod_security
3. edit php.ini and exclude unneccessary functions
4. install newest phpbb version
5. ask users to change passwords
6. analyse the method of hacking
7. observe new forum and report here
8. disconnect dangerous IPs like some networs from china, taiwan, etc

sunilvarma
Registered User
Posts: 83
Joined: Mon Apr 25, 2005 1:35 pm
Location: India
Contact:

Post by sunilvarma » Fri Jan 13, 2006 6:55 pm

i updated to 2.0.19 a week ago

so thats not the prob

i just had this issue yesterday

but didnt observe it

today more damage was done - so i realised

and one more thing

in the forum permissions - i set edit status to REG

does that mean all regd user can edit or only the poster can edit?

please help...

thanks in advance

:(
Using a mobile for calling only is like buying a car just for it's ashtray
Smart Phone Arena - Helping Smart Phone Users Worldwide

RCP
I've Been Banned!
Posts: 188
Joined: Tue Jul 12, 2005 2:38 pm

Post by RCP » Fri Jan 13, 2006 6:59 pm

only the poster can edit a post. It sounds like a bad sql table, or a problem with the way something was copied or a mod gone wrong. I very much doubt it is hacked sorry to say. I can understand how you think so. Try replacing the files that are damaged, and reopen it. Keep the ips banned if it pleases you but i imagine you will be ok.

what is your forum, or what is the screen shots of the problems

User avatar
Jim_UK
Former Team Member
Posts: 18478
Joined: Tue Oct 12, 2004 5:36 pm
Location: Darwen N.West UK

Post by Jim_UK » Fri Jan 13, 2006 7:05 pm

zlisiecki wrote: what phpbb version do you use ? the exact knowlegde is important for the community.

if somebody is writting your files and you don't have controll over it the best thing to do is reformat the disk !!!
yet before reformating make an exact copy, or just buy a new disk.
1. install www server (apache) chrooted
2. install mod_security
3. edit php.ini and exclude unneccessary functions
4. install newest phpbb version
5. ask users to change passwords
6. analyse the method of hacking
7. observe new forum and report here
8. disconnect dangerous IPs like some networs from china, taiwan, etc


What is all this about?
Reformat the disk! Buy a new disk!

Please ignore this advice and read this http://www.phpbb.com/phpBB/viewtopic.php?t=343745

Jim
The truth is out there.
Unfortunately they will not let you anywhere near it!

sunilvarma
Registered User
Posts: 83
Joined: Mon Apr 25, 2005 1:35 pm
Location: India
Contact:

Post by sunilvarma » Fri Jan 13, 2006 7:06 pm

thanks a lot Jim_UK

i posted a support request to the IIT

hope this helps...
Last edited by sunilvarma on Fri Jan 13, 2006 7:14 pm, edited 1 time in total.
Using a mobile for calling only is like buying a car just for it's ashtray
Smart Phone Arena - Helping Smart Phone Users Worldwide

User avatar
Jim_UK
Former Team Member
Posts: 18478
Joined: Tue Oct 12, 2004 5:36 pm
Location: Darwen N.West UK

Post by Jim_UK » Fri Jan 13, 2006 7:12 pm

Please read this http://www.phpbb.com/phpBB/viewtopic.php?t=343745
For users that believe their boards have been compromised there is a new team that investigates.

Jim
The truth is out there.
Unfortunately they will not let you anywhere near it!

igeoffi
Registered User
Posts: 153
Joined: Wed Jun 01, 2005 10:39 pm

Post by igeoffi » Fri Jan 13, 2006 7:15 pm

8. disconnect dangerous IPs like some networs from china, taiwan, etc

umm
actually
the more well noted hackers are from europe and russia :)
no need to be racist

User avatar
Jim_UK
Former Team Member
Posts: 18478
Joined: Tue Oct 12, 2004 5:36 pm
Location: Darwen N.West UK

Post by Jim_UK » Fri Jan 13, 2006 7:18 pm

The correct advice has been given in my previous post(s) There is now an incident investigation team.

Locked
The truth is out there.
Unfortunately they will not let you anywhere near it!

Locked

Return to “2.0.x Support Forum”