Page 1 of 1

MY SITE GOT HACKED AGAIN USING PHPBB 2.0.19

Posted: Sun Apr 02, 2006 4:44 pm
by xmutan
hello, i just overwrite my old 2.0.6 files to 2.0.19 files, and now i got hacked AGAIN.

all of my members post messege, doubled.

can anyone help me?

my forum is http://www.modifikasi.com/forum/

Posted: Sun Apr 02, 2006 4:46 pm
by Marshalrusty
So, did you get backed? Or is the problem that the posts are coming out double?

If you were previously hacked, there could be back doors in the database from before yo loaded the 2.0.19 files. Since the IIT doesn't deal with 2.0.6, I suggest you load up the Admin Toolkit and run a secuirty scan.

Posted: Sun Apr 02, 2006 4:51 pm
by karlsemple
As you are sure you have upgraded correctly to 2.0.19 you will really need report this to the IIT http://www.phpbb.com/support/incidents/

Posted: Sun Apr 02, 2006 5:04 pm
by xmutan
i have run admin toolkit, all forum are clear.

Posted: Sun Apr 02, 2006 5:06 pm
by xmutan
just before the post message doubled, there is fffffff in viewforum, below the forum title, and before that "ffffff" things, many post are gone, from 120.000 to 90.000 (i disable my auto prune)

example of the hack:

Code: Select all

i have run admin toolkit, all forum are clear.


i have run admin toolkit, all forum are clear.
all of the post become doubled.[/code]

Posted: Sun Apr 02, 2006 5:09 pm
by xmutan
and before that, 2 days ago when i still using 2.0.6 with 2.0.19 db patch, i got hacked, autoprune is set to 1 days, my post from 220.000 become 120.000, today that i overwrite all my files to 2.0.19, and got HACKED AGAIN.

could someone help me??

Posted: Sun Apr 02, 2006 6:54 pm
by espicom
When you restored your database, did you run the toolkit against it again? It is quite possible that the old backup contained extra admins - you could have been attacked some time ago, and they waited a while to make the attack obvious. Then, when you restored the older backup, the back door was put back in...

Posted: Sun Apr 02, 2006 7:55 pm
by xmutan
i didn't backup and restore the db, first, i install new fresh phpBb 2.0.19 using fantastico in /forum2/ folder then i install all the Mod i need, after that, I rename it from /forum2/ to /forum/ and the old /forum/ i renamed it into /forum_backup/ and then copy the config.php from old forum files (2.0.6) to the new forum files (2.0.19)

so i don't make any changes to the DB.

Posted: Sun Apr 02, 2006 7:57 pm
by karlsemple
xmutan wrote: i didn't backup and restore the db, first, i install new fresh phpBb 2.0.19 using fantastico in /forum2/ folder then i install all the Mod i need, after that, I rename it from /forum2/ to /forum/ and the old /forum/ i renamed it into /forum_backup/ and then copy the config.php from old forum files (2.0.6) to the new forum files (2.0.19)

so i don't make any changes to the DB.



same applies, your still using a database which could have been compromised back when you were running 2.0.6...please follow the advice you are being given otherwise i will have to lock this and refer you to the IIT :)

Posted: Sun Apr 02, 2006 8:09 pm
by Lumpy Burgertushie
bottom line here is that 2.0.19 did not get hacked.

your problems apparently come from an improper update and or hacker files left over from before, or just mistakes made by you or someone else.

if there were any hacks out there for 2.0.19 don't you think that we would have heard of them by now?

I haven't seen one yet that is strictly a hack of the 2.0.19 files.


robert

Posted: Mon Apr 03, 2006 10:40 am
by xmutan
is there any way to backup the username and the password only?

could anyone fixed my forum?

thanks